I have a program using File Mapping to do Inter-Process Communication。 I have two processes。
On Win7, process A creates Process B. B is a lower integrity process。A launches B using CreateLowProcess().
BOOL CreateLowProcess(CString csCmd)
{
BOOL bRet = FALSE;
HANDLE hToken = NULL;
HANDLE hNewToken = NULL;
WCHAR wszIntegritySid[20] = L"S-1-16-4096";
PSID pIntegritySid = NULL;
TOKEN_MANDATORY_LABEL TIL = {0};
PROCESS_INFORMATION ProcInfo = {0};
STARTUPINFO StartupInfo = {0};
ULONG ExitCode = 0;
if (OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken))
{
if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
SecurityImpersonation, TokenPrimary, &hNewToken))
{
if (ConvertStringSidToSid(wszIntegritySid, &pIntegritySid))
{
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pIntegritySid;
if (SetTokenInformation(hNewToken, (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL,
sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid)))
{
bRet = CreateProcessAsUser(hNewToken, NULL,
csCmd.GetBuffer(),NULL, NULL, FALSE,
0, NULL, NULL, &StartupInfo, &ProcInfo);
}
LocalFree(pIntegritySid);
}
CloseHandle(hNewToken);
}
CloseHandle(hToken);
}
return bRet;
}OOL CreateLowProcess(CString csCmd)
{
BOOL bRet = FALSE;
HANDLE hToken = NULL;
HANDLE hNewToken = NULL;
WCHAR wszIntegritySid[20] = L"S-1-16-4096";
PSID pIntegritySid = NULL;
TOKEN_MANDATORY_LABEL TIL = {0};
PROCESS_INFORMATION ProcInfo = {0};
STARTUPINFO StartupInfo = {0};
ULONG ExitCode = 0;
if (OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken))
{
if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL,
SecurityImpersonation, TokenPrimary, &hNewToken))
{
if (ConvertStringSidToSid(wszIntegritySid, &pIntegritySid))
{
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pIntegritySid;
if (SetTokenInformation(hNewToken, (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL,
sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid)))
{
bRet = CreateProcessAsUser(hNewToken, NULL,
csCmd.GetBuffer(),NULL, NULL, FALSE,
0, NULL, NULL, &StartupInfo, &ProcInfo);
}
LocalFree(pIntegritySid);
}
CloseHandle(hNewToken);
}
CloseHandle(hToken);
}
return bRet;
}
The Process A creates a File Mapping
SECURITY_DESCRIPTOR* pSecDesc = NULL;
pSecDesc = (SECURITY_DESCRIPTOR*)LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
InitializeSecurityDescriptor(pSecDesc,
SECURITY_DESCRIPTOR_REVISION);
SetSecurityDescriptorDacl(pSecDesc,TRUE,(PACL)NULL,FALSE);
LPTSTR buffer = NULL;
DWORD dwLong;
BOOL bSuc = ConvertSecurityDescriptorToStringSecurityDescriptor(
pSecDesc,
SDDL_REVISION_1,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | 0x00000010L ,
&buffer,
&dwLong);
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
sa.lpSecurityDescriptor = pSecDesc;
m_hMapFile = CreateFileMapping(
NULL,
&sa,
PAGE_READWRITE,
0,
nSize,
csShareMemName
);
But Process B can't get the write access to the File Mapping.
What's the problem?
I need your help.
my email is langziwuwu@hotmail.com