Real Software Forums

The forum for Real Studio and other Real Software products.
[ REAL Software Website | Board Index ]
It is currently Wed Nov 13, 2019 5:06 am
xojo

All times are UTC - 5 hours




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Admin Rights
PostPosted: Thu Dec 02, 2010 2:01 pm 
Offline
User avatar

Joined: Sat May 27, 2006 3:27 pm
Posts: 480
Hello i have a ques i have a prob sure a ton of other users have this same issue. The Issue is when i run my program it removes/moves folderitems uses the windows registry. This requires admin rights but i am all ready an administrator so i have to right click my application in to display the drop down menu ,click the run as administrator item to have my program function correctly without getting errors in Windows 7. Is there a way to run as administrator programmatically without having to do this every time you run your application?

"Check is you are an Administrator

Sub IsAdministrator() As Boolean
Dim fReturn As Boolean = False
Dim dwStatus, dwAccessMask, dwAccessDesired, dwACLSize As Integer
Dim dwStructureSize As Integer = 20 'sizeof(PRIVILEGE_SET)
Dim pACL, psidAdmin As Integer
Dim hToken As Integer
Dim hImpersonationToken As Integer
Dim ps As New MemoryBlock(dwStructureSize)
Dim GenericMapping As New MemoryBlock(16)
Dim psdAdmin As Integer
Dim SystemSidAuthority As New MemoryBlock(6)

SystemSidAuthority.Byte(0) = 0
SystemSidAuthority.Byte(1) = 0
SystemSidAuthority.Byte(2) = 0
SystemSidAuthority.Byte(3) = 0
SystemSidAuthority.Byte(4) = 0
SystemSidAuthority.Byte(5) = 5


// Determine if the current thread is running as a user that is a member
// of the local admins group. To do this, create a security descriptor
// that has a DACL which has an ACE that allows only local aministrators
// access. Then, call AccessCheck with the current thread's token and the
// security descriptor. It will say whether the user could access an object if
// it had that security descriptor. Note: you do not need to actually
// create the object. Just checking access against the security descriptor
// alone will be sufficient.

// AccessCheck() requires an impersonation token. We first get a
// primary token and then create a duplicate impersonation token. The
// impersonation token is not actually assigned to the thread, but is
// used in the call to AccessCheck. Thus, this function itself never
// impersonates, but does use the identity of the thread. If the
// thread was impersonating already, this function uses that impersonation
// context.

Soft Declare Function GetCurrentThread Lib "Kernel32" () As Integer
Soft Declare Function OpenThreadToken Lib "Advapi32" (handle As Integer, access As Integer, openAsSelf As Boolean, ByRef tokenHandle As Integer) As Boolean
Soft Declare Function GetLastError Lib "Kernel32" () As Integer
Soft Declare Function OpenProcessToken Lib "Advapi32" (handle As Integer, access As Integer, ByRef tokenHandle As Integer) As Boolean
Soft Declare Function GetCurrentProcess Lib "Kernel32" () As Integer
Soft Declare Function DuplicateToken Lib "Advapi32" (existing As Integer, impersonation As Integer, ByRef dupe As Integer) As Boolean
Soft Declare Function AllocateAndInitializeSid Lib "Advapi32" (authority As Ptr, count As Byte, auth0 As Integer, auth1 As Integer, auth2 As Integer, auth3 As Integer, auth4 As Integer, auth5 As Integer, auth6 As Integer, auth7 As Integer, ByRef sid As Integer) As Boolean
Soft Declare Function LocalAlloc Lib "Kernel32" (flags As Integer, bytes As Integer) As Integer
Soft Declare Function InitializeSecurityDescriptor Lib "AdvApi32" (desc As Integer, revision As Integer) As Boolean
Soft Declare Function GetLengthSid Lib "AdvApi32" (sid As Integer) As Integer
Soft Declare Function InitializeAcl Lib "AdvApi32" (acl As Integer, length As Integer, revision As Integer) As Boolean
Soft Declare Function AddAccessAllowedAce Lib "AdvApi32" (acl As Integer, revision As Integer, access As Integer, sid As Integer) As Boolean
Soft Declare Function SetSecurityDescriptorDacl Lib "AdvApi32" (desc As Integer, daclPresent As Boolean, dacl As Integer, defaulted As Boolean) As Boolean
Soft Declare Sub SetSecurityDescriptorGroup Lib "AdvApi32" (desc As Integer, group As Integer, defaulted As Boolean )
Soft Declare Sub SetSecurityDescriptorOwner Lib "AdvApi32" (desc As Integer, owner As Integer, defaulted As Boolean )
Soft Declare Function IsValidSecurityDescriptor Lib "AdvApi32" (desc As Integer) As Boolean
Soft Declare Function AccessCheck Lib "AdvApi32" (desc As Integer, client As Integer, access As Integer, mapping as Ptr, privSet As Ptr, ByRef privSetLength As Integer, ByRef grantedAccess As Integer, ByRef accessStatus As Integer) As Boolean
Soft Declare Sub LocalFree Lib "Kernel32" (p As Integer)
Soft Declare Sub CloseHandle Lib "Kernel32" (handle As Integer)
Soft Declare Sub FreeSid Lib "AdvApi32" (sid As Integer)

