windows 启动新进程时绕过提升
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7004310/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Bypassing elevation when launching a new process
提问by Harry Johnston
OK, here's my problem: I'm trying to launch a third-party application. This application is apparently configured to require elevation, presumably via an embedded manifest. My program is running in the context of a non-administrative user, and I want the third-party application to run in the same context.
好的,这是我的问题:我正在尝试启动第三方应用程序。此应用程序显然配置为需要提升,大概是通过嵌入式清单。我的程序在非管理用户的上下文中运行,我希望第三方应用程序在相同的上下文中运行。
When I call CreateProcess it returns error code 740, "The requested operation requires elevation."
当我调用 CreateProcess 时,它返回错误代码 740,“请求的操作需要提升。”
I've tried the CREATE_PRESERVE_CODE_AUTHZ_LEVEL flag which sounded relevant but it made no difference.
我试过 CREATE_PRESERVE_CODE_AUTHZ_LEVEL 标志,听起来很相关,但没有区别。
The third party application does work without administrator privilege, e.g., if I disable UAC and then run it as a non-administrator.
第三方应用程序确实可以在没有管理员权限的情况下工作,例如,如果我禁用 UAC 然后以非管理员身份运行它。
Thanks in advance for any tips/ideas you may have.
预先感谢您提供的任何提示/想法。
回答by Norbert Willhelm
Set the environment variable __compat_layerfor your process to RunAsInvoker. If this environment variable is set, CreateProcess will succeed.
将您的流程的环境变量__compat_layer设置为RunAsInvoker。如果设置了这个环境变量,CreateProcess 就会成功。
You can use the SetEnvironmentVariablefunction for this purpose.
为此,您可以使用SetEnvironmentVariable函数。
回答by Tom Turkington
This elevation is also required on some very simple programs that have UPDATE or SETUP or INSTALL in their names; nothing to do with a manifest. We write code in PICK BASIC that runs on Win2008 and if we write a HELLO WORLD program called UPDATE.TEST we can't run it without elevation. All we need to do is rename the program to fix... But annoying, and btws.
一些非常简单的程序也需要这种提升,这些程序的名称中包含 UPDATE 或 SETUP 或 INSTALL;与清单无关。我们在 PICK BASIC 中编写在 Win2008 上运行的代码,如果我们编写一个名为 UPDATE.TEST 的 HELLO WORLD 程序,我们将无法在没有提升的情况下运行它。我们需要做的就是重命名程序以修复......但很烦人,顺便说一句。
回答by Harry Johnston
Another possible solution is to use use the Microsoft Application Compatibility Toolkitto create and install a custom compatibility database that applies the RunAsInvoker fixor the RunAsHighest fixto the application in question. Although the documentation does not say whether or not this works for applications that have requireAdministrator set in the manifest, I have tested this and it works for me.
另一种可能的解决方案是使用Microsoft 应用程序兼容性工具包来创建和安装自定义兼容性数据库,该数据库将RunAsInvoker 修复程序或RunAsHighest 修复程序应用于相关应用程序。虽然文档没有说明这是否适用于在清单中设置了 requireAdministrator 的应用程序,但我已经测试了它并且它对我有用。
You can install a compatibility database programmatically using the sdbinst command-line tool.
您可以使用sdbinst 命令行工具以编程方式安装兼容性数据库。
(In most scenarios, Norbert's answerwill be considerably simpler to use, but there may be edge cases. In particular, using a compatibility fix may be preferable if your program is not directly responsible for launching the problematic executable.)
(在大多数情况下,Norbert 的答案使用起来要简单得多,但可能存在边缘情况。特别是,如果您的程序不直接负责启动有问题的可执行文件,则使用兼容性修复程序可能更可取。)
回答by Alexey Ivanov
I'm afraid there's no way to workaround it.
恐怕没有办法解决它。
If UAC is enabled and program manifests that it requires elevation, then the system tries to run this process as elevated. CreateProcesswould not start such a process if you're not elevated.
如果启用了 UAC 并且程序表明它需要提升,那么系统会尝试以提升的身份运行此进程。CreateProcess如果你没有被提升,就不会开始这样的过程。
Use ShellExecuteor ShellExecuteExfunctions to start this third-party application. These functions will display UAC confirmation and start the process if user clicks Yes. Your UI element which starts this third-party application should have UAC-shield to notify users that UAC confirmation will be displayed.
使用ShellExecute或ShellExecuteEx函数启动此第三方应用程序。如果用户单击Yes ,这些函数将显示 UAC 确认并启动该过程。启动此第三方应用程序的 UI 元素应具有 UAC-shield 以通知用户将显示 UAC 确认。
