- Process explorer integrity level how to#
- Process explorer integrity level full#
- Process explorer integrity level code#
::InitializeProcThreadAttributeList(si.lpAttributeList, 1, 0, &size)) Si.lpAttributeList = reinterpret_cast(buffer.get()) ::InitializeProcThreadAttributeList(nullptr, 1, 0, &size) As part of this, we can specify capabilities this AppContainer should have, such as internet access, access to the documents library and any other capabilities as defined by the Windows Runtime: STARTUPINFOEX si =
The absolute minimum is to initialize a process attribute list with a SECURITY_CAPABILITIES structure to indicate we want the process to be created inside an AppContainer. The next step is prepare for process creation. In that case, we need to extract the SID from the existing profile: ::DeriveAppContainerSidFromAppContainerName(containerName, &appContainerSid) If the function fails, it probably means the container profile exists already. The containerName argument is the important one. ::CreateAppContainerProfile(containerName, containerName, containerName, nullptr, 0, &appContainerSid) The first step is to create an AppContainer profile (error handling ommitted): PSID appContainerSid For normal applications, we can select any string selecting the same string would yield the same SID – which means we can actually use it to “bundle” several processes into the same AppContainer. In the UWP world, this name is made up of the application package and the 13 digits of the signer’s hash. This SID is based on a hash of the container name.
Process explorer integrity level how to#
Let’s see how to do that.įirst, we need to create the AppContainer and obtain an AppContainer SID.
Process explorer integrity level full#
On the other hand, if AppContainer A creates a mutex named “abc”, its full name is something like “\Sessions\1\AppContainerNamedObjects\S-1-15-2-466767348-3739614953-2700836392-1801644223-4227750657-1087833535-2488631167\abc”, meaning it can nevr interfere with another AppContainer or any process running outside of an AppContainer.Īlthough AppContainers were created specifically for store apps, theye can also be used to execute “normal” applications, providing the same level of security and isolation. This means one AppContainer cannot interfere with another’s objects.įor example, if a process not in an AppContainer creates a mutex named “abc”, its full name is really “\Sessions\1\BaseNamedObjects\abc” (assuming the process runs in session 1). Furthermore, from an Object Manager perspective, named objects created by an AppContainer are stored under its own object manager directory, based on an identifier known as AppContainer SID.
Process explorer integrity level code#
This means code running inside an AppContainer can’t do any sigtnificant damage because of that lack of access. A process within an AppContainer runs with an Integrity Level of low, which effectively means it has no access to almost everything, as the default integrity level of objects (such as files) is Medium. AppContainers are the sanboxes typically used to run UWP processes (also known as metro, store, modern…).
0 kommentar(er)
