How to use SetWindowsHookEx in Vista and hook Admin apps with UAC? - windows

I'm trying to figure out if there's a way to use SetWindowsHookEx and be able to affect apps that are run with Admin rights on Vista, with UAC enabled. This is an app that will need to add a small button to the caption bar of other windows to enable some multi-monitor-aware handling. I would have thought this couldn't be done, but I've seen one app that appears to do this. As far as I can tell, this other apps is not being run with Admin rights, and yet it can affect all apps in the system, including those with Admin privilege.
It would seem that there's a way to do this, then, but I'm at a loss on how. My app only needs to be able to draw on window title bars and be able to affect their movement and size. I don't need to do anything else.

You can't, as administrative processes are isolated from non-administrative processes running on the same user desktop. You can't even drag and drop between admin and non-admin processes.
This is an in-dept analysis: http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx
About the application you are referencing, it probably uses some administrative code running in background (usually as a service) so it can interact with administrative processes.

Related

Logon-type wxpython app

I manage a number of Windows PCs which are used to control equipment. Each computer has a specific program installed which is what people launch to use that equipment. We want to require people to log in before they can access this program.
Currently, I have a wxpython app which just launches that executable when people log in with the correct credentials. However, you can just run the program directly and bypass logging on. I'd like to make a mock logon screen, ie, fullscreen and modal, which only goes away when you log in. Also it should not be able to be bypassed by alt-tab, windows key, etc. How might I accomplish this with wxpython?
There is no full proof way to do this on Windows. You can show a wx.Frame modally using its MakeModal() method. And you can catch EVT_CLOSE and basically veto it it they try to close the frame. However, if they have access to the Task Manager or even Run, they can probably get around the screen. Most users won't be that smart though. You can delete the shortcuts to the apps you want to launch with wx and that will force most normal users to use your login screen. It's only the smart ones who like to troll through the file system who will go around it.

Why application that require administrative privileges cannot run automatically on Windows startup(windows 7)?

I have a application(which runs on windows7 and requires run as administrative) that need to run automatically when windows starts up, so i added a registry key under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" as usual, but my application won't startup automatically even the UAC dialog doesn't promtp, after search from google. I know i can use task scheduler to workaround this, but is there anyboday can tell me why the "run" registry way doesn't work? why the UAC dialog doesn't promtp? it is better if you can help to find a article from microsoft to explain this issue, many thanks in advance!
It is for making the machine usable as quick as possible after booting.
Microsoft Whitepaper: Developing Applications that Run at Logon on Windows Vista
When Windows starts, there is no user to show the UAC prompt to, so your process would have to be held up until an administrative user logs in.
The Task Scheduler is the right way to do what you want.

Drag and drop on Win7 machine to my app

I have a user that is currently running my Winforms app on Win7. My app allows users to select rows from an open Excel spreadsheet and drag-n-drop them onto the app. However, this user cannot do the drag-n-drop. The cursor changes to the "no" cursor (little circle with line through it) and the operation won't complete.
I was researching drag-n-drop and Win7 and everything I found points to UAC and/or UIPI. I was looking for some solutions and am not sure if any of the below would work:
If the user logs in as admin (and as a result runs my app as admin) would that allow drag-n-drop to work?
Does the user need to turn off or change the settings of UAC/UIPI in order to be able to drag-n-drop?
I am not sure what the issue is. My app usually runs from C:/Documents and Settings/... (C:/Users/... on Win7). Does where it is running from matter? Does drag-n-drop not work because the user is not running my app with enough permissions? Are his Excel and my app on different permission levels? If so, what can be done about that? Note that even though my app allows users to just drag the file directly, that doesn't work either.
Also, is there any way I can have the user reproduce this issue with other apps? Are there apps that come with Win7 that he can see the same problem with. For example, can this be reproduced using Notepad?
Thanks.
Explaining this problem away by UIPI is a very long stretch. It doesn't have anything to do with whether or not the user is logged-in as an admin, that doesn't affect UAC and your program will be running with that same account anyway. The only way UIPI could kick in to stop a D+D is when your program is elevated and Excel is not.
To get yourself elevated requires work and doesn't happen by accident. You'd have to include a manifest so that the user gets the UAC prompt, you'd know about that. Or the user would have to change the desktop shortcut and tick the "Run this program as an administrator" option, she's know about that. While UIPI can be bypassed for Windows messages (ChangeWindowMessageFilter), it cannot for Drag and Drop so if any elevation is going on then your stuck. The ultimate test is to simply ask the user to put the UAC slider all the way down.
The much more likely scenario is that your DragEnter event handler simply isn't happy with the data it sees and therefore doesn't assign the e.Effect property. If you can't get a debugger on-site then write a little test program that logs the values of e.Data.GetFormats() plus whatever else you use to check if the drop is acceptable. And don't forget the obvious: the user simply fumbling the drag somehow.

How do you test for permissions?

Is there a way to simulate whether permission are granted or denied to use services like location on the Windows Phone 7? I want to get the users current location, but I can't seem to find away to make the phone show me the permissions dialog so that I can deny access to it for testing? Anyone else have these kinds of issues? I'm finding it rather hard to really test this stuff without having the actual hardware.
I can't seem to find any built-in support to check if the user will allow the location & push notification services to be used within an application.
I would expect a location-aware Windows Phone 7 app to present a dialog box to the user informing that location services will be used within the app. The dialog box has a "Allow" and a "Deny" option. Based on the selection of the user, the app may or may not use the location of the user. I have used Shawn Wildermuth's Child Window to evaluate the user's choice and use their decision in their application accordingly.
HTH,
indyfromoz
You don't need to check for permissions. When app is certified, AppHub scans application for code requiring permissions and updates WMAppManifest.xml.
When user installs your app, he agrees on all permissions you need. So if it's launched, then you got all you need.

Screen capture and event with Vista UAC

I'ved developed a c# application that captures screens using bitblt and sends keyboard and mouse events using calls to keybd_event and mouse_event.
According to Microsoft I needed to modify the app.manifest with:
requestedExecutionLevel level="highestAvailable" uiAccess="true"
Sign the application and place it in a trusted location (program files).
I have done all of these to get the application to run under elevated priviledges under Vista but when UAC dialogs appear it does not capture those screens and the keyboard and mouse events do not reach the UAC dialog.
I am guess that UAC runs in a different desktop?? if so, how would i capture that? and how can i detect when the desktop switches to a UAC dialog in c#? or have i just missed a step?
UAC runs on the secure desktop, only trusted processes running on the system account are allowed to run in that context.
This is to prevent exactly what you are trying to achieve - processes spoofing or capturing user input.
You cannot. The UAC desktop is secure because it doesn't allow anyone to access it.
To detect the desktop switch event, I would try to use SENS or WTSRegisterSessionNotification. But it doesn't look very promising.

Resources