Const TOKEN_DUPLICATE = &h2
Const TOKEN_QUERY = &h8
Const ERROR_NO_TOKEN = 1008

If Not OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE + TOKEN_QUERY, True, hToken) Then
If Not OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE + TOKEN_QUERY, hToken) Then
GoTo Cleanup
End If
End If

Const SecurityImpersonation = 2
If Not DuplicateToken (hToken, SecurityImpersonation, hImpersonationToken) Then
GoTo Cleanup
End If

// Create the binary representation of the well-known SID that
// represents the local administrators group. Then create the
// security descriptor and DACL with an ACE that allows only local admins
// access. After that, perform the access check. This will determine whether
// the current user is a local admin.
Const SECURITY_BUILTIN_DOMAIN_RID = &h20
Const DOMAIN_ALIAS_RID_ADMINS = &h220
If Not AllocateAndInitializeSid(SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, psidAdmin) Then
GoTo Cleanup
End If

Const LPTR = &h40
Const SECURITY_DESCRIPTOR_MIN_LENGTH = 20
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH)
if psdAdmin = 0 then
GoTo cleanup
end if

Const SECURITY_DESCRIPTOR_REVISION = 1
If Not InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION) Then
GoTo cleanup
End If

// Compute size needed for the ACL.
dwACLSize = 8 + 16 + GetLengthSid(psidAdmin) - 4

pACL = LocalAlloc(LPTR, dwACLSize)
If pACL = 0 Then
GoTo Cleanup
End If

Const ACL_REVISION2 = 2
If Not InitializeAcl(pACL, dwACLSize, ACL_REVISION2) Then
GoTo Cleanup
End If

Const ACCESS_READ = &h1
Const ACCESS_WRITE = &h2
dwAccessMask = ACCESS_READ + ACCESS_WRITE

If Not AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin) Then
GoTo Cleanup
End If

If Not SetSecurityDescriptorDacl(psdAdmin, True, pACL, False) Then
GoTo Cleanup
End If

// AccessCheck validates a security descriptor somewhat; set the
// group and owner so that enough of the security descriptor is filled out
// to make AccessCheck happy.

SetSecurityDescriptorGroup(psdAdmin, psidAdmin, False)
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, False)

If Not IsValidSecurityDescriptor(psdAdmin) Then
GoTo cleanup
End If

dwAccessDesired = ACCESS_READ

// Initialize GenericMapping structure even though you
// do not use generic rights.
GenericMapping.Long(0) = ACCESS_READ
GenericMapping.Long(4) = ACCESS_WRITE
GenericMapping.Long(8) = 0
GenericMapping.Long(12) = ACCESS_READ + ACCESS_WRITE

Dim ret As Integer
If Not AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired, GenericMapping, ps, dwStructureSize, dwStatus, ret) Then
Dim err As Integer = GetLastError()

fReturn = False
GoTo Cleanup
end if

fReturn = (ret <> 0)

Cleanup:
// Clean up.
If pACL <> 0 Then LocalFree(pACL)
If psdAdmin <> 0 Then LocalFree(psdAdmin)
If psidAdmin <> 0 Then FreeSid(psidAdmin)
If hImpersonationToken <> 0 Then CloseHandle(hImpersonationToken)
If hToken <> 0 Then CloseHandle(hToken)

