“以管理员身份运行”和“以管理员身份运行”之间有什么区别?和一个带有 requireAdministrator 的清单?

发布于 2024-09-08 20:54:11 字数 718 浏览 8 评论 0原文

我编写了一个程序,其清单包含 requireAdministrator。在启用了 UAC 的 Windows 7 系统上,Windows 会弹出一个对话框,询问权限,这是理所当然的。效果很好。

如果用户通过右键单击程序并选择“以管理员身份运行”来启动我的程序,那么 Windows 7 还会弹出一个对话框,询问权限。然而,在我的程序的一些更深奥的部分中,我的程序的运行方式存在一些细微的差异。

那么“以管理员身份运行”和带有 requireAdministrator 的清单之间有什么区别?任何描述差异的文档链接将不胜感激。

编辑:这是在启用 UAC 的情况下进行的。

编辑:正如下面所承诺的,这是我所看到的差异的完整解释。

我正在使用 EasyHook 库 将 DLL 注入另一个进程。当我的应用程序以“以管理员身份运行”运行时,注入的进程崩溃,并且 EasyHook 返回错误“注入的汇编代码中存在未知错误”。我的 DLL 中的代码都没有机会执行;崩溃发生在此之前。 (此外,即使我将 DLL 剥离至无,崩溃也会发生)

如果我正常运行我的程序(即通过 requireAdministrator 提升),一切都会正常。

我的应用程序由几个不同的可执行文件组成。用户启动的进程与执行注入的进程不同。

I've written a program with a manifest that includes requireAdministrator. On Windows 7 systems with UAC enabled, Windows pops up a dialog asking for permissions, as it should. Works great.

If a user starts my program by right-clicking it and choosing "Run as administrator", then Windows 7 also pops up a dialog asking for permissions. However, there are some slight differences in how my program operates in some of the more esoteric parts of my program.

So what are the differences between "Run as administrator" and a manifest with requireAdministrator? Any links to documentation that describe differences would be appreciated.

Edit: This is with UAC enabled.

Edit: As promised below is the full explanation of the difference I'm seeing.

I'm using the EasyHook library to inject a DLL into another process. When my application is run with "Run as administrator", the injected process crashes and EasyHook returns the error "Unknown error in injected assembler code". None of the code in my DLL gets a chance to execute; the crash occurs before then. (Moreover, the crash occurs even if I strip the DLL down to nothing)

If I run my program normally (i.e., elevated via requireAdministrator), everything works fine.

My application is composed of a few different executables. The process that the user launches is not the same process that performs the injection.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

九厘米的零° 2024-09-15 20:54:11

根据所提供的信息,两个进程之间的权限不会有任何差异。

如果您通过应用程序清单请求“requireAdministrator”的执行级别,您的应用程序将使用管理员的完整访问令牌启动,或者如果用户拒绝同意则根本不会启动(请参阅创建并嵌入应用程序清单 (UAC) 了解更多信息)。

当用户选择以管理员身份运行时,也会发生同样的情况。

唯一的区别是该过程启动的方式。当您从 shell 启动可执行文件时,例如在资源管理器中双击或从上下文菜单中选择以管理员身份运行,shell 将调用 ShellExecute 来实际启动进程执行。整个提升过程都隐藏在这个函数中。 Kenny Kerr 在 面向开发人员的 Windows Vista – 第 4 部分 – 用户帐户控制

ShellExecute 首先调用 CreateProcess 来尝试创建新进程。 CreateProcess 完成检查应用程序兼容性设置、应用程序清单、运行时加载程序等的所有工作。如果确定应用程序需要提升但调用进程未提升,则 CreateProcess 将失败并显示 ERROR_ELEVATION_REQUIRED。然后,ShellExecute 调用应用程序信息服务来处理提升提示和提升进程的创建,因为调用进程显然没有执行此类任务所需的权限。应用程序信息服务最终使用不受限制的管理员令牌调用 CreateProcessAsUser。

另一方面,如果您想要创建一个提升的进程,无论有哪些应用程序信息可用,那么您可以使用 ShellExecute 指定鲜为人知的“runas”动词。无论应用程序的清单和兼容性信息可能规定什么,这都具有请求提升的效果。 runas 动词实际上对于 Windows Vista 来说并不新鲜。它可在 Windows XP 和 Windows 2003 上使用,并且通常用于直接从 shell 创建受限令牌。然而,这种行为已经改变。这是一个简单的例子:

::ShellExecute(0, // 所有者窗口
           L“鲁纳斯”,
           L"C:\\Windows\\Notepad.exe",
           0, // 参数
           0, // 目录
           SW_SHOWNORMAL);

因此,本质上使用“以管理员身份运行”选项启动可执行文件意味着 ShellExecute 绕过兼容性设置、应用程序清单等检查并直接请求提升。

Kenny Kerr 的文章还提供了使用 OpenProcessToken 函数查询当前进程令牌的权限的示例代码。也许您可以使用该示例来确定您的流程提升方式没有差异。

我非常想知道您观察到哪些差异,因为我强烈怀疑它们与海拔有关。

最后一件事:您能否仔细检查您是否确实请求了 requireAdministrator 级别,而不是错误地只请求了 highestAvailable 级别?

With the information given there would be no differences in the permissions between the two processes.

