Launching Low Integrity Level Process
If you’re using the code sample for launching a low integrity process in the protected mode for Internet Explorer whitepaper, you may be getting an error that complains about RtlLengthSid. We’re working to update the code sample. In the meantime, look at the code below. You’ll have to add all of your own error checking, but you can get the basic idea:
#include “windows.h”
#include “Sddl.h”
__cdecl main(/*int argc, TCHAR argv[]*/)
{
BOOL b;
HANDLE hToken;
HANDLE hNewToken;
PWSTR szProcessName = L”c:\\windows\\notepad.exe”; // For example
PWSTR szIntegritySid = L”S-1-16-4096″; // Low integrity SID
PSID pIntegritySid = NULL;
TOKEN_MANDATORY_LABEL TIL = {0};
PROCESS_INFORMATION ProcInfo = {0};
STARTUPINFO StartupInfo = {0};
//ULONG ExitCode = 0;
b = OpenProcessToken(GetCurrentProcess(),MAXIMUM_ALLOWED, &hToken);
b = DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hNewToken);
b = ConvertStringSidToSid(szIntegritySid, &pIntegritySid);
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pIntegritySid;
// Set the process integrity level
b = SetTokenInformation(hNewToken, TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL) + GetSidLengthRequired(1));
// Create the new process at Low integrity
b = CreateProcessAsUser(hNewToken, szProcessName,NULL, NULL, NULL, FALSE, 0, NULL, NULL, &StartupInfo, &ProcInfo);
return 0;
}