none
SendMessage

    Question

  • I read that 'lower levels cannot send window messages to application windows running at higher levels.' in vista doc.  That means if all of my applications running in the same level, then messages will work.  Am i right? Please do let me know.

    Regards, Subramanyeswari
    • Edited by subramanyeswari Monday, September 08, 2008 11:36 AM wrong information
    Monday, September 08, 2008 10:59 AM

Answers

  • Hi Subramanyeswari,

    Could you please help to clarify what you mean by "level" in Vista? Based on my experience, I would assume you mean the IL level in Vista security. If I have misunderstood you, please feel free to tell me. Thanks.

    IL level is a part of the Windows integrity security mechanism which is added in Windows Vista. It is an extention for the legacy Windows ACL based security model. The link below contains the most complete document for Windows integrity mechanism:
    http://msdn.microsoft.com/en-us/library/bb625964.aspx

    Interesting, Vista also added another new security feature called UIPI(User Interface Privilege Isolation) which enforces the security in the Windowing subsystem. UIPI leverages the Windows integrity mechanism IL levels for Windows Message security checking. Only higher or equal to IL process can SendMessage() to send some sensitivity messages to another process. This helps to prevent the shatter attack in hack world. For example, IE7 with protected mode will run under low IL level, so if it is controlled by some hacky or malicious code; the IE process can not SendMessage() to manipulate other Admin processes. Another obstacle for hack~~!

    If the lower IL process wants to send message to the higher IL process, the higher IL process must call changewindowmessagefilter() API to explicit allow this. Also, although two processes run under the same IL level, if they live in different desktops/Window stations or Terminal session, they still can not communicate with Windows messages. For example, you can not SendMessage() to the Winlogon desktop logon window to intercept username/password.

    Hope this helps.

    Jeffrey

    --------------------------------------------------------------------------------

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Jeffrey Tan - MSFT
    • Marked as answer by Yan-Fei Wei Monday, September 15, 2008 2:36 AM
    Thursday, September 11, 2008 6:33 AM
    Moderator

All replies

  • Yes, you are right.  But, If you want to send the message from one window to another window within the same level also.  One, problem is there. 

    Ex:  one application is running in session 1 with normal user privilege and one app running in session 1 with admin privilege.

    In the above example case also the message will not be send.  For this, you need to use the changewindowmessagefilter API for windows VISTA this will give the accessibility to send message from user privilege to admin privilege
    |\|/\|\/||-]|
    Monday, September 08, 2008 12:39 PM
  • Hi Subramanyeswari,

    Could you please help to clarify what you mean by "level" in Vista? Based on my experience, I would assume you mean the IL level in Vista security. If I have misunderstood you, please feel free to tell me. Thanks.

    IL level is a part of the Windows integrity security mechanism which is added in Windows Vista. It is an extention for the legacy Windows ACL based security model. The link below contains the most complete document for Windows integrity mechanism:
    http://msdn.microsoft.com/en-us/library/bb625964.aspx

    Interesting, Vista also added another new security feature called UIPI(User Interface Privilege Isolation) which enforces the security in the Windowing subsystem. UIPI leverages the Windows integrity mechanism IL levels for Windows Message security checking. Only higher or equal to IL process can SendMessage() to send some sensitivity messages to another process. This helps to prevent the shatter attack in hack world. For example, IE7 with protected mode will run under low IL level, so if it is controlled by some hacky or malicious code; the IE process can not SendMessage() to manipulate other Admin processes. Another obstacle for hack~~!

    If the lower IL process wants to send message to the higher IL process, the higher IL process must call changewindowmessagefilter() API to explicit allow this. Also, although two processes run under the same IL level, if they live in different desktops/Window stations or Terminal session, they still can not communicate with Windows messages. For example, you can not SendMessage() to the Winlogon desktop logon window to intercept username/password.

    Hope this helps.

    Jeffrey

    --------------------------------------------------------------------------------

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.


    Jeffrey Tan - MSFT
    • Marked as answer by Yan-Fei Wei Monday, September 15, 2008 2:36 AM
    Thursday, September 11, 2008 6:33 AM
    Moderator
  • I have a issue with SendMessage in Windows 7 which assume is due to UIPI. below is the description

    I have a ActiveX plugin written in C++ which used to work fine in IE7 and IE8. But fails in IE9.
    Problem is with the SendMessage() function.

    I am creating a MDI Child window using the SendMessage() Function by sending WM_MDICREATE message to the MDI Client Window (window handle - hWnd).

    LRESULT WINAPI SendMessage(
    __in  HWND hWnd,
    __in  UINT Msg,
    __in  WPARAM wParam,
    __in  LPARAM lParam
    );


    Though SendMessage() returns success and the MDI Child window gets created, MDI Client window (with hWnd, the first parameter as its window handle) is not receiving the WM_MDICREATE message.
    So, the MDI Client Window  is not the parent of MDI Child Window created. Instead it is assigned an Alternate owner.

    But if I try to assign the MDI Client Window as parent using SetParent() function, it works.

    I suppose this problem is due to the introduction of User Interface Privilege Isolation(UIPI) in Vista/Windows 7 which block the messages sent through SendMessage().
    So, as indicated in MSDN documentation, I added the WM_MDICREATE message to be left out of the filtered messages by calling ChangeWindowMessageFilter
    But this does not work.

    I am struggling to find a solution for this problem. Can please anybody help in this regard?
    Saturday, May 21, 2011 8:22 AM