'UAC'에 해당되는 글 4건
Using ShellExecute or ShellExecuteEx instead of using CreateProcess when an executable is marked as "requiredAdministrator"
An executable that is marked as "requireAdministrator" in its manifest cannot be started from a non-elevated process using CreateProcess(). Instead, ERROR_ELEVATION_REQUIRED will be returned. ShellExecute() or ShellExecuteEx() must be used instead. If an HWND is not supplied, then the dialog will show up as a blinking item in the taskbar.
Installer Detection Technology
Installer Detection only applies to:
1. 32 bit executables
2. Applications without a requestedExecutionLevel
3. Interactive processes running as a Standard User with LUA enabled
Before a 32 bit process is created, the following attributes are checked to determine whether it is an installer:
- Filename includes keywords like "install," "setup," "update," etc.
- Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
- Keywords in the side-by-side manifest embedded in the executable.
- Keywords in specific StringTable entries linked in the executable.
- Key attributes in the RC data linked in the executable.
- Targeted sequences of bytes within the executable.
Windows Vista for Developers – Part 4 – User Account Control
Designing Applications to Run at a Low Integrity Level
Communication between low-integrity and higher-integrity processes
Low-integrity processes are not completely isolated from other applications. They can interact with other processes. In fact, without some forms of collaboration, applications running at low integrity may seem to the user to be completely broken.
Some forms of IPC are available for low-integrity processes to communicate with higher-integrity processes. Components in Windows Vista block the following types of communication.
- Most window messages and process hooks are blocked by UIPI.
- Opening a process and using CreateRemoteThread is blocked by the mandatory label on process objects.
- Opening a shared memory section for write access is blocked.
- Using a named object created by a higher integrity process for synchronization is blocked by the default mandatory label.
- Binding to a running instance of a COM service is block.
However, you can use other types of communication between a low-integrity process and a higher-integrity process. The types of communication that you can use include: - Clipboard (copy and paste)
- Remote procedure call (RPC)
- Sockets
- Window messages that the higher-integrity process has been explicitly allowed to receive from lower-integrity processes by calling ChangeWindowMessageFilter
- Shared memory, where the higher-integrity process explicitly lowers the mandatory label on the shared memory section
Important This is particularly dangerous, and the higher-integrity process must be careful to validate all data that is written to the shared section. - COM interfaces, where the launch activation rights are set programmatically by the higher-integrity process to allow binding from low integrity clients
- Named pipes, where the creator explicitly sets the mandatory label on the pipe to allow access to lower-integrity processes
Important
Prev
Rss Feed