有没有办法在IE11上从AppContainer BHO创建命名管道？

Question

我正在尝试为Internet Explorer 11(Windows 8.1)编写BHO.我的BHO实现了AppContainer沙箱,但我似乎无法创建一个命名管道,CreateNamedPipe失败并显示该消息: Access is denied.

这是我用来创建命名管道的代码(我在俄罗斯网站上找到,最后评论:

        LPCWSTR LOW_INTEGRITY_SDDL_SACL_W = L"S:(ML;;NW;;;LW)D:(A;;0x120083;;;WD)(A;;0x120083;;;AC)";

        PSECURITY_DESCRIPTOR pSD = NULL;
        ConvertStringSecurityDescriptorToSecurityDescriptorW (
            LOW_INTEGRITY_SDDL_SACL_W,
            SDDL_REVISION_1,
            &pSD,
            NULL );

        if ( pSD != NULL)
        {
            SECURITY_ATTRIBUTES  SecurityAttributes;

            SecurityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES);
            SecurityAttributes.bInheritHandle = TRUE;
            SecurityAttributes.lpSecurityDescriptor = pSD;

            HANDLE hPipe = CreateNamedPipe(
                L"\\\\.\\pipe\\testpipe",
                PIPE_ACCESS_DUPLEX,                     
                PIPE_TYPE_BYTE | PIPE_READMODE_BYTE,
                1,                                  
                4096,                   
                4096,                               
                1000,
                &SecurityAttributes);           

        }

不幸的是,它不起作用.GetLastError() Access is denied像往常一样返回此值.

Answer 1

您无法在BHO中创建命名管道.但您可以在代理程序进程中创建它并从BHO连接到管道.我是尖头评论的作者,我在我的IE插件的代理部分测试了代码.

代码片段.在自动启动的exe中创建管道(Delphi)

function CreateAppContainerSecurityDescriptor(var SD: PSECURITY_DESCRIPTOR): boolean;
const
  SDDL_REVISION_1 = 1;
var
  pSD: PSECURITY_DESCRIPTOR;
  ConvertStringSecurityDescriptorToSecurityDescriptor: TConvertStringSecurityDescriptorToSecurityDescriptorW;
begin
  @ConvertStringSecurityDescriptorToSecurityDescriptor := GetProcAddress(AdvapiDll(),
    'ConvertStringSecurityDescriptorToSecurityDescriptorW');
  result := false;
  if ConvertStringSecurityDescriptorToSecurityDescriptor('S:(ML;;NW;;;LW)D:(A;;0x120083;;;WD)(A;;0x120083;;;AC)',
    SDDL_REVISION_1, pSD, nil) then begin
    SD := pSD;
    result := true;
  end;
end;

function TPipeServer.Start: boolean;
var
  SD: PSECURITY_DESCRIPTOR;
  SecurityAttributes: SECURITY_ATTRIBUTES;
begin
  result := false;
  if Win32MajorVersion >= 6 then begin
    if CreateAppContainerSecurityDescriptor(SD) then begin
      SecurityAttributes.nLength := sizeof(SECURITY_ATTRIBUTES);
      SecurityAttributes.bInheritHandle := true;
      SecurityAttributes.lpSecurityDescriptor := SD;

      PipeHandle := CreateNamedPipe('\\.\pipe\MyPipe', PIPE_ACCESS_DUPLEX,
        PIPE_TYPE_BYTE or PIPE_READMODE_BYTE, 1, 0, 0, 1000, @SecurityAttributes);
      result := PipeHandle <> INVALID_HANDLE_VALUE;
    end;
  end;
end;

procedure TPipeServer.Execute;
begin
  if Start() then begin
    while true do begin
      if ConnectNamedPipe(PipeHandle, nil) then begin
        ...
      end;
    end;
  end;
end;

在IE工具栏中连接到管道(C++)

#define PIPE_NAME "\\\\.\\pipe\\MYPipe"

LRESULT CMFToolbar::OnCommand(UINT uMsg, WPARAM wParam, LPARAM lParam, BOOL& bHandled)
{
...
    HANDLE PipeHandle;
    if (WaitNamedPipe(PIPE_NAME, NMPWAIT_WAIT_FOREVER) != 0) {
        PipeHandle = CreateFile(PIPE_NAME, FILE_READ_DATA | FILE_WRITE_DATA,
            0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
        if (PipeHandle != INVALID_HANDLE_VALUE) {
            WriteFile(PipeHandle, ...
            CloseHandle(PipeHandle);
        }

}