I have the following manifest embedded in a VB6 application.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="ExeName"
type="win32"/>
<description>elevate execution level</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
On 32bit Server 2008 machines the file correctly appears with a "Admin Shield" icon overlay and can only be run as administrator. On 64bit Server 2008 the same file does not have the icon overlay and can be run normally.
I have tried changing the processorArchitecture="X86" to both "*" and "ia64" and also removing the manifest from the compiled application and having it as a external manifest, all to no avail.
Any thoughts gratefully recieved.
Have you tried embedding your manifest as this post suggest?
http://www.xtremevbtalk.com/showthread.php?t=308937
Answer is near the bottom of the post with a link to:
http://blogs.msdn.com/vistacompatteam/archive/2006/11/13/manifest-and-the-fusion-cache.aspx
Because your processorArchitecture attribute indicates that it is a 32bit machine.
Related
According to Microsoft's documentation, .local redirection is disabled when the application has a manifest. But I observed that even if the EXE file has an embedded manifest, if there's a folder <exe name>.exe.local in the application directory, the redirection is still applied.
For example, here is the embedded manifest for foo.exe:
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*' />
</dependentAssembly>
</dependency>
</assembly>
If I place a folder foo.exe.local in the application directory, then Windows tries to load comctl32.dll from foo.exe.local\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.437_none_05b63dca071e5dd6\comctl32.dll, rather than the one under C:\Windows\WinSxS.
I tested this on Windows 10 x64 version 10.0.17763.437, and on Windows 7 x86 with latest patches.
So why is .local redirection still followed? How do I change the manifest to disable .local completely?
I have observed the same behavior as well. I would love to know if anyone knows how to disable Windows .local ("dotLocal") redirection - I believe this is a side effect of WinSxS side-by-side loading.
I have tested on Windows 10 x64, version 10.0.17763.503.
Note that I have discovered I can use an undocumented "loadFrom" feature of the manifest to force COMCTL32.DLL to load from the \Windows\System32 directory. However, this only works if the executable does not require Visual Styles and can use COMCTL32 version 5.x.
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
<file name="comctl32.dll" loadFrom="%SystemRoot%\System32\" />
</assembly>
I have build a simple win32, 32 bits software that:
is really simple: one windows, two buttons,
does not need any external exotic library (the ideal is to run under any Windows computer).
This program works fine on xp and 7, but on Vista, the program requires to be running in administrator mode.
How can I tell Vista to run this program "normally"? I tried to edit properties, but nothing things strange. I don't know what requires the program to be launched as admin.
On Vista, this problem comes from the executable name: something_updater.exe.
Some solutions exist to correct the problem, choose one:
With a manifest file:
Add in the program folder some something_updater.exe.manifest file containing:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
name="something_updater.exe"
type="win32"
/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
At link time:
Add the following option to linker when building the executable:
/MANIFESTUAC:level=asInvoker /MANIFESTUAC:uiAccess=false
Change the program name, with some name not containing update nor setup.
I created an application in Excel VBA that needs to run a batch file out of script and I was wondering how I can elevate all the processes that the process creates. Please I need to know how to elevate processes?
If you have an EXE, you can embed a manifest it that will make it require adminrights on Windows 7/Vista.
Edit: The entire that does this manifest would be:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="highestAvailable" uiAccess="False" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
I have created a manifest file for a VB6 application that is running on Windows 7 (not for any visual style changes, just to make sure it accesses the common registry and not a virtualised one)
The exe name is Capadm40.exe, the manifest is named Capadm40.exe.manifest and contains the following:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="CompanyName.Capadm40"
type="win32"/>
<description>Administers the System</description>
<!-- Identify the application security requirements. -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
However, this doesn't seem to make any difference. ie the application is still using the virtualised registry hive. What is also strange is the after I unticked the 'Run this program as an administrator' option in the properties of the application exe, windows still shows a shield on the application icon, leading my to think this is some issue with my windows installation rather than a fault with the manifest. Any ideas?
You're probably running afoul of the fusion cache (and the Explorer Shell's icon cache). External manifests are strongly discouraged anyway, but trying to add one after the program has previously been run often leads to such symptoms.
