[IE编程] IE的Killbit 技术详解

Killbit 是IE用来禁止ActiveX 运行的技术， 其表现上是一个注册表设置，在

 

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/<CLSID>

Compatability=值

 

这个Compatability是一个REG_DWORD类型的bitmask，每一个bit 都有一定的含义，具体请见下表（或者MSDN参考文档）

    COMPAT_AGGREGATE = 0x00000001,
    COMPAT_NO_OBJECTSAFETY = 0x00000002,
    COMPAT_NO_PROPNOTIFYSINK = 0x00000004,
    COMPAT_SEND_SHOW = 0x00000008,
    COMPAT_SEND_HIDE = 0x00000010,
    COMPAT_ALWAYS_INPLACEACTIVATE = 0x00000020,
    COMPAT_NO_SETEXTENT = 0x00000040,
    COMPAT_NO_UIACTIVATE = 0x00000080,
    COMPAT_NO_QUICKACTIVATE = 0x00000100,
    COMPAT_NO_BINDF_OFFLINEOPERATION = 0x00000200,
    COMPAT_EVIL_DONT_LOAD = 0x00000400,
    COMPAT_PROGSINK_UNTIL_ACTIVATED = 0x00000800,
    COMPAT_USE_PROPBAG_AND_STREAM = 0x00001000,
    COMPAT_DISABLEWINDOWLESS = 0x00002000,
    COMPAT_SETWINDOWRGN = 0x00004000,
    COMPAT_PRINTPLUGINSITE = 0x00008000,
    COMPAT_INPLACEACTIVATEEVENWHENINVISIBLE = 0x00010000,
    COMPAT_NEVERFOCUSSABLE = 0x00020000,
    COMPAT_ALWAYSDEFERSETWINDOWRGN = 0x00040000,
    COMPAT_INPLACEACTIVATESYNCHRONOUSLY = 0x00080000,
    COMPAT_NEEDSZEROBASEDDRAWRECT = 0x00100000,
    COMPAT_HWNDPRIVATE = 0x00200000,
    COMPAT_SECURITYCHECKONREDIRECT = 0x00400000,
    COMPAT_SAFEFOR_LOADING = 0x00800000

 

当0x400 那bit被设置的时候，该ActiveX 就会被IE彻底屏蔽。 我们把这个bit 称之为kill bit， 于是就有了killbit 这个技术名称 :)

 

例子：比如你想屏蔽一个GUID为{ABCDEF12-ABCD-ABCD-ABCD-ABCDEF123456} 的activex 控件，可以设置注册表：

 

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{ABCDEF12-ABCD-ABCD-ABCD-ABCDEF123456}

Compatability=400 

 

（以上400是16进制，10进制就设成1024）

 

 

更多的信息，请参考微软的KB文章： 《How to stop an ActiveX control from running in Internet Explorer》