Re: Vista UAC/Privilege determination

From:

"David Ching" <dc@remove-this.dcsoft.com>

Newsgroups:

microsoft.public.vc.mfc

Date:

Fri, 22 Jun 2007 12:07:24 -0700

Message-ID:

<G7Vei.21398$C96.14917@newssvr23.news.prodigy.net>

"Joseph M. Newcomer" <newcomer@flounder.com> wrote in message
news:jivn73di1miub93697d2a34uv3591svt7o@4ax.com...

I have two intercommunicating processes. Process A sets a hook into
process B (for
purposes I can't talk about due to NDA issues). The problem I'm having is
this:

if I run A as an ordinary user, it can't set a hook in B

if I run A as administrator, it can hook B, but when the hook runs in B,
it can't
PostMessage back to A.

It appears that I have a situation where if A is an administrator, then B
is running at a
privilege level lower than A but higher than an ordinary user. So while I
can hook it, I
can't have it send back to me. But running as a limited user, I can't
hook it.

Now obviously the solution is to run A at the same privilege level as B.
So I need to
know (a) how to determine the privilege level of the hooked process and
(b) how to set my
process to the same privilege level. Note that the relationship of these
processes is
fixed, and I have no control over the hooked process, but if I set
something in the
manifest of A, this would suffice because the relationship will be fixed.

I am also having trouble finding documentation about manifests. Any
hints?

See

Riding the Vista UAC elevator, up and down by Andrei Belogortseff
http://www.codeproject.com/vista-security/VistaElevator.asp?df=100&forumid=368223&exp=0&select=1909847

FWIW, there is only Elevated and non-Elevated priviledge levels. I'm not
sure what level B is running at, but it's not at some level between Admin
and Limited. Unless you're talking about IEUser.exe. This is a
special-case, low-priviledge part of IE that has specific functionality
removed to avoid malware.

-- David