Go Win7 UAC security, compatibility, and permissions

Go Win7 UAC security, compatibility, and permissions

Http://www.cnblogs.com/mydomain/archive/2010/11/24/1887132.html

There are more discussions on the issue on the Internet, but there are several ways. A summary, such as a middle school. Learn about a UAC by the way.

UAC, full name user Account Control

System Safe Monitor (host intrusion prevention system)

How UAC works [3]

We can simply consider UAC as a tool for temporary redistribution of permissions. By default, all non-system core processes have only standard permissions, which cannot be modified on critical areas of the system. For a program, if it contains a claim, the UAC window will pop up at runtime to ask for the right. If the user allows, the program temporarily obtains the highest privileges, can make changes to the critical areas of the system, and if the user refuses, the program is denied execution. If there is no claim in the program, the system will let the program run under standard permissions. At the same time, for all programs, you can use the "Run as Administrator" method to manually raise rights. And even if the virus is infected with the system, it is under the supervision of UAC, which causes the virus's anti-scavenging behavior to be greatly hindered. It is by virtue of this mechanism that UAC becomes an important system firewall.

In Windows7 (nt6.x system), the system cancels support for mobile device Autorun.inf.

User interface Privilege Isolation [5]

In earlier Windows operating systems, all processes running under the same user had the same level of security, with the same permissions. For example, a process can freely send a Windows message to another window of a process. Starting with Windows Vista and, of course, Windows 7, this is no longer a viable way for some Windows messages. The process (or other object) begins to have a new property-the privilege level (Privilege levels). A process with a lower privileged level can no longer send messages to a process with a higher level of privilege, although they run under the same user rights. This is known as the user interface privilege Isolation (user Interface Privilege isolation,uipi).

Uipi's introduction, the biggest goal is to prevent malicious code from sending messages to those with higher privileges to attack them, so as to obtain higher permissions and so on.

Operating mechanism of UIPI

In Windows 7, when UAC (User account Control) is enabled, the Uipi operation can be most obvious. In UAC, when an administrator user logs on to the system, the operating system creates two token objects: The first is an administrator token, with most privileges (similar to those in the system before Windows Vista), The second is a filtered, simplified version that only has the privileges of a normal user.

By default, processes that start with normal user rights have a normal privilege level (Uipi is classified as low, normal, higher (high), System). Similarly, a process that runs with administrator privileges, such as a user right-click to select Run as Administrator, or a process that is called ShellExecute by adding the runas parameter, has a higher (high) privilege level corresponding to that process.

This will cause the system to run two different types of processes with different privilege levels (of course, both of these processes are technically under the same user). We can use the Process Explorer in the Windows Sysinternals toolset to see the level of privilege for each process. [6]

So, when you find that there is a problem with Windows message communication between your processes, you might want to use the process browser to see if there is a proper level of privilege between the two processes.

Limitations brought about by the Uipi

As we have said earlier, the division of hierarchy is to prevent the following. Therefore, with the user interface privilege isolation, the behavior of an application running at a lower privileged level is limited, and it cannot:

? Validating window handles created by higher privileged level processes

? by calling SendMessage and PostMessage to a window created by a higher privileged level process? sending Windows messages

? Use thread hooks to handle higher privileged level processes

? Use normal hooks (SETWINDOWSHOOKEX) to monitor higher privileged level processes

? Execute DLL injection to a higher privileged level process

However, some special Windows messages are allowed. Because these messages do not have much impact on the security of the process. These windows messages include:

0x000-wm_null

0x003-wm_move

0x005-wm_size

0x00d-wm_gettext

0x00e-wm_gettextlength

0x033-wm_gethotkey

0x07f-wm_geticon

0x305-wm_renderformat

0x308-wm_drawclipboard

0x30d-wm_changecbchain

0x31a-wm_themechanged

0x313, 0x31b (Wm_???)

Fix uipi problem

Applications that are designed based on the behavior of the operating system prior to Windows Vista may want Windows messages to be delivered freely between processes to accomplish some special work. When these applications run on Windows 7, because of the UIPI mechanism, this message delivery is blocked and the application encounters compatibility issues. To solve this problem, Windows Vista introduced a new API function, Changewindowmessagefilter[7]. With this function, we can add or remove Windows messages that can be isolated through privileged levels. This is like a process with a higher level of privilege, a filter is set up that allows Windows messages to be added to the whitelist of this filter, and only messages on this whitelist are allowed to pass in.

If we want to allow a message to be sent to a higher privileged process, we can call the Changewindowmessagefilter function in a higher privileged process to msgflt_add the message as a parameter into the whitelist of the message filter. Similarly, we can remove this message from the whitelist using Msgflt_remove as a parameter.

An example

For the processing of system messages, the process that accepts the message needs to add the message to the whitelist, which can be implemented using the following code:

You need to add the following code where the high-privilege program begins, specifying what message to accept

Code for a custom message, usually a message larger than Wm_user, we must first register the message in the system, and then call the above code:

The + View code registration message is implemented by RegisterWindowMessage, and the function parameter is the message value you need to register.

At this point, a low-level process can send messages like a high-level process.

Attached Win7 How to enable an application to be installed as an administrator

1. Law One:

Runas/profile/env/user:mydomain\admin "mmc%windir%\system32\dsa.msc"

I feel that this method is not reliable.

2. Law II:

Using the manifest file to get administrator privileges for the VC application

[1] This method is not bad.

<security>

<requestedPrivileges>

<requestedexecutionlevel level= "Requireadministrator" uiaccess= "false"/>

</requestedPrivileges>

</security>

3, Law three:

The named setup,win7 will elevate its privileges and add manifest files. Another way is to change the registry. HKEY_CURRENT_USER\Software \microsoft\windows Nt\currentversion\appcompatflags\layers

Adding a String value name is the path and name of your program, with a value of runasadmin.

can also be made into services.

4. Other methods:

Some netizens said: There is an open source project called RunAs, is used to specify the user to run the program project, you can refer to

Reference URLs and read more

[1] http://hi.baidu.com/crowreturns/blog/item/f5e7cefd7546a284b801a07e.html

[2] Http://www.cnblogs.com/sun8134/archive/2009/10/30/1593025.html

[3] 360 Forum

[4] Http://topic.csdn.net/u/20100203/14/d98d8310-4971-47d1-94b1-9cdfbf159b4f.html

[5] Http://blog.csdn.net/jinhill/archive/2010/07/21/5752870.aspx

[6] Sysinternals Utilities Index

Http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx

[7] Changewindowmessagefilter

Http://msdn.microsoft.com/en-us/library/ms632675%28VS.85%29.aspx

[Using the Changewindowmessagefilter function is not a recommended, as it has process-wide scope. Instead, use the Changewindowmessagefilterex function to control access to specific windows as needed. Changewindowmessagefilter May is supported in the future versions of Windows.

[8]http://it.chinawin.net/softwaredev/article-b6f9.html

Go Win7 UAC security, compatibility, and permissions