Detecting IE7 Protected Mode, Take 2

analysis

Apr 9, 20073 mins

On Friday, I posted one method that an ActiveX control or IE toolbar can use to determine whether IE 7 is running in Protected Mode. After thinking about this some more, I realized that there are many other ways to accomplish the same goal. Much of the primary information on IE7 Protected Mode can be found in an MSDN article, Understanding and Working in Protected Mode Internet Explorer. That arti

On Friday, I posted one method that an ActiveX control or IE toolbar can use to determine whether IE 7 is running in Protected Mode. After thinking about this some more, I realized that there are many other ways to accomplish the same goal.

Much of the primary information on IE7 Protected Mode can be found in an MSDN article, Understanding and Working in Protected Mode Internet Explorer. That article mentions the IEIsProtectedModeProcess function I talked about on Friday, but it also explains some of the other characteristics of Protected Mode and Vista UAC mode. For example, Protected Mode modifies IE’s environment, so that the Windows GetTempPath() API will return the value of %Temp%Low rather than the value of %Temp% when Protected Mode is active.

Later in the article, the authors give a code sample, ShowProcessIntegrityLevel(), shown below, that looks at the current process token and determines its integrity level. The integrity level actually tells us more than just whether Protected Mode is enabled.

If we are in Protected Mode, the process integrity will be Low; if we are running as a normal user or running in UAC mode, the process integrity will be Medium; and if we are running as Administrator, the process integrity will be High. An ActiveX control that wants to expose the integrity level to JavaScript through a COM interface could run a variation on this code and return a short integer that is 0 for Low Integrity (Protected Mode), 1 for Medium Integrity (Normal User/UAC mode), and 2 for High Integrity (Administrator).

I really wish this was already built into IE 7, but it’ll do.

void ShowProcessIntegrityLevel()
{
  HANDLE hToken;
  HANDLE hProcess;

  DWORD dwLengthNeeded;
  DWORD dwError = ERROR_SUCCESS;

  PTOKEN_MANDATORY_LABEL pTIL = NULL;
  LPWSTR pStringSid;
  DWORD dwIntegrityLevel;
 
  hProcess = GetCurrentProcess();
  if (OpenProcessToken(hProcess, TOKEN_QUERY | 
        TOKEN_QUERY_SOURCE, &hToken)) 
  {
    // Get the Integrity level.
    if (!GetTokenInformation(hToken, TokenIntegrityLevel, 
           NULL, 0, &dwLengthNeeded))
    {
      dwError = GetLastError();
      if (dwError == ERROR_INSUFFICIENT_BUFFER)
      {
        pTIL = (PTOKEN_MANDATORY_LABEL)LocalAlloc(0, 
                  dwLengthNeeded);
        if (pTIL != NULL)
        {
          if (GetTokenInformation(hToken, TokenIntegrityLevel, 
                 pTIL, dwLengthNeeded, &dwLengthNeeded))
          {
            dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid, 
               (DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));
 
            if (dwIntegrityLevel < SECURITY_MANDATORY_MEDIUM_RID)
            {
              // Low Integrity
              wprintf(L"Low Process");
            }
            else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID && 
                     dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
            {
              // Medium Integrity
              wprintf(L"Medium Process");
            }
            else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID)
            {
              // High Integrity
              wprintf(L"High Integrity Process");
            }
          }
          LocalFree(pTIL);
        }
      }
    }
    CloseHandle(hToken);
  }
}

Software Development

by Martin Heller

Contributing Writer

Follow Martin Heller on X

Martin Heller is a contributing writer at InfoWorld. Formerly a web and Windows programming consultant, he developed databases, software, and websites from his office in Andover, Massachusetts, from 1986 to 2010. From 2010 to August of 2012, Martin was vice president of technology and education at Alpha Software. From March 2013 to January 2014, he was chairman of Tubifi, maker of a cloud-based video editor, having previously served as CEO.

Martin is the author or co-author of nearly a dozen PC software packages and half a dozen Web applications. He is also the author of several books on Windows programming. As a consultant, Martin has worked with companies of all sizes to design, develop, improve, and/or debug Windows, web, and database applications, and has performed strategic business consulting for high-tech corporations ranging from tiny to Fortune 100 and from local to multinational.

Martin’s specialties include programming languages C++, Python, C#, JavaScript, and SQL, and databases PostgreSQL, MySQL, Microsoft SQL Server, Oracle Database, Google Cloud Spanner, CockroachDB, MongoDB, Cassandra, and Couchbase. He writes about software development, data management, analytics, AI, and machine learning, contributing technology analyses, explainers, how-to articles, and hands-on reviews of software development tools, data platforms, AI models, machine learning libraries, and much more.

Show me more

Topics

About

Policies

Our Network

More

Detecting IE7 Protected Mode, Take 2

More from this author

Running agents with Amazon Bedrock AgentCore

Generative AI and the future of databases

AI-assisted software development with Amazon Q Developer

Agentic coding with Google Jules

OpenAI Codex rivals Claude Code

A brief history of AI

Qwen Code is good but not great

Retrieval-augmented generation with Nvidia NeMo Retriever

Show me more

New ‘StoatWaffle’ malware auto‑executes attacks on developers

VS Code now updates weekly

When Windows 11 sneezes, Azure catches cold

How to build desktop apps in Typescript with Electrobun

Write and run assembly in Python with Copapy

Run AI Models Locally on Your PC — No Cloud Required (LM Studio Guide)