[Aug 15 2008: Click here for updated links and instructions.]
Finally, here is the often-requested and long-awaited source code for PrivBar. In the process of code review, I’ve made minor updates to the DLL – which is now at v126.96.36.199. [2005-10-27: Updated to remove dependency on VC/MFC DLLs.]
It’s originally based on the old “KBBar” IE toolband sample (KB 246234), and also incorporates some of Keith Brown’s “tokdumpsrv” token-dumping code. It’s now a VS.NET 2003 project, but it was originally created and built with earlier versions of Visual Studio. And, oh, it's all C++.
It could probably use a lot more internal documentation, but here are some random notes:
The mechanism that captures the security info might at first seem to be more complex than necessary. There are a couple of classes that need to consume the security information. The public interface to that information is a class with all static methods. Behind it is a privately declared class in a .cpp file and a module-level singleton instantiation of that class, so that it gets instantiated exactly once when the DLL loads. The group name lookups for the token-dumping dialog can be time consuming, so I kick off a background thread to get them so as not to hold up the rendering of the Explorer/IE window. That requires proper synchronization of access to the string info, which requires proper one-time initialization of a CRITICAL_SECTION, etc. I decided that the easiest way to do that was with the singleton. It was thrown together pretty quickly, to be quite honest! If I spent more time on it, I might have come up with something else. It works, though, and as far as I can tell does not offer any exploitable surface area!