Adding URL to IE cache from a service

Question

I have a service that needs to add URLs to the IE cache of the logged in user

In order to do that I first obtain the user's token with OpenProcessToken and call ImpersonateLoggedOnUser

I tried adding the URL with 2 methods

1. Using the IUrlHistoryStg2 COM interface, and calling the AddUrlAndNotify method
2. Using the CommitUrlCacheEntryW in the following way CommitUrlCacheEntryW(urlToEnterWithPrefix, 0, ExpireTime, LastModifiedTime, URLHISTORY_CACHE_ENTRY | NORMAL_CACHE_ENTRY, NULL, 0, NULL, NULL);

Both methods are working fine when the processes runs under the logged-in user, but fail when it runs under LocalSystem

CommitUrlCacheEntryW documentation stats that:

WinINet does not support server implementations. In addition, it should not be used from a service. For server implementations or services use Microsoft Windows HTTP Services (WinHTTP).

But I could not find any method in WinHTTP that corresponds to CommitUrlCacheEntryW

I would like help with the following issues:

1. Can I use the IUrlHistoryStg2 from a service to access the logged-in user's url-history?
2. How can I use CommitUrlCacheEntryW or a slimier function from a service to access the logged-in user's url-history?
3. Is there a third option that I still did not use?

Answer 1

After reversing the CommitUrlCacheEntryW API I found that it check

• If the current thread was impersonating
• If the processes a Service

In case either of the checks is true, it exists with error code 0x80070078

So, what I wanted to achieve is not possible from a service