Address: http://www.codeproject.com/KB/vista-security/VistaElevator.aspx
Reply to a ticket if you are free.
Source code sharing link on csdn: http://download.csdn.net/detail/wsyjz/3934006 C ++ code
Link for sharing the demo program on csdn:Http://download.csdn.net/detail/wsyjz/3934004
If you do not have enough credits, you can find the download link in the original address.
Add two additional articles(Only permission escalation is required. Permission reduction is not mentioned.):
UAC programming Entry 1: Process mandatory level check and self-improvement PermissionsC # code, English--> VB. NET code
[C #] Enable UAC shield icons and run as AdministratorBrief Chinese description, C # code
You are welcome to repost it, but it is best to indicate the jero translation.
The UAC mechanism is derived from Vista. Because the Windows 7 kernel is the same as the Vista framework, the UAC permission of Vista mentioned in this article is fully applicable to Windows 7.
The italics in the text are all my instructions.
Body
When you develop programs for Windows Vista, you often encounter a problem: how to use programming skills to control the execution permissions of an application(Whether to escalate permissions from an ordinary user to an administrator, or downgrade from an administrator to an ordinary user). When a user runs a program, the execution permission is determined by the requestedexecutionlevel attribute value in the Application List (manifest) and the User Account Control (UAC) of Vista/7) the root must be used to take appropriate actions(For example, the UAC Privilege Escalation Confirmation window is displayed). However, what if a program needs to execute a new program with different permissions?
For example:
- A program runs normally with non-administrator permissions.(Permissions are not granted to normal users)And the new version of the program is available during running. To update itself, it needs to start a separate process to escalate its permissions so that the upgrade can be performed correctly. In this case, the permissions of a common user need to create a new program that is promoted to at least administrator permissions.
- Most installers allow users to choose to run their programs after the installation is complete. The installer is run by a process that has been elevation of permission, but the new program needs to be executed with normal, unelevated permissions.
Note: Simply put, a runs program a with the permissions of an ordinary user, and then runs program B with the permission of a, but program B is promoted to the administrator privilege, instead of inheriting the permissions of program a (if UAC is enabled, the system will pop up a window to confirm the Elevation of Privilege)
Or: The C program runs through the Administrator permission and then runs the D program in the C program. However, the D program does not inherit the Administrator permission of the C program, but is downgraded to the permission of a common user. (The system will not prompt for downgrade)
Microsoft has provided a relatively simple method to complete the first task mentioned above.(That is, program a promotes the permissions of program B)By specifying a parameter of the shellexecuteex API as "RunAs ". However, for some reason, Microsoft does not provide a similar method to execute the opposite process: starting a non-Elevation of Privilege program from an Elevation of Privilege Program(C program degrades D Program). In this article, I will show you how to solve this problem and related problems.
Check the execution permission of the current program
First, how do I check the current execution permission of a program? The vistatools. cxx file in the source code contains two functions to answer this question.
The first function is getelevationtype (). It uses the Win32 API gettokeninformation () to obtain the permission type of the token of the current program. It may return the following values:
Note: Only when UAC is enabled can the next two values be returned, and the current user is a member of the Administrator group (that is, this user has a separate token ).<The current user is an administrator and can execute programs with common user permissions or run programs with administrator permissions>)
The second function is iselevated (). It also calls the gettokeninformation () API, But it obtains information about the tokenelevation class. It can only return one of the following two items:
Using these two functions, a program can determine(Permission)The exact condition.
Run a privilege escalation Program
If a program without permission escalation needs to run a permission escalation program, all it needs to do is call the shellexecuteex () API, and then specify a parameter as "RunAs ", the runelevated () function in the source code is used to raise the permission:
BOOLRunElevated( HWND hwnd, LPCTSTR pszPath, LPCTSTR pszParameters = NULL, LPCTSTR pszDirectory = NULL ){ SHELLEXECUTEINFO shex; memset( &shex, 0, sizeof( shex) ); shex.cbSize = sizeof( SHELLEXECUTEINFO ); shex.fMask = 0; shex.hwnd = hwnd; shex.lpVerb = _T("runas"); shex.lpFile = pszPath; shex.lpParameters = pszParameters; shex.lpDirectory = pszDirectory; shex.nShow = SW_NORMAL; return ::ShellExecuteEx( &shex );}
Execute a process without Elevation of Privilege from an Elevation of Privilege Process
From the opposite direction (from a process with Elevation of Privilege to execute a process without Elevation of Privilege) becomes very complicated. If the parent process has Elevation of Privilege, all subroutines it executes will inherit its Elevation of Privilege, regardless of the list of subroutines (manifest) how to specify the requestedexecutionlevel attribute value in. For some reason, Microsoft does not provide an API to directly reduce the process permissions. Therefore, we need to come up with an indirect method to achieve our goal.
The trick is to use the task scheduler program that comes with Windows Vista to create a task that is executed with low permissions and require that the task be executed immediately after it is created. The final result is the same, as if the process was started directly.
The runasstduser () function in the source code of this article is exactly the same. It is based on the msdn sample "registration trigger example(Example of immediate execution after task Registration)In addition, it involves more than a dozen com interfaces to communicate with the task scheduler, and set up a task through (Unclaimed. I didn't include these source code functions here, because they are quite boring; you can find them in the vistatools. cxx file.
Facts prove the above
The vistaelevator illustrates how to implement elevation and downgrading through programming. When you run it, it displays a dialog box to display information about the process running permission, through getelevationtype () and iselevated () these two functions are obtained (the function description is described above ). It also provides two options for you to restart the process, raise the right or cancel the process. Based on your choice, vistaelevator calls the runelevated () or runasstduser () function (which is still shown above) to restart itself, and with the required permissions.
Author:Andrei belogortseff
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
