Share via

  • Article

Exercise 1: Identifying UIPI

In this exercise you will investigate two processes that communicate via windows messages, but where communication fails (at least in one direction) due to unequal integrity levels.

Task 1– Make Sure UAC is Active

In this task, you will confirm that User Account Control (UAC) is active. This will allow the problem to occur.

  1. From Start:

    1. Click Control Panel,
    2. Click User Accounts and Family Safety.
    3. Click User Accounts.

    4. Click Change User Account Control Settings. A dialog box similar to the following should appear:

      Note:
      Help

      Alternatively, click Start, click Run, and type UAC. Then click Change User Account Control Settings.

  2. Make sure the slider is set at the default level as pictured(you can set it to another level, but not to Never notify, as this disables UAC).

  3. Click OK.

Task 2 – Identify the Problem

  1. Navigate to the PingPongBroken\Debug folder.
  2. Double-click BrokenNativePingPong.exe file. A blank window should appear.

  3. Double-click BrokenNativePingPong.exe file again. You should see a message, “Ping Pong,” bouncing between two similar windows:

    Note:
    Help

    This is the correct behavior. Both processes run with standard user privileges with the same integrity level. To verify this follow the next steps.

  4. Open Process Explorer from Windows Sysinternals. (You can install Process Explorer from www.microsoft.com/technet/sysinternals).
  5. Right-click the process view header.

  6. Click Select Columns as shown in the following image.

  7. Make sure the Integrity Level check box is selected, or else you will not see and have hard time completing this lab.

  8. Click OK to confirm your selection.

  9. Navigate to the BrokenNativePingPong.Exe processes and look at the integrity level

    Note:
    Help

    It should be medium. This is the default integrity level of processes started with standard user privileges.

  10. Close both Ping Pong windows
  11. Double-click BrokenNativePingPong.Exe to run the first instance as before.
  12. For the second instance, Right-click it
  13. Click Run as administrator

  14. Satisfy the UAC prompt presented (alternatively, just double-click NativePingPongLoader.Exe and it will do both things automatically)

    Note:
    Watch Out

    You’ll find that the message, “Ping Pong,” no longer works.

  15. Open Process Explorer as before and look at the integrity levels:

    Note:
    Help

    Running as administrator, the process is running with a high integrity level instead of normal integrity level. This is the cause of the problem. A process cannot send or post windows messages to another process with a higher integrity level.

  16. Close both Ping Pong windows

< previous | next >

Contents