I have a Win32 executable that that from time to time downloads and update file
from internet.
The process goes as follows:
(1) when my program, "myprog.exe", is about to exit it downloads "upd.exe" from
internet
(2) Just prior to exiting "myprog.exe" runs using CreateProcess() function on the
"upd.exe" and then exits
(3) "upd.exe" is now running and replaces "myprog.exe" with a never version and
then it exits.
All would go fine but unfortunately Windows UAC prevents "upd.exe" from running.
However if "myprog.exe" is running with Administrator privileges all goes well.
Otherwise "upd.exe" just does not run and and if I run it from command prompt it
show "Access violation" or similar messages.
Is there a way that "upd.exe" would invoke Windows to ask something like "Do you
want upd.exe to execute" as I've seen some programs do?
I've seen posts about embedding a manifest file to the "upd.exe" that would then
make Windows to bring up a "Do you want upd.exe to execute" etc.
Currently I've embedded a manifest file to "upd.exe" but the problem may be that
"myprog.exe" uses CreateProcess() instead of ShellExecute() that may use manifest
prompts.
Some suggest using an SFX program to embed an manifest file but I have not tried
that. Any suggestions?
On Sat, 24 Apr 2021 16:53:36 +0300, John Smith wrote:
I have a Win32 executable that that from time to time downloads and update file
from internet.
The process goes as follows:
(1) when my program, "myprog.exe", is about to exit it downloads "upd.exe" from
internet
(2) Just prior to exiting "myprog.exe" runs using CreateProcess() function on the
"upd.exe" and then exits
(3) "upd.exe" is now running and replaces "myprog.exe" with a never version and
then it exits.
All would go fine but unfortunately Windows UAC prevents "upd.exe" from running.
However if "myprog.exe" is running with Administrator privileges all goes well.
Otherwise "upd.exe" just does not run and and if I run it from command prompt it
show "Access violation" or similar messages.
Is there a way that "upd.exe" would invoke Windows to ask something like "Do you
want upd.exe to execute" as I've seen some programs do?
I've seen posts about embedding a manifest file to the "upd.exe" that would then
make Windows to bring up a "Do you want upd.exe to execute" etc.
Currently I've embedded a manifest file to "upd.exe" but the problem may be that
"myprog.exe" uses CreateProcess() instead of ShellExecute() that may use manifest
prompts.
Some suggest using an SFX program to embed an manifest file but I have not tried
that. Any suggestions?
If an application is designed to require elevated from the start, i.e. if >it's not designed to behave differently depending whether it was run with >elevated privileges or not (e.g. run in read-only mode if not), then the >application's EXE must have the manifest resource which states that it >requires elevation.
The manifest would be like the one shown in below article section. (long URL >warning)
http://docwiki.embarcadero.com/RADStudio/Sydney/en/Customizing_the_Windows_Application_Manifest_File
Note: the resource must use ANSI based character set. e.g. Windows-1252. It >must not use any UTF character set.
Refer to your IDE/compiler documentation on how to include manifest
resource.
You can also use any resource editor software to manually add the manifest >resource into an EXE file. There can be only one manifest resource per one >EXE file. The resource type should be RT_MANIFEST (0x100), and its ID should >be `1`. In case the resource editor software doesn't support manifest >resource type.
I have a manifest file but it does not do anything as far I can see.
On Sun, 25 Apr 2021 08:44:25 +0300, John Smith wrote:
I have a manifest file but it does not do anything as far I can see.
The manifest must contain information which uses `requireAdministrator` as >the requested privileges. Like in the first example code on the previously >mentioned article, but replace `asInvoker` with `requireAdministrator`.
After a lot of testing and searching I managed to get it to work.
The process goes as follows:
(1) when my program, "myprog.exe", is about to exit it downloads "upd.exe" from
internet. All are 32-bit win32 exes
(2) Just prior to exiting "myprog.exe" runs using plain CreateProcess() (not ShellExecute) function on the "upd.exe" and then exits
(3) "upd.exe" is now running and replaces "myprog.exe" with a never version and
then it exits.
upd.exe has manifest that works:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
</application>
</compatibility>
</assembly>
That worked. My previous manifest *that did not work* was:
On Tue, 27 Apr 2021 15:21:29 +0300, John Smith wrote:
After a lot of testing and searching I managed to get it to work.
