从没有管理员权限的桌面应用程序访问 OSK(屏幕键盘)句柄 [英] Access OSK(on screen keyboard) handle from desktop app without administrator rights
问题描述
我有一个桌面 delphi 应用程序,它在 Windows 7 和 8 上运行时没有管理员权限.此应用程序需要将 (SendInput) 鼠标事件(单击和移动)发送到另一个正在运行的应用程序.这个应用程序就像一个远程 wifi 笔的驱动程序,它控制桌面上的鼠标.当焦点在 OSK(屏幕键盘上)上时,鼠标左键按下不起作用,osk 窗口不移动,所有其他应用程序在收到这些移动事件时移动.我可以处理 OSK.当我以管理员权限(UAC)运行我的应用程序时一切正常,当应用程序发送 mouve envets 时 OSK 移动.我认为这个问题与UAC有关.我找到了一种绕过 UAC 的方法 http://www.thewindowsclub.com/create-elevated-shortcut-run-programs-bypass-uac,但在某些环境中不是一个好主意.有没有地下方法绕过UAC的方法?或者我如何强制 OSK 响应我发送给他的所有鼠标事件.
I have a desktop delphi application that runs without administrator rights on windows 7 and 8. This application, needs to send (SendInput) mouse events(click and move) to another running apps. This app works like a driver for a remote wifi pen, that controls mouse over desktop. When the focus is over OSK(on screen keyboard), the mouse move with left key pressed dont work, the osk windows dont move, all others applications move when receive these mouve events. I cand get handle of OSK. When I run my app with administrator privileges(UAC) all works fine, OSK move when app send mouve envets. I think that problem is related to UAC. I found a way to bypass the UAC like this http://www.thewindowsclub.com/create-elevated-shortcut-run-programs-bypass-uac, but is not a good ideia in some enviroments. There is a way to bypass the UAC without underground ways ? Or how can I force the OSK to respond on all mouse events that I send to him.
推荐答案
这是嵌入在 Osk.exe 中的清单片段:
Here is a snip of the manifest that is embedded in Osk.exe:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="true"/>
</requestedPrivileges>
</security>
</trustInfo>
注意它要求的 level,asInvoker不要求 UAC 提升,只有 requireAdministrator 要求.换句话说,它以启动程序拥有的任何特权运行.可以看出,启动Osk.exe时没有得到同意提示
Note the level it asks for, asInvoker does not ask for UAC elevation, only requireAdministrator does. In other words, it runs with whatever privileges the starting program has. You can tell, you don't get the consent prompt when you start Osk.exe
这里重要的是uiAccess.将其设置为 true 后,程序将绕过 UIPI.UAC 的鲜为人知的孪生,用户界面权限隔离通过禁止另一个进程将按键和鼠标点击插入提升的应用程序拥有的窗口来防止破碎攻击.这样的进程仍然在高完整性模式下运行,这就是为什么你不能自己进入 Osk,但没有启用使 UAC 提升的应用程序危险的权限.
What matters here is uiAccess. With it set to true, the program bypasses UIPI. The lesser-known twin of UAC, User Interface Privilege Isolation protects against shatter attacks by disallowing another process to poke keystrokes and mouse clicks into the window owned by an elevated app. Such a process still runs in high integrity mode, that's why you cannot poke into Osk yourself, but doesn't have the privileges enabled that make an UAC elevated app dangerous.
这并不罕见,大多数使用 UI 自动化或提供辅助功能的程序都需要能够做到这一点.与 Osk.exe 一样,它需要能够将按键输入任何应用程序.很明显你也想做什么.
This is not unusual, most any program that uses UI Automation or provides an accessibility feature needs to be able to do this. Like Osk.exe, it needs to be able to poke keystrokes into any app. Clearly what you want to do as well.
获得 uiAccess 不需要用户同意像 UAC 提升那样的提示.操作系统必须信任"你.这篇 MSDN 文章,UI 自动化应用程序的 UIAccess"部分有很好的介绍.我在这里总结一下:
Getting uiAccess does not require the user to consent to a prompt like UAC elevation does. The operating system has to "trust" you. Covered well in this MSDN article, "UIAccess for UI automation applications" section. I'll just summarize it here:
- 在应用程序清单中设置 uiAccess="true"
- 您的可执行文件必须具有有效的数字证书,即您从 Verisign 等供应商处购买的那种证书.
- 您的可执行文件必须存储在写访问被拒绝的目录中,位于 c:\program files 或 c:\windows 的子目录中.
这篇关于从没有管理员权限的桌面应用程序访问 OSK(屏幕键盘)句柄的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
