UAC提示触发器列表? [英] List of UAC prompt triggers?
问题描述
我刚刚运行了我几年前写的一个旧程序,也就是Vista发布几年之前。 Windows(7)给了我UAC提示,并要求允许其运行。我很惊讶,因为它是一个相对简单的程序,没有什么花哨的功能,当然也没有需要提升特权的程序。然后,我检查了目录,并确定Windows在程序上覆盖了盾牌图标。
I just ran an old program I had written years ago, several years before Vista was released. Windows (7) gave me the UAC prompt and asked for permission to run it. I was surprised because it is a relatively simple program which does nothing too fancy and certainly nothing that should require elevated privileges. I then checked the directory and sure enough, Windows is overlaying the shield icon on the program.
我对代码进行了快速扫描,没有发现任何明显的东西。触发UAC提示。此外,该程序与我编写的其他几个程序共享一个框架,但都没有UAC要求。有问题的程序以及其他不会触发UAC提示的程序都存储在(FAT32)闪存驱动器上的同一目录中。
I did a quick scan of the code and do not see anything that would obviously trigger a UAC prompt. Moreover, the program shares a framework with several other programs I had written, none of which have the UAC requirement. The program in question, as well as the others which don’t trigger the UAC prompt are all stored in the same directory on a (FAT32) flash-drive.
该程序与其他几乎完全相同的程序唯一真正不同之处是它使用ShellExecute允许用户启动默认的Web浏览器来打开选定的URL,但是我无法想象是否/为什么会这样需要提升权限。
The only really unique thing about this program that differs from the other, nearly-identical programs is that it uses ShellExecute to allow the user to launch the default web-browser to open selected URLs, but I can’t imagine if/why that would actually require elevated permissions.
现在,我试图查找有关Windows用于确定是否应使用UAC提示的启发式信息。我知道旧的安装程序通常会触发提示,但通常称为 setup.exe 或 install.exe 这个名字很纯真( udb.exe )。我怀疑它正在检测某些函数调用或某些此类调用(当然,这意味着Windows资源管理器会读取并反汇编所有似乎令人怀疑的可执行文件)。
Now I am trying to find some sort of information about what kind of heuristics Windows uses to determine whether it should use the UAC prompt or not. I know that old installers usually trigger the prompt, but those are usually called setup.exe or install.exe, while this has a pretty innocuous name (udb.exe). I suspect that it is detecting certain function calls or some such (of course, that would mean that Windows Explorer reads and disassembles the of all executable files which seems doubtful).
我以为对此会有一些信息,但是我所做的研究仅发现了一些现场讨论(上面或右边的类似问题列表中未提及),其中列出了一些原因,但都没有似乎适用:
I assumed that there would exist some information on this, but the research I did only found a few off-site discussions (no mentions in the "similar question" lists above or to the right), which listed a few causes, none of which seem to apply:
- 程序的特定请求(由于它是在UAC存在之前编写的,因此不可能),
- 缺少清单(它确实具有并且不会解释为什么其他程序不会触发它)
- 文件名/路径的内部列表(不适用)
- 来源(再次,这不能解释其他程序是否正常)
- 访问受限制的文件/注册表项(此处不适用)
- 资源条目(同样,其他程序共享com mon资源数据)
- 其他与系统相关的活动(同样,不适用于该程序)
- A specific request of the program (which is not possible since it was written before UAC existed),
- Lack of manifest (which it does have and would not explain why the other programs don’t trigger it)
- An internal list of filenames/paths (not applicable here)
- Source (again, that doesn’t explain the other programs being okay)
- Access to restricted files/registry keys (not applicable here either)
- Resource entries (again, the other programs share common resource data)
- Other system-related activities (again, not applicable to the program)
我最终发现了一些相关的问题,例如一个问我是什么的问题,但结果却截然不同。在这里没有帮助,或者是另一个问同样没有帮助的类似但相反的问题的问题。不幸的是,我发现的最佳问题是关于安装程序/更新程序的(当然,不适用于此处)。没有帮助,因为答案与我在其他站点上找到的和上面列出的信息相同。
I eventually found a few related questions like one that asked what I am, but that ended up with a completely different outcome which is of no help here, or another one which asked a similar, yet opposite question of equally no help. Unfortunatly, the best question I found was about an installer/updater (which of course, does not apply here), and was also no help because the answers were just the same old information I had found on other sites and listed above.
有人知道UAC触发器列表或其他方法吗?弄清楚为什么Windows会认为某些程序需要提升?是否有受限制的API函数列表?
Does anybody know of a list of UAC triggers or some other way to figure out why Windows would think that some programs would needs elevation? Is there a list of restricted API functions or something?
为清楚起见,我试图找出为什么Windows为UAC标记一个程序,但没有。
To be clear, I am trying to find out why Windows is flagging one program for UAC, but not another, similar one.
推荐答案
原始答案(2014年7月4日)
搜索 UAC启发式会生成以下博客条目:管理应用程序的标识。在该页面上:
Original Answer (2014 July 04)
A search for UAC heuristics yields this blog entry: Identification of Administrative Applications. On that page:
操作系统决定应用程序看起来像是安装程序或更新程序,并会自动调用提升以具有管理权限运行程序/ privileges当用户运行它时。此决定基于启发式。以下是一些启发式检测点,尽管此列表并不详尽:
The O/S makes a decision that the application looks like an installer or updater and will automatically invoke elevation to run the program with administrative permissions/privileges when a user runs it.This decision is based on a heuristic. Here are some of the heuristic detection points, although this list is not exhaustive:
- 文件名检测–查找单词 setup, update,在文件名中安装
- SxS清单词检测–在程序集名称属性程序的SxS清单中查找知名值
- 字符串表检测–在可执行文件的资源部分的字符串表中查找众所周知的值
因此Xearinox根本不正确
Thus Xearinox is simply not correct that it is completely based on permissions.
您可能能够找出您的程序为何触发UAC提示的一种方法是使用进程监视器,并检查权限错误。
One way you may be able to find out why your program is triggering the UAC prompt is to use Process Monitor and check for permission errors.
通过搜索可获取更新的文档页面:
Searching yields an updated documentation page:
该页面底部的安装程序检测技术部分包含以下信息(类似于上面的列表):
There is an Installer detection technology section at the bottom of that page that contains the following information (similar to the list above):
在创建32位进程之前,将检查以下属性以确定它是否是安装程序:
Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:
- 文件名包含诸如 ;安装 设置或更新。
- 版本控制资源字段包含以下关键字:供应商,公司名称,产品名称,文件描述,原始文件名,内部名称和导出名称。
- 并排清单中的关键字嵌入在可执行文件中。
- 特定StringTable条目中的关键字链接在可执行文件中。
- 资源脚本数据中的关键属性在可执行文件中链接。
- 可执行文件中有针对性的字节序列。
- The file name includes keywords such as "install," "setup," or "update."
- Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
- Keywords in the side-by-side manifest are embedded in the executable file.
- Keywords in specific StringTable entries are linked in the executable file.
- Key attributes in the resource script data are linked in the executable file.
- There are targeted sequences of bytes within the executable file.
这篇关于UAC提示触发器列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
