[Aug 15 2008:  Click here for updated links and instructions.] 

Finally, here is the often-requested and long-awaited source code for PrivBar.  In the process of code review, I’ve made minor updates to the DLL – which is now at v1.0.2.1. [2005-10-27:  Updated to remove dependency on VC/MFC DLLs.]

It’s originally based on the old “KBBar” IE toolband sample (KB 246234), and also incorporates some of Keith Brown’s “tokdumpsrv” token-dumping code.  It’s now a VS.NET 2003 project, but it was originally created and built with earlier versions of Visual Studio.  And, oh, it's all C++.

It could probably use a lot more internal documentation, but here are some random notes:

The mechanism that captures the security info might at first seem to be more complex than necessary.  There are a couple of classes that need to consume the security information.  The public interface to that information is a class with all static methods.  Behind it is a privately declared class in a .cpp file and a module-level singleton instantiation of that class, so that it gets instantiated exactly once when the DLL loads.  The group name lookups for the token-dumping dialog can be time consuming, so I kick off a background thread to get them so as not to hold up the rendering of the Explorer/IE window.  That requires proper synchronization of access to the string info, which requires proper one-time initialization of a CRITICAL_SECTION, etc.  I decided that the easiest way to do that was with the singleton.  It was thrown together pretty quickly, to be quite honest!  If I spent more time on it, I might have come up with something else.  It works, though, and as far as I can tell does not offer any exploitable surface area!