From a programmer’s perspective Internet Explorer is not Yet Another Windows Application (YAWA1). Considering all the versions of IE out there, when I say Internet Explorer I mean for the most part 32-bit Internet Explorer 7 on Windows Vista onwards in the default configuration (ie. User Account Control on, Protected Mode on).
For starters, if you are launching IE, you cannot determine when IE has initialized and ready for user input. Usually when a child process is launched, parent uses WaitForInputIdle to determine whether the child has initialized completely since CreateProcess returns immediately without waiting for process initialization to complete. This does not work for IE because in Protected Mode, iexplore.exe relaunches itself as a low integrity process (from a medium integrity process). The process that launched IE ends up being the grand parent of the eventual low integrity iexplore.exe process that presents UI elements to user and there is no Win32/64 api for waiting for initialization completion of a grand child2.
IE is aware of itself (iexplore.exe) and other IE components (ieuser.exe the user broker at medium integrity, ieinstal.exe [sic] the admin broker at high integrity, iedw.exe – Dr Watson for Internet Explorer), which in general is a good thing security-wise but can lead to puzzling situations programming wise. As an experiment, if you rename iexplore.exe to anything else and launch the same, it wont work. This is because the file name of the browser executable is checked3 to be iexplore.exe before low integrity IE process is launched.
Here is another one I learnt about recently. If you are a regular non-admin Vista user and launch IE in a desktop that you created (perhaps via CreateDesktop or CreateDesktopEx), it may not work. You will get an error dialog saying
You must be an administrator to open Internet Explorer on this desktop. To open Internet Explorer, right-click the Internet Explorer icon, and then click ‘Run as administrator’
The error message is pretty self-explanatory and shows that IE checks to see if it is on the default desktop, and if it is not the default desktop IE insists on the user being an administrator. Obviously this is a bug and Microsoft has released a hotfix5 for it.
Internet Explorer is a complicated application, security and otherwise. Bottom line – if you are programming around IE, plan ahead for surprises.
1I thought it was high time I contributed something to the world of acronyms. Plus isn’t it fun to come up with new ones ? ^_^
2You would probably have to be a user-mode debugger to achieve this.
3This check is in iertutil.dll (version 7.00.6001.18000) function IsBrowserProcess
4The ability to be able to rename and still be able to use an application as important as IE can be a good thing – for example when you suspect there is a malware targetting IE based on process file name, one of the easiest and first things to try would be to rename iexplore.exe and run Windows Update
5which may or may not have been installed on end-user machine.
