0

Please see sample projects at https://github.com/jurocha-ms/LowILAccessDenied.

An E_ACCESSDENIED error is thrown when attaching a debugger (Visual Studio) to a Windows process with Low Integrity Level. This is a snippet of the failing code:

using namespace winrt::Windows::Foundation;
using namespace winrt::Windows::Web::Http;
...
auto client = HttpClient{};
auto response = co_await client.GetAsync(
            Uri{L"https://raw.githubusercontent.com/microsoft/react-native-windows/main/.yarnrc.yml"});
auto body = co_await response.Content().ReadAsStringAsync();

Follow the repo's README for building instructions.

  1. Open with Visual Studio.

  2. Start project SandboxLauncher.
    This will launch process SandboxTest with Lower Integrity Level.

  3. When prompted, attach the Visual Studio Debugger to SandboxTest.exe, then press ENTER.
    The program will fail with the following message:
    [0x80070005] A network capability is required to access this network resource

Remarks:

  • If SandboxLauncher is started without attaching the debugger when SandboxTest prompts for it, the program will succeed.
  • If the SandboxTest project is launched directly, it will have a Medium Integrity Level (or High, if running Visual Studio as an Administrator) and attaching the debugger won't cause the failure. The program will succeed.
  • The problem doesn't show if the HTTP call is made via plain WinInet APIs. There may be some interaction issues between Visual Studio's debugger and WinRT/COM.
  • This is not the issue with Universal (UWP) apps that lack the "private network client" capabilities. Normal Win32 (Desktop) apps do not have a manifest that grants such capabilities.

Is there a specific set up needed for Low IL processes and debuggers?

juniel_katarn
  • 330
  • 4
  • 11

0 Answers0