Return fReturn
End Sub


"Ignore the admin rights and proceed anyhow

#If Not DebugBuild
If Not IsAdministrator Then
If MsgDialog( " Warning" , " You may need be an administrator in order to run the application correctly! " , 2 , "Ignore" , True ) Then
'User Clicked Ok
End If
End If
#EndIf


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Fri Dec 03, 2010 3:25 am 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
I usually just manually edit the EXE's manifest after compiling. Specifically, I edit the <requestedExecutionLevel> tag:
<requestedexecutionlevel
level="requireAdministrator"
uiAccess="true"/>


Most any PE editor will let you change the manifest.

_________________
Boredom Software


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Thu Dec 16, 2010 5:23 am 
Offline

Joined: Tue Aug 29, 2006 4:04 am
Posts: 513
Location: Indonesia
If you mean, to let the button invoke an admin rights when its clicked, I have tested this and works perfectly,

sub pushbutton1_action
Soft Declare Function ShellExecuteExW Lib "Shell32" ( info as Ptr ) as Boolean
Soft Declare Function ShellExecuteExA Lib "Shell32" ( info as Ptr ) as Boolean

dim info as new MemoryBlock( 15 * 4 )
dim verb as new MemoryBlock( 32 )
dim file as new MemoryBlock( 260 * 2 )

info.Long( 0 ) = info.Size
info.Long( 8 ) = self.Handle
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
verb.WString( 0 ) = "runas"
file.WString( 0 ) = "c:\Windows\Notepad.exe"
else
verb.CString( 0 ) = "runas"
file.CString( 0 ) = "c:\Windows\Notepad.exe"
end if
info.Ptr( 12 ) = verb
info.Ptr( 16 ) = file

Const SW_SHOWNORMAL = 1
info.Long( 28 ) = SW_SHOWNORMAL

dim ret as Boolean
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
ret = ShellExecuteExW( info )
else
ret = ShellExecuteExA( info )
end if


and if u wanna put the admin icon on the button, just add this code
in pushbutton_open
Const BCM_SETSHIELD = &h160C
Const BCM_GETIDEALSIZE = &h1601

Declare Sub SendMessageA Lib "User32" ( hwnd as Integer, msg as Integer, wParam as Integer, lParam as Integer )
Declare Sub SendMessageA Lib "User32" ( hwnd as Integer, msg as Integer, wParam as Integer, lParam as Ptr )

SendMessageA( me.Handle, BCM_SETSHIELD, 0, 1 )

dim size as new MemoryBlock( 8 )
SendMessageA( me.Handle, BCM_GETIDEALSIZE, 0, size )



regards,
Rivo


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Thu Dec 16, 2010 11:19 am 
Offline
User avatar

Joined: Sat May 27, 2006 3:27 pm
Posts: 480
Thanks alot that what i was looking for.

But now i am having a issue with quitting the application and getting the application running with admin rights. I want to check admin right if the user is not an admin then send use a warning msg asking to use admin rights with the application so the user don't get read write errors with files. But i have a mutex that stops the application from running two copys at the same time. Once i set the application i quit the current one the reload the admin one but the admin one seems to load faster the the non admin one quits here what i mean below in coding see if i can get this to work...

APP PROTECTED PROPERTY ( Mutex As Integer )

Sub APP StartMutex
#If TargetWin32
Declare Function CreateMutexA Lib "Kernel32" (ignore as Integer, initialOwner as Boolean, name As CString) As Integer
Declare Function GetLastError Lib "Kernel32" () as Integer

mutex = CreateMutexA(0, True, "Micro Cleaner")

If GetLastError = 183 Then // ERROR_ALREADY_EXISTS

If MsgDialog( "Warning" , "You cannot have more than one copy running!" , "OK" , 0 , "Cancel" , False ) Then
Quit
End if
End If
#EndIf
End Sub


Sub MainWindow Open()

#If Not DebugBuild
If Not IsAdministrator Then
If MsgDialog( " Warning" , " You may need be an administrator in order to run the application correctly! " , "OK" , 2 , "Ignore" , True ) Then
'run as administrator
RunAsAdmin
Else
'user clicked ignore run normal
End If
End If
#EndIf
End Sub