The process goes as follows:
(1) when my program, "myprog.exe", is about to exit it downloads "upd.exe" from
internet. All are 32-bit win32 exes
(2) Just prior to exiting "myprog.exe" runs using plain CreateProcess() (not >> ShellExecute) function on the "upd.exe" and then exits
(3) "upd.exe" is now running and replaces "myprog.exe" with a never version and
then it exits.
upd.exe has manifest that works:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
</application>
</compatibility>
</assembly>
That worked. My previous manifest *that did not work* was:
That shouldn't work. It's a valid manifest, but it won't make the system to >show the UAC prompt - whether `CreateProcess()` or `ShellExecute()` is used >to run the application.
Also keep in mind that, if the (parent) application process which execute
the (child) application with `requireAdministrator` manifest is already >elevated, the system won't show the UAC prompt again, because by default, >privileges are inherited to child processes.
The `asInvoker` execution level means that the (child) application process >will use the same privileges as the (parent) application process which >execute it. If the parent application is not elevated, then the child >application will not be elevated - no matter which function is used to >execute it.
Hello,
You're right. I did have "requireAdministrator" and not "asInvoker"
JJ <jj4public@gmail.com> wrote:
On Tue, 27 Apr 2021 15:21:29 +0300, John Smith wrote:
After a lot of testing and searching I managed to get it to work.
The process goes as follows:
(1) when my program, "myprog.exe", is about to exit it downloads "upd.exe" from
internet. All are 32-bit win32 exes
(2) Just prior to exiting "myprog.exe" runs using plain CreateProcess() (not
ShellExecute) function on the "upd.exe" and then exits
(3) "upd.exe" is now running and replaces "myprog.exe" with a never version and
then it exits.
upd.exe has manifest that works:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> >>> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"
/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
</application>
</compatibility>
</assembly>
That worked. My previous manifest *that did not work* was:
That shouldn't work. It's a valid manifest, but it won't make the system to >>show the UAC prompt - whether `CreateProcess()` or `ShellExecute()` is used >>to run the application.
Also keep in mind that, if the (parent) application process which execute >>the (child) application with `requireAdministrator` manifest is already >>elevated, the system won't show the UAC prompt again, because by default, >>privileges are inherited to child processes.
The `asInvoker` execution level means that the (child) application process >>will use the same privileges as the (parent) application process which >>execute it. If the parent application is not elevated, then the child >>application will not be elevated - no matter which function is used to >>execute it.
Hello,
after a lot of testing again I found out that having "requireAdministrator" in
the "upd.exe" would cause problems, ie. it won't start at all.
My update system is as follows:
(1) when my program, "myprog.exe", is about to exit it downloads "upd.exe" from
internet. All are 32-bit win32 exes.
"myprog.exe" does have a manifest with "requireAdministrator"
"upd.exe" does have a manifest with "asInvoker" (NOT "requireAdministrator")
(2) Just prior to exiting "myprog.exe" runs using plain CreateProcess() (not ShellExecute) function ro run the "upd.exe" and then exits.
NOTE! if "upd.exe" has "requireAdministrator" in its manifest Createprocess() won't run it at all and I get the 740 error. However "asInvoker" in the manifest
works fine.
(3) "upd.exe" is now running. Its has a resource file embedded "udpdater.exe".
"upd.exe" writes the "udpdater.exe" on disk and starts to exit.
(4) "upd.exe" is about to exit but before exiting it runs a ShellExecute(NULL, "runas","updater.exe","2", NULL, SW_SHOWNORMAL); "updater.exe" does have a manifest with "requireAdministrator"
(5) An UAC windows pops up asking if I want to run "updater.exe". I click OK and
"updater.exe" is now running. Its has a resource file embedded "myprog.exe". which it writes the on disk replcaing the old "myprog.exe".
None of the rigmarola & UAC popping up would have been prevented if:
a) The very first "myprog.exe" had used ShellExecute and not CreateProcess. or
b) The very first "myprog.exe" would have had full Administrator rights (allthough the manifest does have it) or Windows 8 compatibility mode on.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 296 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 84:37:07 |
| Calls: | 6,658 |
| Calls today: | 4 |
| Files: | 12,203 |
| Messages: | 5,333,601 |
| Posted today: | 1 |