IE7保护模式下插件的安装及权限提升

要创建提升权限的COM类需要做的工作：
1． COM类必须在注册表中有权限提升支持标识，不论你的COM是DLL还是EXE，都必须得有AppID，格式如下：
HKEY_LOCAL_MACHINE/Software/Classes/CLSID/{CLSID}/Elevation/Enabled = 1
HKEY_LOCAL_MACHINE/Software/Classes/CLSID/{CLSID}/LocalizedString = <displayname>
HKEY_LOCAL_MACHINE/Software/Classes/CLSID/{CLSID}/AppID = {AppID}
HKEY_LOCAL_MACHINE/Software/Classes/AppID/{AppID}/ DllSurrogate= <空字符串>
说明：Enabled为DWORD值，displayname为弹出的UAC中提示的文字。

2． 使用权限提升COM类的客户端程序必须以CoCreateInstanceAsAdmin调用方式来创建COM类。
HRESULT CoCreateInstanceAsAdmin(HWND hwnd, REFCLSID rclsid, REFIID riid, __out void ** ppv)
{
BIND_OPTS3 bo;
WCHAR wszCLSID[50];
WCHAR wszMonikerName[300];
StringFromGUID2(rclsid, wszCLSID, sizeof(wszCLSID)/sizeof(wszCLSID[0])); 
HRESULT hr = StringCchPrintf(wszMonikerName, sizeof(wszMonikerName)/sizeof(wszMonikerName[0]), L"Elevation:Administrator!new:%s", wszCLSID);
if (FAILED(hr))
return hr;
memset(&bo, 0, sizeof(bo));
bo.cbStruct = sizeof(bo);
bo.hwnd = hwnd;
bo.dwClassContext = CLSCTX_LOCAL_SERVER;
return CoGetObject(wszMonikerName, &bo, riid, ppv);
}

具体可参考“Vista Compatibility Team Blog-CoCreateInstanceAsAdmin or CreateElevatedComObject sample”和" “MSDN-The COM Elevation Moniker”

对于插件的安装则可通过写INF文件的方式来完成，因为运行在保护模式下的IE是通过启动具有高权限的IEInstal.exe来完成插件的安装的。
INF例子：

[Version]
Signature="$Chicago$"
AdvancedINF=2.5

[DefaultInstall]
CopyFiles=MyCtrlFiles
AddReg=MyCtrlAddReg

[DefaultUninstall]
DelFiles=MyCtrlFiles
DelReg=MyCtrlDelReg
DelDirs=UninstallDelDirs

[SourceDisksNames]
1="My Files","MyCtrl.cab",1

[MyCtrlFiles]
MyCtrol.dll,,,2
.....

[DestinationDirs]
MyCtrlFiles=16422, MyCtrlFiles

[MyCtrl1AddReg]
HKCR,"CLSID/{08485EAA-D2CB-4E41-8B7A-B03B682EB137}",,,
HKCR,"CLSID/{08485EAA-D2CB-4E41-8B7A-B03B682EB137}",,0x00000000,"My control"
......

[MyCtrlDelReg]
HKCR,"CLSID/{35081C02-C647-4301-8A90-D81CF8F125FD}"
HKCR,"AppID/{CE2312AC-2FB9-4E3D-9D8A-9A19A6C08313}"
......

[UninstallDelDirs]
%16422%/MyCtrlFiles