为什么我的 win32 程序需要提升? [英] Why does my win32 program need elevation?
问题描述
我有一个非常简单的程序,用于自动更新.它检查服务器 (HTTPS) 上的可用版本、下载新更新并运行(可能更新的)程序.这是一个用Delphi 7编写的旧程序.在Windows 8和Windows 10下,这个程序似乎需要提升(以管理员身份运行).这是一个问题,因为一旦程序被提升,它也会启动更新的程序提升,这很糟糕.
I have a very simple program that is used for auto-updating. It checks for available versions on a server (HTTPS), downloads new updates and runs the (possibly updated) program. This is an old program that was written in Delphi 7. It seems that this program requires elevation (run as admin) under Windows 8 and Windows 10. This is a problem, because once the program is elevated, it also starts the updated program elevated, and that is very bad.
程序代码非常简单,它只包含来自服务器的 Indy 组件( TIdHTTP ),和 ShellAPI 来执行他下载的程序,一些 IniFiles 和一个进度条.
The program code is very simple, it only contains Indy components from the server ( TIdHTTP ), and ShellAPI to execute he downloaded program, some IniFiles and a progress bar.
所以问题是:如何找出需要提升的 API 调用,以及如何替换它?是否有调试器可以判断哪些 API 调用(在哪些代码地址)需要提升?
So the question is this: how can I find out which API call requires elevation, and how do I replace it? Is there a debugger that can tell what API call (at what code address) requires elevation?
推荐答案
不一定是需要提升的 API 调用.它可以只是程序名称.它可能被称为 somethingUPDATE.exe 之类的东西吗?如果是这样,如果没有 UAC 清单来指定提升设置,安装程序检测将启动,Windows会认为该程序是安装程序并自动显示 UAC 提示进行提升.(同样适用于包含 Install、Setup、Patch 等的文件名).
It is not necessarily an API call that requires elevation. It could simply be the program name instead. Is it maybe called something like somethingUPDATE.exe? If so, then without a UAC manifest to specify elevation settings, Installer Detection will kick in and Windows will think the program is an installer and automatically display the UAC prompt for elevation.
(The same goes for file names containing Install, Setup, Patch, etc).
安装程序检测技术
安装程序是为部署软件而设计的应用程序,大多数写入系统目录和注册表项.这些受保护的系统位置通常只能由管理员用户写入,这意味着标准用户没有足够的权限来安装程序.Windows Vista 试探性地检测安装程序并请求管理员凭据或管理员用户的批准,以便以访问权限运行.Windows Vista 还会启发式地检测更新程序和卸载程序.请注意,UAC 的设计目标是防止在用户不知情和同意的情况下执行安装,因为它们会写入文件系统和注册表的受保护区域.
Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writeable only by an administrator user, which means that standard users do not have sufficient access to install programs. Windows Vista heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Vista also heuristically detects updater and uninstallation programs. Note that a design goal of UAC is to prevent installations from being executed without the user's knowledge and consent since they write to protected areas of the file system and registry.
安装程序检测仅适用于:
Installer Detection only applies to:
32 位可执行文件
32 bit executables
没有requestedExecutionLevel的应用程序
Applications without a requestedExecutionLevel
以启用 LUA 的标准用户身份运行的交互式进程
Interactive processes running as a Standard User with LUA enabled
在创建 32 位进程之前,会检查以下属性以确定它是否为安装程序:
Before a 32 bit process is created, the following attributes are checked to determine whether it is an installer:
文件名包括安装"、设置"、更新"等关键字.
Filename includes keywords like "install," "setup," "update," etc.
以下版本控制资源字段中的关键字:供应商、公司名称、产品名称、文件描述、原始文件名、内部名称和导出名称.
Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
嵌入在可执行文件中的并行清单中的关键字.
Keywords in the side-by-side manifest embedded in the executable.
在可执行文件中链接的特定 StringTable 条目中的关键字.
Keywords in specific StringTable entries linked in the executable.
可执行文件中链接的 RC 数据中的关键属性.
Key attributes in the RC data linked in the executable.
可执行文件中的目标字节序列.
Targeted sequences of bytes within the executable.
注意
关键字和字节序列源自从各种安装程序技术中观察到的共同特征.
The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.
这个链接可能也很有趣:
This link might also be interesting:
这篇关于为什么我的 win32 程序需要提升?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
