[英]Interacting with a Service from Internet Explorer
I am attempting to have IE9 interact with a COM service (created using Visual Studio 2010's wizard) while running in protected mode. 我试图让IE9在保护模式下运行时与COM服务(使用Visual Studio 2010的向导创建)进行交互。 If I run the service as admin rather than registering it as a service, my BHO's call to
spUnk.CoCreateInstance
returns S_OK
(I am watching AtlTrace's output). 如果我以管理员身份运行服务而不是将其注册为服务,我的BHO对
spUnk.CoCreateInstance
的调用将返回S_OK
(我正在观看AtlTrace的输出)。 The BHO is also able to successfully call spUnk.CoCreateInstance
if IE is running as admin. 如果IE以管理员身份运行,BHO也能成功调用
spUnk.CoCreateInstance
。 However, if I register and run service as an actual service and run IE in protected mode, spUnk.CoCreateInstance
returns 0x80070005
(access denied). 但是,如果我将服务注册并作为实际服务运行并在受保护模式下运行IE,则
spUnk.CoCreateInstance
将返回0x80070005
(拒绝访问)。 I know that IE is at least able to find the service as I get other errors if the service is not registered or if it is registered but set to "Disabled" via services.msc. 我知道IE至少能够找到服务,因为如果服务没有注册或者注册了但是通过services.msc设置为“Disabled”,我会收到其他错误。
Is there a way to modify the service, BHO, or registry so that the call to spUnk.CoCreateInstance
succeeds? 有没有办法修改服务,BHO或注册表,以便调用
spUnk.CoCreateInstance
成功?
Relevant Code: 相关守则:
Registry entries (per MSDN: Starting Processes from Protected Mode ): 注册表项(根据MSDN:从保护模式启动进程 ):
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\
Low Rights\ElevationPolicy\{89091D9A-1F9A-4721-993B-D72C2333AAD1}]
"AppName"="tstsrv.exe"
"AppPath"="C:\\path\\tstsrv\\Debug"
"Policy"=dword:00000003
"CLSID"="{90719221-2DE2-45c2-B8CB-2018C4D66C48}"
BHO Code used to call the service ( hr = spUnk.CoCreateInstance(CLSID_tstsrv);
is the line having problems): 用于调用服务的BHO代码(
hr = spUnk.CoCreateInstance(CLSID_tstsrv);
是有问题的行):
MyAddin::SetSite(IUnknown *pUnkSite) {
//...
GUID CLSID_tstsrv = { 0x90719221, 0x2de2, 0x45c2, { 0xb8, 0xcb, 0x20,
0x18, 0xc4, 0xd6, 0x6c, 0x48 } };
CComPtr<IUnknown> spUnk;
hr = spUnk.CoCreateInstance(CLSID_tstsrv);
AtlTrace("CoCreateInstance(CLSID_tstsrv) => %p [%08x]\n", spUnk.p, hr);
//...
}
Some of the service's initialization code: 一些服务的初始化代码:
HRESULT CtstsrvModule::InitializeSecurity(void)
{
if(m_bSecurityInitialized) return S_OK;
m_bSecurityInitialized = true;
return ::CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT,
RPC_C_IMP_LEVEL_IDENTIFY, NULL, EOAC_DYNAMIC_CLOAKING, 0);
}
Another hour of mucking with this and I discovered that calling this code (archive.org) ( SetLaunchActPermissions
and GetLaunchActPermissionsWithIL
) makes it work. SetLaunchActPermissions
小时,我发现调用此代码(archive.org) ( SetLaunchActPermissions
和GetLaunchActPermissionsWithIL
)使其工作。
From that page: 从该页面:
By default, COM will prevent Low IL clients from binding to running instances of any COM servers.
默认情况下,COM将阻止低IL客户端绑定到任何COM服务器的运行实例。 To allow the bind, a COM server's Launch/Activation security descriptor must contain a SACL that specifies the Low IL label (see the previous section for the sample code to create such a security descriptor).
要允许绑定,COM服务器的启动/激活安全描述符必须包含指定低IL标签的SACL(有关创建此类安全描述符的示例代码,请参阅上一节)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.