Why won't my EXE run under Vista with UAC Enabled?

Discussion in 'Windows Vista Security' started by Joseph Geretz, Feb 26, 2007.

  1. Joseph Geretz

    DevilsPGD Guest

    In message <> "Joseph Geretz"
    How would you suggest doing that?

    The problem is that the security token needs to be assigned at runtime,
    an app cannot be elevated while running. This is required, otherwise a
    non-elevated app could hook into an app which it suspects might become
    elevated in the future, and once the elevation happens, the non-elevated
    app would have full elevated privileges.

    Worse, consider what would happen to a regular user (non-administrator)
    who happened to be running a program that needed to be elevated part way
    through. The program would not only received an administrator token,
    but also an entirely different security context -- The new context might
    not even have the ability to read it's own EXE, or the files it was
    reading previous to the elevation.
     
    DevilsPGD, Mar 2, 2007
    #21
    1. Advertisements

  2. How would you suggest doing that?

    By scanning the executable at load time.

    - Joseph Geretz -
     
    Joseph Geretz, Mar 2, 2007
    #22
    1. Advertisements

  3. Joseph

    Those guidelines are general. If you don't see your specific issue addressed
    in those documents, go to the developer forums, and ask your specific
    question there. This is where all of the Microsoft developers, who wrote
    most of the code for Vista, post answers to messages. I'm sure you can find
    the soulution you are looking for on those forums. Start with the Where Is
    the Forum For...?

    MSDN Forums:
    http://forums.microsoft.com/MSDN/default.aspx?SiteID=1
     
    Ronnie Vernon MVP, Mar 2, 2007
    #23
  4. Joseph Geretz

    Guest Guest

    That's not really possible. Windows can't tell what a program does be
    examing the exe. While some things could of course be gleaned, like declared
    API calls, the program may jump to the API address or use the ordinal rather
    than use symbolic names.

    MS solution is .NET programming language with it managed code model.

    Why don't you drop the manifest into the exe.
     
    Guest, Mar 3, 2007
    #24
  5. Joseph Geretz

    DevilsPGD Guest

    In message <> "Joseph Geretz"
    To what end? How do you determine if an EXE will desire to write to
    Program Files pragmatically? Or whether it will want to write to a
    portion of the registry which is off-limits without elevated privileges?

    I suspect you'd find that any similar solution would be even more buggy,
    and there would be just as many complaints of "Why can't Vista figure
    out that setup.exe is an installer and needs elevated privileges"
     
    DevilsPGD, Mar 3, 2007
    #25
  6. Joseph Geretz

    kpg Guest

    wow...just got back to this thread.

    Unbelievable!

    Reminds me of the time a when I had a component named bridge.dll -
    Windows defender thought it was spyware based solely on it's name - because
    there was some malware that used a bridge.dll file - how about checking
    signatures?

    whatever...

    kpg
     
    kpg, Mar 6, 2007
    #26
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.