IE保护模式下ActiveX控件打不开共享内存的解决方案

IE保护模式下，ActiveX控件会打不开别的进程创建的共享内存，原因是IE运行在低完整性级别权限下，一般应用程序运行在中完整性级别。别的应用程序创建的共享内存，即使赋予Everyone权限，ActiveX控件仍然会打不开。

解决方案：创建共享内存的时候，设置下完整性级别：

bool SetLowLabelToKernelObject(LPCTSTR lpszObjectName)

{

    // See http://msdn.microsoft.com/en-us/library/bb625960.aspx

 

    // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for low integrity

    LPCTSTR LOW_INTEGRITY_SDDL_SACL = _T("S:(ML;;NW;;;LW)");

    PSECURITY_DESCRIPTOR pSD = NULL;

 

    if (!ConvertStringSecurityDescriptorToSecurityDescriptor(LOW_INTEGRITY_SDDL_SACL,

                                                             SDDL_REVISION_1,

                                                             &pSD,

                                                             NULL))

    {

        return false;

    }

 

    LOKI_ON_BLOCK_EXIT(LocalFree, pSD);

 

    PACL pSacl = NULL;

    BOOL fSaclPresent = FALSE;

    BOOL fSaclDefaulted = FALSE;

 

    if (!GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted))

    {

        return false;

    }

 

    // Note that psidOwner, psidGroup, and pDacl are all NULL and set the new LABEL_SECURITY_INFORMATION

    DWORD dwError = SetNamedSecurityInfoW((LPTSTR)lpszObjectName,

                                          SE_KERNEL_OBJECT,

                                          LABEL_SECURITY_INFORMATION,

                                          NULL,

                                          NULL,

                                          NULL,

                                          pSacl);

 

    return dwError == ERROR_SUCCESS;

}

参考资料：

http://www.microsoft.com/china/msdn/library/webservices/WebApp/ProtectedMode.mspx?mfr=true

http://www.cnblogs.com/jcss2008/archive/2009/06/06/1497528.html