{"id":2753,"date":"2013-11-04T07:00:00","date_gmt":"2013-11-04T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2013\/11\/04\/manipulating-the-zone-identifier-to-specify-where-a-file-was-download-from\/"},"modified":"2013-11-04T07:00:00","modified_gmt":"2013-11-04T07:00:00","slug":"manipulating-the-zone-identifier-to-specify-where-a-file-was-download-from","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20131104-00\/?p=2753","title":{"rendered":"Manipulating the zone identifier to specify where a file was download from"},"content":{"rendered":"

\nWhen you download a file via Internet Explorer,\nthe file is tagged with a little bit of information known as\na zone identifier<\/i> which remembers where the file was\ndownloaded from.\nThis is what tells Explorer to put up the “Yo, did you really want\nto run this program?” prompt\nand which is taken into account by applications\nso that they can do things like disable scripting\nand macros when they open the document, just in case the file is\nmalicious.\n<\/p>\n

\nToday’s Little Program is really three Little Programs:\nOne to read the zone identifier, one to set the zone identifier,\nand one to clear it.\n<\/p>\n

\n#define STRICT\n#include <windows.h>\n#include <atlbase.h>\n#include <urlmon.h>\n#include <stdlib.h>\nint __cdecl wmain(int argc, wchar_t **argv)\n{\n if (argc < 2) return 0;\n CCoInitialize<\/a> init;\n CComPtr<IZoneIdentifier> spzi;\n spzi.CoCreateInstance(CLSID_PersistentZoneIdentifier);\n DWORD dwZone;\n if (SUCCEEDED(CComQIPtr<IPersistFile>(spzi)\n                   ->Load(argv[1], STGM_READ)) &&\n     SUCCEEDED(spzi->GetId(&dwZone))) {\n  printf(\"Zone identifier is %d\\n\", dwZone);\n } else {\n  printf(\"Couldn't get zone identifier (perhaps there isn't one)\\n\");\n }\n return 0;\n}\n<\/pre>\n
\nThe first program takes a file name on the command line\n(fully-qualified path, please)\nand prints the zone identifier associated with it.\nThe numeric values for the most commonly-encountered zone identifiers are\n<\/p>\n\n\n\n\n\n\n\n
Identifier<\/th>\nValue<\/th>\n<\/tr>\n
URLZONE_LOCAL_MACHINE<\/code><\/td>\n0<\/td>\n<\/tr>\n
URLZONE_INTRANET<\/code><\/td>\n1<\/td>\n<\/tr>\n
URLZONE_TRUSTED<\/code><\/td>\n2<\/td>\n<\/tr>\n
URLZONE_INTERNET<\/code><\/td>\n3<\/td>\n<\/tr>\n
URLZONE_UNTRUSTED<\/code><\/td>\n4<\/td>\n<\/tr>\n<\/table>\n
\nNote also that if you want your application to be sensitive\nto the file zone (so that you can disable features\nfor untrusted documents),\nyou should use the\nIInternet­Security­Manager::Map­Url­To­Zone<\/code> function rather\nthan using only the file zone identifier,\nbecause the effective zone of a file is a combination of the\nfile’s declared zone as well as its physical location.\n(For example, a file in the Temporary Internet Files directory\nor on an untrusted server should not be given full trust\nregardless of what it claims.\n\nAdditional reading<\/a>.)\n<\/p>\n
\nHere’s a program that uses\nIInternet­Security­Manager::Map­Url­To­Zone<\/code>\nto determine the effective security zone:\n<\/p>\n
\n#define STRICT\n#include <windows.h>\n#include <atlbase.h>\n#include <urlmon.h>\n#include <stdlib.h>\nint __cdecl wmain(int argc, wchar_t **argv)\n{\n if (argc < 2) return 0;\n CCoInitialize init;\n CComPtr<IInternetSecurityManager> spism;\n spzi.CoCreateInstance(CLSID_InternetSecurityManager);\n DWORD dwZone;\n if (SUCCEEDED(spism->MapUrlToZone(\n                   argv[1],\n                   &dwZone,\n                   MUTZ_ISFILE | MUTZ_DONT_UNESCAPE))) {\n  printf(\"Zone is %d\\n\", dwZone);\n } else {\n  printf(\"Couldn't get zone\\n\");\n }\n return 0;\n}\n<\/pre>\n
\nThe MUTZ_IS­FILE<\/code> flag\nsaves you the hassle of having to prepend\nfile:<\/code> in front of the path,\nbut you still have to pass a full path\nbecause the first parameter is a URL, not a path.\n<\/p>\n
\nOkay, that was a bit of a digression there.\nLet’s write another Little Program which changes the zone identifier.\n<\/p>\n
\n#define STRICT\n#include <windows.h>\n#include <atlbase.h>\n#include <urlmon.h>\n#include <stdlib.h>\nint __cdecl wmain(int argc, wchar_t **argv)\n{\n if (argc < 3) return 0;\n CCoInitialize init;\n CComPtr<IZoneIdentifier> spzi;\n spzi.CoCreateInstance(CLSID_PersistentZoneIdentifier);\n spzi->SetId(_wtol(argv[2]));\n CComQIPtr<IPersistFile>(spzi)->Save(argv[1], TRUE);\n return 0;\n}\n<\/pre>\n
\nThis program takes two parameters:\nA fully-qualified path and a zone (in integer form).\nIt applies the zone to the file,\noverwriting the existing zone if any.\n<\/p>\n
\nFinally, here’s a Little Program to remove the zone information\nfrom the file entirely.\nThis is the equivalent of clicking the\nUnblock<\/i> button in the file property sheet.\n<\/p>\n
\n#define STRICT\n#include <windows.h>\n#include <atlbase.h>\n#include <urlmon.h>\n#include <stdlib.h>\nint __cdecl wmain(int argc, wchar_t **argv)\n{\n if (argc < 2) return 0;\n CCoInitialize init;\n CComPtr<IZoneIdentifier> spzi;\n spzi.CoCreateInstance(CLSID_PersistentZoneIdentifier);\n spzi->Remove();\n CComQIPtr<IPersistFile>(spzi)->Save(argv[1], TRUE);\n return 0;\n}\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
When you download a file via Internet Explorer, the file is tagged with a little bit of information known as a zone identifier which remembers where the file was downloaded from. This is what tells Explorer to put up the “Yo, did you really want to run this program?” prompt and which is taken into […]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-2753","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"
When you download a file via Internet Explorer, the file is tagged with a little bit of information known as a zone identifier which remembers where the file was downloaded from. This is what tells Explorer to put up the “Yo, did you really want to run this program?” prompt and which is taken into […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/2753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=2753"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/2753\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=2753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=2753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=2753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}