Community
    • Login

    Launch a No Elevated Process from an Elevated Process in an easy way (Win32 API)

    Scheduled Pinned Locked Moved General Discussion
    32 Posts 5 Posters 13.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • donhoD
      donho
      last edited by donho

      I’m kind of stuck on this issue. Here’s the context:
      Notepad++ launches WinGup as admin for installing/updating Plugins, then it quite. After the operations, WinGup will relaunch Notepad++. The problem is since WinGup has the privilege right, any process launched by WinGup will inherent the elevation.

      Is there any trivial way in win32 API to get the hack down?

      Meta ChuhM 1 Reply Last reply Reply Quote 3
      • dinkumoilD
        dinkumoil
        last edited by

        I found this MSDN blog entry concerning that topic. Wether it’s easy - I don’t know, decide by yourself.

        Another solution would be to split Gup.exe in two programs, a controller/downloader and a worker doing the copy stuff.

        1 Reply Last reply Reply Quote 2
        • dinkumoilD
          dinkumoil
          last edited by

          Oh, and I forgot to mention, there is the old Plugin Manager, the devs of it had to solve the same problem. Maybe have a look at their code.

          donhoD 1 Reply Last reply Reply Quote 5
          • dinkumoilD
            dinkumoil
            last edited by

            @donho

            I found another link which seems to be more promising than the link above.

            The algorithm there retrieves the access token of the desktop shell process. The non-elevated process gets started with this token. The article mentions some caveats but I guess they are not really relevant.

            1 Reply Last reply Reply Quote 2
            • Meta ChuhM
              Meta Chuh moderator @donho
              last edited by

              @donho

              i’ve just tried this out:
              you can relaunch np++ using runas in the command line without the need of specifying the invokers user name.
              it should work in wingup too.

              if you want to simulate and cross check it for a quick test:

              open cmd.exe with right click > run as administrator

              cross check:
              if you now run C:\Program Files (x86)\Notepad++\notepad++.exefrom there, you will of see [Administrator] in the np++ bar as expected

              possible solution:
              execute runas /trustlevel:0x20000 "C:\Program Files (x86)\Notepad++\notepad++.exe"
              and admin mode will be off.
              you should now have the files and folder permissions of the current user 👍

              1 Reply Last reply Reply Quote 3
              • dinkumoilD
                dinkumoil
                last edited by dinkumoil

                @Meta-Chuh , @donho

                I’ve tried the runas method on my Windows 7 x64 machine. I’ve noticed a slight difference from the normal case that Notepad++ gets started via e.g. a desktop link.

                In Windows Taskmanager I have activated the column UAC virtualization. When Notepad++ gets started via a desktop link the value of this column is Deactivated. When Notepad++ gets started via the runas command the column has no value, it is empty. But when I tick the option Show processes of all users the value changes to Not allowed. If I tick this option before starting Notepad++ the value is immediatly Not allowed.

                I don’t know anything about the implications of this difference and I don’t know the difference between UAC virtualization deactivated and UAC virtualization not allowed, but there is a difference. Before adopting the runas method further investigations should take place.

                1 Reply Last reply Reply Quote 3
                • donhoD
                  donho
                  last edited by

                  @dinkumoil
                  Indeed.

                  @Meta-Chuh said:

                  possible solution:
                  execute runas /trustlevel:0x20000 “C:\Program Files (x86)\Notepad++\notepad++.exe”

                  Just tried this method and seems Admin mode is OFF.
                  However, drag & drop a file into edit zone (which is the original motivation to run Notepad++ under user level) is forbidden just like Admin mode is ON.

                  I will continue to search the alternative way.

                  SinghRajenMS 1 Reply Last reply Reply Quote 2
                  • donhoD
                    donho @dinkumoil
                    last edited by

                    @dinkumoil said:

                    Oh, and I forgot to mention, there is the old Plugin Manager, the devs of it had to solve the same problem. Maybe have a look at their code.

                    gpup.exe is launched without elevation, then it spawns itself (another instance) with the privileges rights to download & unzip and quit. The instance without elevation then relaunches Notepad++ without elevation.

                    It’s full of hack, but I guess I have no choice :(

                    Meta ChuhM 1 Reply Last reply Reply Quote 2
                    • dinkumoilD
                      dinkumoil
                      last edited by

                      @donho said:

                      It’s full of hack, but I guess I have no choice :(

                      Well, I would call it “skillful use of officially documented features”. In contrast, the methods suggested in the MSDN blog entries I’ve posted a link to would have been real dirty hacks.

                      1 Reply Last reply Reply Quote 0
                      • Meta ChuhM
                        Meta Chuh moderator @donho
                        last edited by

                        @donho

                        please try this from an elevated cmd or gup exec line:

                        schtasks /create /tn "Notepad++ Update Reload" /tr "C:\Program Files\Notepad++\notepad++.exe" /sc once /st 23:59 /f && schtasks /run /tn "Notepad++ Update Reload" && schtasks /delete /TN "Notepad++ Update Reload" /f

                        i remembered i had the same problem ages ago and solved it using the scheduled tasks
                        this will create run once and delete one that uses the current user regardless of the elevation level of the parent task

                        i’ve just tried it and drag and drop works, also @dinkumoil the uac in the task manager should be correct

                        1 Reply Last reply Reply Quote 1
                        • dinkumoilD
                          dinkumoil
                          last edited by

                          @Meta-Chuh

                          Yes, I remember. That was the way I suppressed UAC dialogs e.g. when starting elevated console windows around 10 years ago when I switched to Windows 7. It was the “I’m the admin, why should I been asked for approving admin tasks?”-attitude.

