from Jeffrey Tan(Microsoft Online Community Support)
On Vista, only elevated application/process will run under the full administrator security context, while most of the normal processes run under a splitted normal user security context to minimize the attack surface. However, since these high right processes and normal right processes run on the same UI desktop, it is possible for the low right hacky process to send message to the high right processes.(For legacy reason, Windows GUI system did not have per-process or per-window security
constraint) This is called shatter attack.
To minimize this shatter attack, Vista introduced the UIPI which does not allow low right process to send message to the high right processes. That's why your application will fail to call these User32 APIs. Note: it is possible to establish the trust relationship by calling ChangeWindowMessageFilter() in the high right process(which says, yes, this low right process is a good guy, let's allow it to send message to me). However, in your scenario, since you have no control over all the high right processes, this is not a doable solution for you. Please see the link below for more details:
http://blogs.msdn.com/vishalsi/archive/2006/11/30/what-is-user-interface-privilege-isolation-uipi-on-vista.aspx
The only solution should be running your process under elevated Administrator token. Actually, this kind of system level task switching application really needs Admin right to get it work done, since its behavior affects all the processes/applications on the system.
Finally, you may still meet some problem while dealing with System Integrity Level GUI window, however, this seldom occurs on Vista.
Hope this helps.
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