Sub RunAsAdmin()

Soft Declare Function ShellExecuteExW Lib "Shell32" ( info as Ptr ) as Boolean
Soft Declare Function ShellExecuteExA Lib "Shell32" ( info as Ptr ) as Boolean

dim info as new MemoryBlock( 15 * 4 )
dim verb as new MemoryBlock( 32 )
dim file as new MemoryBlock( 260 * 2 )

info.Long( 0 ) = info.Size
info.Long( 8 ) = MainWindow.Handle 'The Main Window Of The Application
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
verb.WString( 0 ) = "runas"
file.WString( 0 ) = App.ExecutableFile.AbsolutePath 'The Applications Working Path
else
verb.CString( 0 ) = "runas"
file.CString( 0 ) = App.ExecutableFile.AbsolutePath 'The Applications Working Path
end if
info.Ptr( 12 ) = verb
info.Ptr( 16 ) = file

Const SW_SHOWNORMAL = 1
info.Long( 28 ) = SW_SHOWNORMAL

dim ret as Boolean
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
ret = ShellExecuteExW( info )
else
ret = ShellExecuteExA( info )
end if

'Try and quit the running application to reload the new one with the Shell Execute
CALL QUIT
End Sub


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Thu Jan 20, 2011 5:26 pm 
Offline

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
Location: Colorado, USA
Funny - I just posted the same code for someone else with the same issue. Heh heh... I cant remember where I got it from originally - I think from the WFS?


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Fri Jan 21, 2011 2:50 am 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
I think it's from the WFS... I'd recognize Aaron Ballman's highly irritating practice of putting spaces around his parentheses anywhere! :lol:

_________________
Boredom Software


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Sun Jan 23, 2011 3:09 pm 
Offline

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
Location: Colorado, USA
Oh no joke! I am so OCD when it comes to my spacing. I want spaces between my = but not my ( parentheses ). Haha! :lol:


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Sun Jan 23, 2011 6:14 pm 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
dtrotter wrote:
Oh no joke! I am so OCD when it comes to my spacing. I want spaces between my = but not my ( parentheses ). Haha! :lol:

Boy do I ever know your pain! x = y(x) not x=y ( x ) !! Thank goodness for global search and replace.

_________________
Boredom Software


Top
 Profile  
Reply with quote  
 Post subject: Admin Rights - Manifest error - loaderX86.cpp: 668 error
PostPosted: Tue Mar 29, 2011 6:15 am 
Offline
User avatar

Joined: Sat Sep 04, 2010 9:29 am
Posts: 12
Location: Argentina
when I compile my application is working properly

c:\Program files\onefolder\myapp.exe
c:\Program files\onefolder\myapp.exe.Manifest


but if I apply this manifest ( i try modify this too)

<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

using a dos.bat i apply: mt.exe (visual studio 2008)

mt.exe -manifest myapp.exe.manifest -outputresource:myapp.exe;1


but now gives an error

..\..\..\..\Common\loaderX86.cpp: 668
Failure Condition: 0
Executable is Corrupt!

i am using Win-xp
Any ideas or suggestions

_________________
Ruben Dieminger
Informatic - Mat.Prof 036
IT Developer - programmer
Forex Market Trader ( Mt4 Experts - Market Advisor)

http://analizandoforex.blogspot.com


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Tue Mar 29, 2011 1:44 pm 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
I've never used mt.exe. Could it be perhaps a Visual Studio compiled apps only sort of thing? Like maybe it only works with CLR bytecode?

_________________
Boredom Software


Top
 Profile  
Reply with quote  
 Post subject: Re: Admin Rights
PostPosted: Tue Mar 29, 2011 6:53 pm 
Offline
User avatar

Joined: Sat Sep 04, 2010 9:29 am
Posts: 12
Location: Argentina
Hi charonn0

I was doing tests. Do not use more "mt.exe"
I tried on another computer, only:

c:\Program files\onefolder\myapp.exe
c:\Program files\onefolder\myapp.exe.Manifest


and I think it works correctly.

_________________
Ruben Dieminger
Informatic - Mat.Prof 036
IT Developer - programmer
Forex Market Trader ( Mt4 Experts - Market Advisor)

http://analizandoforex.blogspot.com


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC - 5 hours


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group