See Manifest and the fusion cache for a brief description.
You could also touch the EXE to reload the cache.
I would take advantage of LaVolpe's manifest creator, works great for XP, Vista and 7: http://www.vbforums.com/showthread.php?t=606736
I have only found one manifest that works across all platforms 9x+. or even works at all. I have tried all the examples, articles, etc.
the version number or anything else added to it will kill it. possible exception is the extra parameter on requestedExecutionLevel, that seems to be OK. you can change level, and you can add uiAccess. those are allowable. after a LOT of binary-count testing, I found out that those cute extra features of manifests that microsoft offers simply make windows give various errors.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
<ms_asmv2:security>
<ms_asmv2:requestedPrivileges>
<ms_asmv2:requestedExecutionLevel level="asInvoker">
</ms_asmv2:requestedExecutionLevel>
</ms_asmv2:requestedPrivileges>
</ms_asmv2:security>
</ms_asmv2:trustInfo>
</assembly>
Applying the styles in the VB6 IDE:
Save this text in a file named vb6.exe.manifest in the same folder as the vb6.exe:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="Microsoft.VisualBasic.IDE"
type="win32"
/>
<description>Visual Basic 6 IDE</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
Add spaces in the file end until it reaches 672 bytes (multiple of 4).
Then:
download the Resource Hacker and open it as administrator
File > open the VB6.exe
File > New blank script
type:
1 24 "vb6.exe.manifest"
Compile script
Save
My last question "List service and services status under Win-7" made me start working on a solution that gives my app the admin privileges under Windows Vista onward based on a .manifest file.
I was not sure about continue the previous question with this matter since they are not the same so here is another question:
My app now works fine under Win 7 whether or not I run it "as admin" because of the manifest file.
My manifest file is as follow:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.6.0.5" processorArchitecture="X86" name="ServiceMonitorPro" type="win32"/>
<description publisher="Powershield Ltd" product="Powershield Service Monitor">Powershield Service Monitor</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
When the application runs on windows 7 or Vista, the UAC comes with a dialog like this:
alt text http://www.freeimagehosting.net/uploads/39787fd3dd.jpg
How can I replace the "unknow" publisher?
The other and bigest problem is, even thou the app runs with no problem under Win7 or Vista, under WinXP it is now crashing with the message:
"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."
Another thing I would like to add: If
I add reference (uses clause) to XPMan
the app works fine on WinXP but then
it my .manifest file makes no
diference under Vista or Win7.
I have to thank everyone that, with comments or answers point me to keep digging... :)
I went to search for the file WindowsXP.res.
The content of that file is:
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="DelphiApplication"
version="1.0.0.0"
processorArchitecture="*"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
</assembly>
The solution: I have mixed my .manifest file with the WindowsXP.Res xml one adding the dependency section.
If anyone know why its now working, I would be glad to hear about - but this was the solution here - tested so far in a couple of virtual machines, on my computer and a couple of others... working :)
You need to sign your code with a code signing certificate. There should be lots of examples here. I have re-tagged your question with "code-signing", and you can also look for "certificate".
I use Comodo certs myself, and sign them with the awesome, wonderful, Visual Build Pro v6, which is an advertiser here on SO.
You can indicate compatibility with various versions of Windows in your manifest as well. I know that there are entries for compatibility with Vista and Win7; not sure about XP.
Info about the manifest compatibility section is available at MSDN. This may help, also - from the linked page:
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
</application>
</compatibility>
On newer versions of Delphi (7 and above I think) you also need to also be sure to uncheck the "Use Runtime Themes" option in your project options dialog, otherwise Delphi will automatically link in its own default manifest file (that's how it enables the "theme support") and you will get a runtime error about the application's configuration being incorrect, because there will be conflicting entries.
Here's a complete manifest file for a Delphi2007 app which needs to run in adminstrator mode in Windows 7, and also includes the "dependency" section to enable runtime theme support:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
type="win32"
name="CodeGear RAD Studio"
version="11.0.2902.10471"
processorArchitecture="*"/>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>