locked
GetActiveObject API Fails to Fetch the Running Instance from ROT RRS feed

  • Question

  • 1. We have a Plugin that runs on Browser. This Plug is a DLL that creates an out proc COM Server (say MyApp.exe). Note that this app runs as an elevated server as given here.

    2. The Entry point for MyApp.exe registers the CLSID in to ROT. Hence when the Registration occurs to ROT I am not sure if it maintains any context of the running process.

    3. From the plugin dll we try to fetch the registered instance of MyApp.exe. This fails saying Operation is unavailable since the plugin is running through an browser as Medium IL Level. (Yes, it works for me if UAC is turned OFF, issue is only when it is turned ON).

    I've tried the registry modifications as mentioned in the above link and it does not work for me.

    Please suggest.

    Thanks!

    • Moved by Jesse Jiang Thursday, August 30, 2012 7:03 AM (From:Visual C++ MFC and ATL)
    Wednesday, August 29, 2012 11:11 AM

All replies

  • Hi Rajesh,

    Welcome here.

    Based on your description, your issue is about UAC, so I’d like to move the thread to Application Security for Windows Desktop for better support.

    Thanks for your understanding.

    Regards,


    Elegentin Xie [MSFT]
    MSDN Community Support | Feedback to us

    Thursday, August 30, 2012 7:27 AM
  • I'm having a very similar issue with a COM server of mine. Unfortunately I have not found a solution yet, but perhaps it will be of some use to you.

    In my case, the COM server is written in C# (.NET 4.0) and runs as a (registered) local server. One other difference is that my server doesn't necessarily have to run at a higher IL, however, it will occasionally run as such because it's being started by another application running at High IL.

    The underlying issue is explained here (in the section COM is integrity aware). The way I understand it, it is being caused by the fact that an elevated application creates the server with a higher integrity level. When another non-elevated application then connects, it is not allowed to connect to the same instance. The same happens when a non-elevated application creates the process, followed an elevated application connecting.

    I've tried to implement the solution described on the page: modifying the registry to set a security descriptor that should allow all clients to connect. There is a code sample in C++, but this does effectively the same thing in .NET:

    // Security Descriptor with NO_EXECUTE_UP
    var sd = new RawSecurityDescriptor("O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW)");
    byte[] securityDescriptor = new Byte[sd.BinaryLength];
    sd.GetBinaryForm(securityDescriptor, 0);
    
    RegistryKey key = Registry.ClassesRoot.OpenSubKey("AppID\\{APP-ID-GUID}", true);
    if (key == null)
    {
        key = Registry.ClassesRoot.CreateSubKey("AppID\\{APP-ID-GUID}");
    }
    using (key)
    {
        key.SetValue("LaunchPermission", securityDescriptor, RegistryValueKind.Binary);
    }

    However, this does not have the desired effect. When the second client tries to create an instance of the object in question, Windows tries to launch a separate instance of my COM Server, but the server prevents two instances from running as the same user. Given the permissions I've set, I would not expect a second instance to launch in the first place. Because the second instance of the server is closed, I get:

    Server execution failed (Exception from HRESULT: 0x80080005 (CO_E_SERVER_EXEC_FAILURE)

    Since one of the client applications is running in Medium IL and the other in High IL, I also experimented with variants on the mandatory label, like:

        O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;ME)
        O:BAG:BAD:(A;;0xb;;;WD)S:(ML;;NX;;;LW)(ML;;NX;;;ME)(ML;;NX;;;HI)

    I've also tried setting the ROTFlags registry key to 0x1 (ROTFLAGS_ALLOWANYCLIENT) as suggested on the page, still no change in behavior.

    I've established that the LaunchPermission registry value is being used in some way. Some svchost.exe process seems to be reading them, and when I use the dcomcnfg.exe tool to set the same key, I can force the server to fail loading by denying launch permissions.

    I would like to point out that my server process does not need elevation. How do I make both elevated and non-elevated processes capable of connecting to a single server instance?

    Monday, September 3, 2012 9:01 AM