Delphi:以管理员身份运行的应用程序不会收到来自非管理员应用程序的消息 [英] Delphi: application running as admin does not receive messages from non-admin app
问题描述
我想使用SendMessage / PostMessage将消息发送到另一个应用程序,但是当另一个应用程序以管理员身份运行时,它永远不会收到消息。在没有以管理员身份运行发送应用程序的情况下,如何克服这个问题?
I want to send messages to another application, using SendMessage/PostMessage, but when the other app is running as admin it never receives the messages. How can I overcome this without running the "sending" app as admin?
编辑:Remi的答案代码,接收器应用程序
code for Remi's answer, receiver app
Const dummyValue = WM_USER + 71423;
Application.HookMainWindow(AppClass.AppHookFunc);
ChangeWindowMessageFilter(dummyValue, MSGFLT_ADD);
Type TAppClass = class
function AppHookFunc(var Message : TMessage): Boolean;
end;
Var AppClass: TAppClass;
function TAppClass.AppHookFunc(var Message : TMessage): Boolean;
begin
Result := False;
Case Message.Msg of
dummyValue: begin
// do stuff
//
Result := True;
end;
end;
end;
推荐答案
用户界面特权隔离(UIPI)防止完整性较低的进程将窗口消息发送到完整性较高的进程。从软件角度来看,解决此限制的唯一方法是:
User Interface Privilege Isolation (UIPI) prevents a lower integrity process from sending window messages to a higher integrity process. The only ways you can deal with this limitation from a software perspective are to either:
-
以更高的完整性运行发送应用程序级别(即以提升的特权运行它)以匹配目标进程。
run your sending app at a higher integrity level (ie, run it with elevated privileges) to match the target process.
如果您有权更改接收应用程序的源代码,则可以通过调用< a href = https://docs.microsoft.com/zh-cn/windows/desktop/api/winuser/nf-winuser-changewindowmessagefilter rel = noreferrer> ChangeWindowMessageFilter() 或 ChangeWindowMessageFilterEx() 本身。
if you have access to change the source code for the receiving app, make it opt-in to receive specific window messages from lower integrity processes, by calling ChangeWindowMessageFilter() or ChangeWindowMessageFilterEx() on itself.
通过请求<$,使发送应用绕过UIPI c $ c> uiaccess = true 在其&requestedExecutionLevel> 应用清单元素中。但是,这还有其他要求:
have your sending app bypass UIPI, by requesting uiaccess=true in its <requestedExecutionLevel> application manifest element. However, this has additional requirements:
-
应用程序必须使用可以通过安装根证书验证的证书进行数字签名。在机器上。
The app must be digitally signed with a certificate that can be verified with a root certificate installed on the machine.
该应用必须安装在文件系统 1 上的安全文件夹中(标准用户无法写入该文件夹) )在%ProgramFiles%及其子目录下,或在%WinDir%及其子目录下(少数几个标准的子目录除外)用户确实具有访问权限。)
the app must be installed in a "secure" folder on the filesystem 1 (one that standard users can't write to) under %ProgramFiles% and its subdirectories, or under %WinDir% and its subdirectories (except a few subdirectories that standard users do have write access to).
1:此要求为可通过系统配置政策。
外部在软件控制方面,唯一可用的其他选项要求更改系统策略以在系统级别完全禁用用户帐户控制(UAC)和/或UIPI。您不应该这样做。
Outside of software control, the only other option available requires changing system policies to disable User Account Control (UAC) and/or UIPI altogether at the system level. Which you should not do.
这篇关于Delphi:以管理员身份运行的应用程序不会收到来自非管理员应用程序的消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
