Protected mode and enhanced protected mode reference

This section describes the API for Windows Internet Explorer Protected Mode and Enhanced Protected Mode (EPM).

Overviews/Tutorials

Topic Contents
Introduction to the protected mode API

Protected Mode helps reduce the severity of threats to Windows Internet Explorer 7 and its extensions by eliminating the silent installation of malicious code through software vulnerabilities. Protected Mode accomplishes this goal using the integrity mechanisms of Windows Vista which restrict access to processes, files, and registry keys with higher integrity levels. The Protected Mode API enables software vendors to develop extensions and add-ons for Internet Explorer that can interact with the file system and registry from a low integrity process, such as Protected Mode Internet Explorer.

Protected mode broker functions

Windows Internet Explorer 8 in Windows Vista provides broker functions that allow access between applications, processes, and resources secured to other integrity levels.

 

Interfaces

Topic Contents
IProtectedModeMenuServices

Enables embedded documents to correctly merge menus with Internet Explorer 7 in Protected Mode.

 

Structures

Topic Contents
IELAUNCHURLINFO

Specifies process creation flags for the Windows Internet Explorer process that open a URL.

IEObjectTypeEnum

Specifies the type of an object that requires enhanced protected mode access privileges.

 

Functions

Topic Contents
IECancelSaveFile

Frees memory and state associated with a previous call to IEShowSaveFileDialog.

IECreateDirectory

Creates a new directory by calling the standard CreateDirectory function from a higher-integrity user context.

IECreateFile

Calls the standard CreateFile function from a higher-integrity user context. Creates or opens a file, file stream, directory, physical disk, volume, console buffer, tape drive, communications resource, mailslot, or named pipe. The function returns a handle that can be used to access the object.

IEDeleteFile

Calls the standard DeleteFile from a higher integrity user context to delete an existing file.

IEFindFirstFile

Calls the standard FindFirstFile function from a higher-integrity user context. Searches a directory for a file or subdirectory with a name that matches a specific name.

IEGetFileAttributesEx

Calls the standard GetFileAttributesEx function from a higher-integrity user context. Retrieves attributes for a specified file or directory.

IEGetProtectedModeCookie

Calls the standard InternetGetCookieEx from a higher-integrity user context. Retrieves the cookie data from the protected mode cookie store.

IEGetWriteableFolderPath

Returns the current location of the specified folder. In protected mode, the path points to a location where the user has write permissions.

IEGetWriteableHKCU

Returns a handle to a write accessible location under HKEY_CURRENT_USER.

IEIsProtectedModeProcess

Determines if Internet Explorer is running in protected mode.

IEIsProtectedModeURL

Determines if a URL will open in a protected mode process.

IELaunchURL

Opens a URL in an Internet Explorer process with an appropriate integrity level, and returns information about the new process.

IEMoveFileEx

Calls the standard MoveFileEx function from a higher-integrity user context. Moves an existing file or directory, including its children, with various move options.

IERefreshElevationPolicy

Tells Windows Internet Explorer processes to refresh elevation policies from the registry.

IERegCreateKeyEx

Calls the standard RegCreateKeyEx from a higher-integrity user context. Creates the specified registry key. If the key already exists, the function opens it. Note that key names are not case sensitive.

IERegisterWritableRegistryKey

Calls the standard RegCreateKeyEx from a higher-integrity user context. Registers a key during installation so that low integrity processes can write into this location during run time.

IERegisterWritableRegistryValue

This function calls the standard RegCreateKeyEx from a higher-integrity user context. It registers a value in a path during installation so that low-integrity processes can write into this location during run time.

IERegSetValueEx

Calls the standard RegSetValueEx from a higher-integrity user context. This function sets the data and type of a specified value under a registry key.

IERemoveDirectory

Calls the standard RemoveDirectory function from a higher-integrity user context. Deletes an existing empty directory.

IESaveFile

Saves the file to the location selected by the user in a previous call to IEShowSaveFileDialog.

IESetProtectedModeCookie

Calls the standard InternetSetCookieEx from a higher-integrity user context. Creates a cookie with a specified name that is associated with a specified URL.

IEShowSaveFileDialog

Opens the Windows Common Save File dialog box from a medium integrity context.

SetAccessForIEAppContainer

Applies an access mask to a securable kernel object and enables Internet Explorer 11 to access the object when enhanced protected mode (EPM) is enabled.

IEUnregisterWritableRegistry

Unregister and delete a registry that was registered for writable.

 

Enhanced protected mode (EPM) may be enabled on the desktop

Enhanced Protected Mode on desktop IE

Supporting enhanced protected mode (EPM)