“以管理员身份运行"与“以管理员身份运行"之间有什么区别以及带有requireAdministrator的清单? [英] What are the differences between "Run as administrator" and a manifest with requireAdministrator?
问题描述
我编写了一个带有清单的程序,该清单包括requireAdministrator.在启用了UAC的Windows 7系统上,Windows会弹出一个对话框,询问是否需要许可.效果很好.
I've written a program with a manifest that includes requireAdministrator. On Windows 7 systems with UAC enabled, Windows pops up a dialog asking for permissions, as it should. Works great.
如果用户通过右键单击我的程序并选择以管理员身份运行"来启动我的程序,则Windows 7还会弹出一个对话框,询问权限.但是,在程序的某些更深奥的部分中,我的程序的运行方式略有不同.
If a user starts my program by right-clicking it and choosing "Run as administrator", then Windows 7 also pops up a dialog asking for permissions. However, there are some slight differences in how my program operates in some of the more esoteric parts of my program.
那么以管理员身份运行"和带有requireAdministrator的清单之间有什么区别?指向描述差异的文档的任何链接将不胜感激.
So what are the differences between "Run as administrator" and a manifest with requireAdministrator? Any links to documentation that describe differences would be appreciated.
编辑:这已启用UAC.
编辑:以下承诺是我所看到的差异的完整说明.
Edit: As promised below is the full explanation of the difference I'm seeing.
我正在使用 EasyHook库将DLL注入另一个进程.当我的应用程序以以管理员身份运行"运行时,注入的进程崩溃,EasyHook返回错误注入的汇编代码中的未知错误".我的DLL中的任何代码都没有执行的机会;崩溃发生在那之前. (此外,即使我将DLL剥离为零,也会发生崩溃)
I'm using the EasyHook library to inject a DLL into another process. When my application is run with "Run as administrator", the injected process crashes and EasyHook returns the error "Unknown error in injected assembler code". None of the code in my DLL gets a chance to execute; the crash occurs before then. (Moreover, the crash occurs even if I strip the DLL down to nothing)
如果我正常运行程序(即通过requireAdministrator提升权限),一切正常.
If I run my program normally (i.e., elevated via requireAdministrator), everything works fine.
我的应用程序由几个不同的可执行文件组成.用户启动的过程与执行注入的过程不同.
My application is composed of a few different executables. The process that the user launches is not the same process that performs the injection.
推荐答案
有了给定的信息,两个进程之间的权限将没有差异.
With the information given there would be no differences in the permissions between the two processes.
如果您通过应用程序请求执行级别为"requireAdministrator",则您的应用程序将使用管理员的完整访问令牌启动,或者如果用户拒绝同意则完全不启动(请参见
If you request an execution level of "requireAdministrator" via the applications manifest your application will either be launched with the full access token of an administrator or not at all if the user denies consent (see Create and Embed an Application Manifest (UAC) for further information).
当用户选择以管理员身份运行时,也会发生同样的情况.
The same will happen when a user chooses Run as Administrator.
唯一的区别是启动过程的方式.当您从外壳启动可执行文件时,例如通过双击Explorer或从上下文菜单中选择以管理员身份运行,外壳程序将调用ShellExecute来真正开始执行进程.高程的整个过程都隐藏在此功能内.肯尼·克尔(Kenny Kerr)在
The only difference is the way that the process is started. When you start an executable from the shell, e.g. by double-clicking in Explorer or by selecting Run as Administrator from the context menu, the shell will call ShellExecute to actually start process execution. The whole process of elevation is hidden inside this function. Kenny Kerr describes this process in more details in Windows Vista for Developers – Part 4 – User Account Control:
ShellExecute首先调用CreateProcess尝试创建新进程. CreateProcess完成检查应用程序兼容性设置,应用程序清单,运行时加载程序等的所有工作.如果它确定应用程序需要提升,但调用过程没有提升,则CreateProcess将失败并显示ERROR_ELEVATION_REQUIRED.然后,ShellExecute调用应用程序信息服务来处理提升提示和提升的进程的创建,因为调用进程显然没有执行此任务所需的权限.应用信息服务最终会使用不受限制的管理员令牌调用CreateProcessAsUser.
ShellExecute first calls CreateProcess to attempt to create the new process. CreateProcess does all the work of checking application compatibility settings, application manifests, runtime loaders, etc. If it determines that the application requires elevation but the calling process is not elevated then CreateProcess fails with ERROR_ELEVATION_REQUIRED. ShellExecute then calls the Application Information service to handle the elevation prompt and creation of the elevated process since the calling process obviously doesn’t have the necessary permissions to perform such a task. The Application Information service ultimately calls CreateProcessAsUser with an unrestricted administrator token.
另一方面,如果无论可用的应用程序信息如何,您都想创建一个提升的流程,则可以使用ShellExecute指定鲜为人知的"runas"动词.无论应用程序的清单和兼容性信息可能规定了什么,这都会导致请求提升权限. Runas动词实际上不是Windows Vista的新功能.它在Windows XP和Windows 2003上可用,通常用于直接从Shell创建受限制的令牌.但是,此行为已更改.这是一个简单的示例:
If on the other hand you want to create an elevated process regardless of what application information is available then you can specify the little-known "runas" verb with ShellExecute. This has the effect of requesting elevation regardless of what an application’s manifest and compatibility information might prescribe. The runas verb is not actually new to Windows Vista. It was available on Windows XP and Windows 2003 and was often used to create a restricted token directly from the shell. This behavior has however changed. Here is a simple example:
::ShellExecute(0, // owner window
L"runas",
L"C:\\Windows\\Notepad.exe",
0, // params
0, // directory
SW_SHOWNORMAL);
因此,实质上,使用以管理员身份运行选项启动可执行文件意味着ShellExecute绕过兼容性设置,应用程序清单等的检查,并直接请求提升.
So essentially starting an executable using the Run as Administrator option means that ShellExecute bypasses the checks for compatibility settings, application manifests etc and directly requests elevation.
肯尼·克尔(Kenny Kerr)的文章还提供了示例代码,可使用OpenProcessToken函数查询当前进程的令牌以获取其许可.可能您可以使用该示例来确定提升流程的方式没有什么不同.
Kenny Kerr's article also has sample code to query the current process' token for its permission using the OpenProcessToken function. Possibly you can use the example to identify that there are no differences in the way your process is elevated.
我非常想知道您正在观察哪些差异,因为我强烈怀疑它们与海拔高度有关.
I'm definitely curious to know which differences you are observing as I strongly doubt they are related to elevation.
最后一件事:您是否可以再次检查自己是否真正请求了 requireAdministrator 级别,而不是错误地仅请求了 highestAvailable 级别?
As a last thing: Can you double check that you really request a level of requireAdministrator and not by mistake only a level of highestAvailable?
这篇关于“以管理员身份运行"与“以管理员身份运行"之间有什么区别以及带有requireAdministrator的清单?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
