When the Administrator runs with standard User Permissions

Here we will introduce a technology that has the greatest impact on application developers: User Account Control (UAC)

The Windows operating system creates a security token. Every time code attempts to access a protected security resource, the operating system will use (present) This security token,

Starting from the first process, including windows, this token will be associated with all newly created processes, so that if a new malicious program is downloaded, it will inherit the Administrator's high permissions, ------ therefore, You can arbitrarily modify any content on the machine, or even start the same high-privilege process.

From Vista, if you use an administrator account to log on to an account that is granted high-privilege, in addition to the security token corresponding to this account logon, A filtered token (filtered token) is created, and the latter is only granted to standard users ). the first process, including windows Resource Manager, will start later. The filtered token will be associated with all new processes that the system indicates the end user has started, restricted processes cannot access security resources that require higher permissions.

The following describes how to improve permissions:

Bytes ----------------------------------------------------------------------------------------------

First, we can ask the operating system to escalate permissions, but only the process boundary can escalate permissions.

(1) Right-click Run as Administrator
If the application is part of the operating system, a blue banner is displayed.
If the referenced program is signed, a gray banner is displayed in the dialog box, indicating that windows is not sure enough to ensure that the application is secure.
If the application is not signed, the system displays an orange banner in the dialog box and requires you to answer the question carefully.
If a user does not log on to the system with an administrator account, a password is displayed in Windows asking the user to enter the Administrator permission so that the application can run with the Administrator permission, this is called over-the-shoulder logon.

(2) manifest File

<Trustinfo xmlns = "urn: Schemas-Microsoft-com: ASM. V3">
<Security>
<Requestedprivileges>
<Requestedexecutionlevel level = "highestavailable"> </requestedexecutionlevel>
</Requestedprivileges>
</Security>
</Trustinfo>

The preceding code is called a special resource rt_manifest and compiled into the EXE resource section. The system judges the process permissions according to the requestedexecutionlevel section and performs some operations.

Requireadministrator --> the application must be started as an administrator; otherwise, the application will not run.
Highestavailable --> the application runs with the highest available permissions.
--> If you log on with an administrator account, a dialog box asking for permission escalation is displayed.
--> If you use a common user account to log on to the system, use the standard permission to start
Asinvoker --> the application starts with the same permissions as the main application.

(3). You can also select the check box in the Application Properties dialog box.

(4) manually escalate the permissions of a process
The CreateProcess function does not provide the Shenma flag parameter to specify the elevation of this permission.
Instead, we can call the shellexecuteex function.

Bool shellexecuteex (
Lpshellexecuteinfo lpexecinfo
);

Typedef struct _ shellexecuteinfo {
DWORD cbsize;
Ulong fmask;
Hwnd;
Lpctstr lpverb;
Lptstr lpfile;
Lptstr lpparameters;
Lpctstr lpdirectory;
Int nshow;
Hinstance hinstapp;
 
// Optional members
Lpvoid lpidlist;
Lpcstr lpclass;
Hkey hkeyclass;
DWORD dwhotkey;
Union {
Handle hicon;
Handle hmonitor;
};
Handle hprocess;
} Shellexecuteinfo, * lpshellexecuteinfo;

The only two interesting fields of this struct are lpverb and lpfile. The former must be set to "RunAs ", the latter must contain the path of an executable file started with the upgraded permission. The following code:

Shellexecuteinfo sei = {sizeof (shellexecuteinfo )};
Sei. lpverb = text ("RunAs ");
Sei. lpfile = text ("cmd.exe ");
Sei. nshow = sw_normal;
If (! Shellexecuteex (& SEI ))
{
DWORD dwstatus = getlasterror ();
If (dwstatus = error_cancelled)
{
Printf ("not running as administrator ");
}
Else
If (dwstatus = error_file_not_found)
{
Printf ("this file is not found ");
}
}

If you refuse to escalate the permission, shellexecuteex returns false. You can use getlasterror () to indicate this by using an error_cancelled value.

Note: When a process starts with an elevated permission, every time it uses CreateProcess to generate another process, the child process will obtain the same elevated permissions as its parent process, if an application runs with a filtered token, the call fails once it attempts to call CreateProcess to generate an executable file that requires permission escalation, getlasterror will return error_elfvation_required

(5) A shield icon is displayed on the button.

1. The first thing we need to solve is to obtain whether the current process runs as administrator.
②. The button_setelevationrequiredstate macro can help us set or hide the small shield icon.
Essentially:
# Define button_setelevationrequiredstate (hwnd, frequired) (lresult) sndmsg (hwnd), bcm_setshield, 0, (lparam) frequired)
Sendmessage (hwnd), bcm_setshield, 0, (lparam) frequired );
Sendmessage (hwnd, 0x160c, 0, 0 xffffff );
③. Use shellexecuteex in the button-clicking event, and re-call yourself as an administrator

Source: Baidu Internet