Menu
When a process is running at the low integrity level, you can't write to %temp% so I need a way to find the path to the %temp%\Low directory (Without hardcoding the word "Low")
435
The "Finding Low Integrity Write Locations" section of the "Understanding and Working in Protected Mode Internet Explorer" article includes the following tidbit:
Note Protected Mode modifies IE's environment variables. As a result, the GetTempPath() function returns %Temp%\Low when called while Protected Mode is active.
187
According to MSDN
When in Protected Mode, extensions can write files to a folder below the user's UserProfile folder, typically %userprofile%\AppData\LocalLow. Use the SHGetKnownFolderPath function with the FOLDERID_LocalAppDataLow flag to obtain the expanded folder name.
SHGetKnownFolderPath(FOLDERID_LocalAppDataLow, 0,
NULL, szPath, ARRAYSIZE(szPath));
If you're just looking for a temporary directory to write to, you could loop through the directories inside the %temp% directory and try to write to each.
If UAC is disabled, . should be the first. If not, .\Low should be the only one.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
