2012-10-25 13:01:00
IE保护模式下,ActiveX控件会打不开别的进程创建的共享内存,原因是IE运行在低完整性级别权限下,一般应用程序运行在中完整性级别。别的应用程序创建的共享内存,即使赋予Everyone权限,ActiveX控件仍然会打不开。
解决方案:创建共享内存的时候,设置下完整性级别:
1bool SetLowLabelToKernelObject(LPCTSTR lpszObjectName)
2{
3 // See http://msdn.microsoft.com/en-us/library/bb625960.aspx
4
5 // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity
6 LPCTSTR LOW_INTEGRITY_SDDL_SACL = _T("S:(ML;;NW;;;LW)");
7 PSECURITY_DESCRIPTOR pSD = NULL;
8
9 if (!ConvertStringSecurityDescriptorToSecurityDescriptor(LOW_INTEGRITY_SDDL_SACL,
10 SDDL_REVISION_1,
11 &pSD,
12 NULL))
13 {
14 return false;
15 }
16
17 LOKI_ON_BLOCK_EXIT(LocalFree, pSD);
18
19 PACL pSacl = NULL;
20 BOOL fSaclPresent = FALSE;
21 BOOL fSaclDefaulted = FALSE;
22
23 if (!GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted))
24 {
25 return false;
26 }
27
28 // Note that psidOwner, psidGroup, and pDacl are all NULL and set the new LABEL_SECURITY_INFORMATION
29 DWORD dwError = SetNamedSecurityInfoW((LPTSTR)lpszObjectName,
30 SE_KERNEL_OBJECT,
31 LABEL_SECURITY_INFORMATION,
32 NULL,
33 NULL,
34 NULL,
35 pSacl);
36
37 return dwError == ERROR_SUCCESS;
38}
参考资料:
http://www.microsoft.com/china/msdn/library/webservices/WebApp/ProtectedMode.mspx?mfr=true
http://www.cnblogs.com/jcss2008/archive/2009/06/06/1497528.html
首发:http://www.cppblog.com/Streamlet/archive/2012/10/25/193831.html