Changewindowmessagefilterex Overview (for canceling low-privileged programs sending messages to high-privilege programs with no success limit of 6 levels)

Source: Internet
Author: User

The Changewindowmessagefilterex function modifies the user interface Privilege Isolation (UIPI) message Filter for the specified window.

Function Prototypes:

[CPP]View PlainCopy
    1. BOOL WINAPI Changewindowmessagefilterex (
    2. __in hwnd hwnd,
    3. __in UINT message,
    4. __in DWORD Action,
    5. __inout_opt pchangefilterstruct pchangefilterstruct
    6. );

The window handle whose UIPI message filter is to be modified.
The message to allow or block through the message filter.
To perform an action, you can take one of the following values:
Msgflt_allow: Allows messages to pass through the filter. Allows a window to receive the message, regardless of the source message, even if it comes from a low-privileged process.
Msgflt_disallow: If the message comes from a low-privileged process, prevent it from being forwarded to the window.
Msgflt_reset: Resets the message Filter for Windows to default, any global allow message or process-wide pass. However, these two categories are not included, where the process from the low-privileged will be blocked.
An option that points to the CHANGEFILTERSTRUCT structure pointer.

"Return value"
If the function succeeds, the return value is a value other than 0.
If the function fails, the return value is zero. To get information about the extended error, call GetLastError.

Restrictions for canceling low-privileged programs from sending messages to high-privilege programs
BOOL bRes = Changewindowmessagefilterex (M_hwnd, Wm_copydata, Msgflt_allow, NULL);

--------------------------------------------------------------------------------------------------------------- -----------------
UIPI: UI Privilege Isolation (user Interface Privilege isolation), a new security feature introduced by Windows 7 via the mic mechanism, is used to intercept messages sent from processes that receive lower mic levels than their processes. The purpose of UIPI is to standardize the process of window message processing between different process windows, by default, high-privileged processes do not receive window messages sent by low-privileged processes, but low-privileged processes can receive window messages for high-privileged processes. The essence of UIPI is that the system checks whether the target window and sender have the same mic level or the sender has a higher mic level, and if the above conditions are met, the message is allowed to be passed, otherwise the message is discarded.
Therefore, user processes running in the Windows 7 operating system, if run with different integrity levels, with different MIC levels, will not be able to communicate with each other as gracefully as Windows XP.

MIC: Message integrity Check (msg Integrity check), a Windows security object access control security mechanism added to Windows 7, which uses the integrity level to mark a securable object, By reducing the integrity level of the process, you can limit its write access to securable objects, which is similar to the way that members of a user account group are restricted from accessing system components. The integrity check mechanism allows programs to be run with fewer permissions or at a lower integrity level, reducing the likelihood that processes will modify the system or compromise user data files. In Windows 7, the message integrity check is divided into 6 levels, as follows:

Mic level Description
Security_mandatory_untrusted_rid Non-trusted MIC level
Security_mandatory_low_rid Low mic level, ie
Security_mandatory_medium_rid In mic class, default to this level, such as explorer
Security_mandatory_high_rid High mic level, program running as Administrator
Security_mandatory_system_rid System mic level, typically a service application
Security_mandatory_protected_process_rid Mic level of the protected process


Changewindowmessagefilterex Overview (for canceling low-privileged programs sending messages to high-privilege programs with no success limit of 6 levels)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.