                          But to use that from within an EXE - hmm, seems crude to me…

                          Meta ChuhM 1 Reply Last reply Reply Quote 1
                          • Meta ChuhM
                            Meta Chuh moderator @dinkumoil
                            last edited by

                            @dinkumoil

                            this is just to get things going right now.
                            it’s to quickly test if using the task scheduler works 100% for all cases.

                            if it does, we can create an ITaskService object unsing eg taskschd.h instead of a command line.

                            if you have another working solution that is testable right now, don’t complain, try it, share it

                            1 Reply Last reply Reply Quote 1
                            • SinghRajenMS
                              SinghRajenM moderator
                              last edited by

                              @donho
                              Have looks at article by Raymond Chen.

                              We already have a solution in place, but unfortunately that solution is in nsis. Look here. The idea is: Run a exe in explorer context.

                              MS link: https://msdn.microsoft.com/library/dd940355
                              MS sample: https://github.com/pauldotknopf/WindowsSDK7-Samples/tree/master/winui/shell/appplatform/ExecInExplorer

                              Hope this will help you.

                              1 Reply Last reply Reply Quote 2
                              • SinghRajenMS
                                SinghRajenM moderator
                                last edited by

                                Also below can be used as simplest solution -

                                ShellExecute(nullptr, L"open", L"explorer.exe", L"C:\\Program Files\\Notepad++\\Notepad++.exe", nullptr, NULL);

                                donhoD 1 Reply Last reply Reply Quote 2
                                • SinghRajenMS
                                  SinghRajenM moderator @donho
                                  last edited by

                                  @donho

                                  @donho said:

                                  @dinkumoil
                                  Indeed.

                                  @Meta-Chuh said:

                                  possible solution:
                                  execute runas /trustlevel:0x20000 “C:\Program Files (x86)\Notepad++\notepad++.exe”

                                  Just tried this method and seems Admin mode is OFF.
                                  However, drag & drop a file into edit zone (which is the original motivation to run Notepad++ under user level) is forbidden just like Admin mode is ON.

                                  I will continue to search the alternative way.

                                  Considering this scenario in mind, npp installer launches npp instance with same integrity level as explorer. Same is applicable here and drag n drop works fine using below method. So I feel, this should suit your requirement.

                                  ShellExecute(nullptr, L"open", L"explorer.exe", L"C:\\Program Files\\Notepad++\\Notepad++.exe", nullptr, NULL);

                                  1 Reply Last reply Reply Quote 3
                                  • donhoD
                                    donho @SinghRajenM
                                    last edited by

                                    @SinghRajenM said:

                                    Also below can be used as simplest solution -

                                    ShellExecute(nullptr, L"open", L"explorer.exe", L"C:\\Program Files\\Notepad++\\Notepad++.exe", nullptr, NULL);

                                    Thank you for the info.
                                    I do remember the solution you provide in NSIS and did try the line above - only explorer launched.

                                    SinghRajenMS 1 Reply Last reply Reply Quote 0
                                    • dinkumoilD
                                      dinkumoil
                                      last edited by

                                      @donho

                                      The last parameter has to be 1 = SW_SHOWNORMAL

                                      1 Reply Last reply Reply Quote 1
                                      • SinghRajenMS
                                        SinghRajenM moderator @donho
                                        last edited by SinghRajenM

                                        @donho said:

                                        @SinghRajenM said:

                                        Also below can be used as simplest solution -

                                        ShellExecute(nullptr, L"open", L"explorer.exe", L"C:\\Program Files\\Notepad++\\Notepad++.exe", nullptr, NULL);

                                        Thank you for the info.
                                        I do remember the solution you provide in NSIS and did try the line above - only explorer launched.

                                        Interesting. It is working fine to me.

                                        [Edit]:
                                        @dinkumoil, nice catch. I’m using SW_SHOW

                                        Meta ChuhM 1 Reply Last reply Reply Quote 1
                                        • Meta ChuhM
                                          Meta Chuh moderator @SinghRajenM
                                          last edited by

                                          @SinghRajenM

                                          thx, very cool and easy just to execute via explorer.exe, iv’e just tried it.

                                          i didn’t know that explorer.exe does not pass the elevation level to a spawn.

                                          so simple and perfect 👍

                                          SinghRajenMS 1 Reply Last reply Reply Quote 0
                                          • SinghRajenMS
                                            SinghRajenM moderator @Meta Chuh
                                            last edited by

                                            @Meta-Chuh Again it depends upon how explorer.exe is executed. In most of the cases explorer is not elevated unless user explicitly do so.

                                            So if explorer is also elevated, then new exe also will be elevated yet. But it is expected in this case, because both will be at same integrity level which allows drag n drop.

                                            https://paste.pics/e25eda50315a622bfda372343fd9b722

                                            donhoD 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            The Community of users of the Notepad++ text editor.
                                            Powered by NodeBB | Contributors