Creating and opening securable objects
In earlier versions of Windows, it was possible to open and read (though not necessarily write) many temporary objects by passing NULL parameter values to the relevant function. Starting with Windows 8, this is no longer possible because AppContainer isolation restricts all access by default. To gain access to a securable object (read, write, or otherwise), you need to pass appropriate parameter values when opening handles to those resources. Use these examples to do so..
- Creating and opening objects
- Creating and opening events
- Creating and opening mutexes
- Creating and opening semaphors
- Creating and opening named pipes
- Creating and opening shared memory structures
- Related topics
Creating and opening objects
Windows contains a number of different objects that require handles. This section shows how to create and open object handles for many common objects.
Creating and opening events
This example shows how to create and open a named event that supports the Internet Explorer AppContainer:
// Create an Event
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoCreateEvent(_In_ LPVARIANT pvarName)
{
m_hEvent = CreateEventW(nullptr, FALSE, FALSE, V_BSTR(pvarName));
if (m_hEvent != nullptr)
{
hr = SetKernelHandleAppContainer(m_hEvent, SYNCHRONIZE | EVENT_MODIFY_STATE);
}
// ...
}
// Open an Event
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoOpenEvent(_In_ LPVARIANT pvarName)
{
m_hEvent = OpenEventW(SYNCHRONIZE | EVENT_MODIFY_STATE, FALSE, V_BSTR(pvarName));
// ...
}
Creating and opening mutexes
This example shows how to create and open a mutex that supports the IE AppContainer:
//Create a mutex
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoCreateMutex(_In_ LPVARIANT pvarName)
{
m_hMutex = CreateMutexW(nullptr, FALSE, V_BSTR(pvarName),);
if (m_hMutex != nullptr)
{
hr = SetKernelHandleAppContainer(m_hMutex, SYNCHRONIZE | MUTEX_MODIFY_STATE);
}
// ...
}
// Open a Mutex
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoOpenMutex(_In_ LPVARIANT pvarName)
{
m_hMutex = OpenMutexW(SYNCHRONIZE | MUTEX_MODIFY_STATE, FALSE, V_BSTR(pvarName));
// ...
}
Creating and opening semaphors
Here's how to create and open a semaphor that supports the IE AppContainer:
// Create a Semaphore
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoCreateSemaphore(_In_ LPVARIANT pvarName)
{
m_hSemaphore = CreateSemaphoreW(nullptr, 0, 10, V_BSTR(pvarName));
if (m_hSemaphore != nullptr)
{
hr = SetKernelHandleAppContainer(m_hSemaphore, SYNCHRONIZE | SEMAPHORE_MODIFY_STATE);
}
// ...
}
// Open a Semaphore
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoOpenSemaphore(_In_ LPVARIANT pvarName)
{
m_hSemaphore = OpenSemaphoreW(SYNCHRONIZE | SEMAPHORE_MODIFY_STATE, FALSE, V_BSTR(pvarName));
// ...
}
Creating and opening named pipes
This example shows how to create and open a named pipe that supports the IE AppContainer.
// Create a Named Pipe
// Input VARIANT depends on the context of the named pipe;
// see remarks following the example for details.
STDMETHODIMP DemoCreateNamedPipe(_In_ LPVARIANT pvarName)
{
// ...
LPSECURITY_ATTRIBUTES lpSecurityAttributes = nullptr;
m_hPipe = CreateNamedPipeW(V_BSTR(pvarName), dwOpenMode, dwPipeMode, dwMaxInstances, dwOutBufferSize, dwInBufferSize, dwDefaultTimeOut, lpSecurityAttributes);
if (m_hPipe != INVALID_HANDLE_VALUE)
{
DWORD dwAccessMask = GENERIC_READ | GENERIC_WRITE;
hr = SetFileHandleAppContainer(m_hPipe, dwAccessMask);
}
// ...
}
// Open a Named Pipe
// Input VARIANT depends on the context of the named pipe;
// see remarks following the example for details.
STDMETHODIMP DemoOpenNamedPipe(_In_ LPVARIANT pvarPipeName)
{
HRESULT hr = E_INVALIDARG;
m_hPipe = CreateFileW(
V_BSTR(pvarName),
(FILE_GENERIC_READ | FILE_GENERIC_WRITE),
0, nullptr, OPEN_EXISTING, 0, nullptr);
if (m_hPipe == INVALID_HANDLE_VALUE)
// ...
}
In this example, the value of the input VARIANT varies:
For named pipes in non-AppContainer processes, the name is similar to "\\.\pipe\name".
For AppContainer processes, the path depends on the session ID and the AppContainer SID.
Use the TokenSessionId enumeration value with GetTokenInformation to get the session number.
Use the TokenAppContainerSid enumeration value with GetTokenInformation to obtain the SID.
When you have both values, call GetAppContainerNamedObjectPath.
The resulting name should be in the form "\\.\pipe\Sessions\SessionNumber\AppContainerNamedObjectPath\name".
Creating and opening shared memory structures
Here's how to create and open a shared memory structure that supports the IE AppContainer:
// Create a Shared Memory segment
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoCreateSharedMemory(_In_ LPVARIANT pvarName)
{
HANDLE hTemp = CreateFileMappingW(
INVALID_HANDLE_VALUE, // Use pagefile
nullptr,
PAGE_READWRITE,
0,
dwByteCount,
V_BSTR(pvarName));
if (hTemp != nullptr)
{
hr = SetKernelHandleAppContainer(hTemp, FILE_MAP_READ | FILE_MAP_WRITE);
}
// ...
}
// Open a Shared Memory segment
// Input VARIANT is in form PRIVATENAMESPACE\ObjectName
STDMETHODIMP DemoOpenSharedMemory(_In_ LPVARIANT pvarName)
{
DWORD dwAccessMask = FILE_MAP_READ | FILE_MAP_WRITE;
BOOL fInherit = FALSE;
HANDLE hSM = OpenFileMappingW(dwAccessMask, fInherit, V_BSTR(pvarName));
// ...
}
Note These examples use private functions (SetKernelHandleAppContainer and SetFileHandleAppContainer) to add an appropriate ACE to the DACL and to call AddMandatoryAce to adjust the integrity level of the handle to low integrity. The samples show flag values appropriate for the objects being updated.
Related topics
Enhanced protected mode (EPM) may be enabled on the desktop
Supporting enhanced protected mode (EPM)