If you request an execution level of "requireAdministrator" via the applications manifest your application will either be launched with the full access token of an administrator or not at all if the user denies consent (see Create and Embed an Application Manifest (UAC) for further information).

The same will happen when a user chooses Run as Administrator.

The only difference is the way that the process is started. When you start an executable from the shell, e.g. by double-clicking in Explorer or by selecting Run as Administrator from the context menu, the shell will call ShellExecute to actually start process execution. The whole process of elevation is hidden inside this function. Kenny Kerr describes this process in more details in Windows Vista for Developers – Part 4 – User Account Control:

ShellExecute first calls CreateProcess to attempt to create the new process. CreateProcess does all the work of checking application compatibility settings, application manifests, runtime loaders, etc. If it determines that the application requires elevation but the calling process is not elevated then CreateProcess fails with ERROR_ELEVATION_REQUIRED. ShellExecute then calls the Application Information service to handle the elevation prompt and creation of the elevated process since the calling process obviously doesn’t have the necessary permissions to perform such a task. The Application Information service ultimately calls CreateProcessAsUser with an unrestricted administrator token.

If on the other hand you want to create an elevated process regardless of what application information is available then you can specify the little-known “runas” verb with ShellExecute. This has the effect of requesting elevation regardless of what an application’s manifest and compatibility information might prescribe. The runas verb is not actually new to Windows Vista. It was available on Windows XP and Windows 2003 and was often used to create a restricted token directly from the shell. This behavior has however changed. Here is a simple example:

::ShellExecute(0, // owner window
           L"runas",
           L"C:\\Windows\\Notepad.exe",
           0, // params
           0, // directory
           SW_SHOWNORMAL);

So essentially starting an executable using the Run as Administrator option means that ShellExecute bypasses the checks for compatibility settings, application manifests etc and directly requests elevation.

Kenny Kerr's article also has sample code to query the current process' token for its permission using the OpenProcessToken function. Possibly you can use the example to identify that there are no differences in the way your process is elevated.

I'm definitely curious to know which differences you are observing as I strongly doubt they are related to elevation.

As a last thing: Can you double check that you really request a level of requireAdministrator and not by mistake only a level of highestAvailable?

绝影如岚 2024-09-15 20:54:11

一种可能的差异可能是很少使用/理解/故意选择的 uiAccess 属性。您能否创建两个清单,一个使用 uiAccess=false,另一个使用 uiAccess=true,然后告诉我们其中之一是否提供与您通过右键单击以管理员身份运行时看到的相同行为?

One possible difference might be the rarely used/understood/deliberately-chosen uiAccess attribute. Can you create two manifests, one with uiAccess=false and one with uiAccess=true, then tell us whether one of them gives the same behaviour as you see with right-click-run-as-admin?

吾性傲以野 2024-09-15 20:54:11

RemoteHooking 类的 IsAdministrator 属性的 EasyHook 文档提到:

由于 Windows Vista 上的 UAC,即使用户位于内置管理组中,该属性通常也会为 false。由于没有管理员权限就无法挂钩,因此您应该将应用程序的 UAC 级别设置为 requireAdministrator。

很难想象为什么会发生这种情况,但这是可以想象的(尤其是当您看到它发生时!)资产、流程、程序集等可能具有不同的信任级别等,不会继承主应用程序的提升。设置 requireAdministrator 标志可以在整个资源和依赖项范围内全局处理/强制执行此操作。很想知道结果如何。

The EasyHook documentation for the RemoteHooking class' IsAdministrator property mentions:

Due to UAC on Windows Vista, this property in general will be false even if the user is in the builtin-admin group. As you can't hook without administrator privileges you should just set the UAC level of your application to requireAdministrator.

It's hard to imagine why this is happening, but it is conceivable (especially as you are seeing it happen!) that assets, processes, assemblies, &c, with possibly different trust levels and so forth, will not inherit the elevation of your main app. Setting the requireAdministrator flag may handle/enforce this globally across the entire scope of resources and dependencies. Would love to know how this turns out.

柠北森屋 2024-09-15 20:54:11

我想我也看到了它们之间的区别。然而,事实证明,就我而言,问题是这样的:

当我从文件浏览器(Q-Dir)中单击“以管理员身份运行”时,工作目录与我尝试使用 双击应用程序时不同requireAdministrator 在清单中设置。这改变了我收到的一些有缺陷的 DLL 的行为。事实上,事实证明,我看到的 100% 的差异是由于从不同的工作目录运行(具体来说,我是在 C: 驱动器还是不同的驱动器盘符上)以及让程序运行的方法作为管理员与此无关。

这是一个特定于我的计算机的具体配置的问题,但它可能是了解可能发生的事情类型的线索(或者可能发生在 7 年前......)

I thought I was seeing a difference between these as well. However, it turned out that in my case the issue was this:

When I click "Run as Administrator" from my file browser (Q-Dir), the working directory is different than when I try simply double clicking an application with requireAdministrator set in the manifest. This changed the behavior of some buggy DLLs I had received. In fact, it turned out that 100% of the differences I saw were due to running from different working directories (specifically, it mattered whether I was on C: drive or a different drive letter) and that the method of getting the program to run as administrator had nothing to do with it.

It's an issue that is specific to my computer's exact configuration, but it is a possible clue into the type of thing that might be happening (or might have happened 7 years ago . . . )

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文