Requesting administrator privileges in C program? - c

I'm trying to make a C program that modifies my host file, but I can't just straight up open the file with the program, because Windows blocks it. Is there any way that I can make the program request administrative privileges within the code, or any script I can use to start the program in admin mode?

Right clicking is a solution that allows you to run any program with Administrator privileges. That includes ticking the box in "Properties".
On Windows 7 and later, you can also rename your program so that its name contains setup (like hosts_setup.exe), and it'll automatically be run in Administrator mode (brings up the UAC prompt) if double-clicked in Explorer. Note this only works from double-clicking in Explorer.
You can also take a look at How can I run a child process that requires elevation and wait? . It calls WinAPI and is a fairly native approach. The best solution is to add it in menifest so your program requests Admin at startup.

Shoot, okay, seconds after posting this question, I found a solution. It turns out that you can right click the executable, click properties, and on the compatibility tab, select "Run this program as administrator". Just in case anyone else needed this information.

Related

Why UAC is not checked through ssh

I am wrote a .Net Windows C# Application:
I have add a manifest application file (Visual Studio template)
Have changed requestedExecutionLevel to "requireAdministrator" level:
<requestedExecutionLevel level="requireAdministrator" uiAccess="false">
The application contains a basic Console.WriteLine("hello world") code.
When I run the application by double-clicking on the .exe icon, I get an UAC popup confirmation.
But if I run this application through ssh shell, I get non confirmation and the application is running ! How can I do to forbidden application to run if UAC is not confirm by user ?
Thanks
UAC prompts are actually manually launched by the program starting a new process. Windows Explorer does this, and so does cmd for example, but not necesarily any other program.
Another consideration is that a SSH server is often running as a service, and services aren't affected by UAC (by the simple fact that services have no UI at all). A remote command line would have no way to present the user a prompt so it's expectable to not to be presented one.
How can I do to forbidden application to run if UAC is not confirm by user ?
You can't.
Administrator manifest are a convenience feature intended for programs explicitly looking for them, but not mandatory at all. For instance, UAC can be disabled altogether or configured to never ask, and programs may still not run with full admin access, but with whatever privileges the user has.
If your program really requires admin access to operate, be sure that your own code checks for them and exits gracefully in such case.

Batch files/Windows 7 - Open UAC prompt minimized on purpose

There are many users struggling with UAC prompts opening in background instead of foreground. Well, I want to do exactly the opposite, ie having the UAC prompt flash on the taskbar and waiting for my attention instead of dimming my whole screen and messing my workflow.
Here's my setup: I'm working on a Win7 x64 machine, and I placed this link in my Startup folder:
C:\CLUs\chp.exe "apps.bat"
chp.exe is an utility that loads batch files without showing the command prompt.
apps.bat calls several unelevated programs (easier to manage apps in this way rather than putting a bunch of links in Startup). The last line of such bat is
elevate chp "elevapps.bat"
elevate.exe is an utility that, as the name says, elevates whatever is called with issuing an UAC prompt. And, clearly, elevapps.bat contains another bunch of programs that require admin rights to start properly.
Now, for a number of reasons I'd like the UAC prompt to start minimized/in background. Ie, once I've logged in Windows, all I want to see is the taskbar containing the flashing icon of the UAC, but no dimmed screen.
Is this possible with batch files? All I know is that UAC "smartly" detects whether it is stealing focus or not and (doesn't) show up accordingly. And clearly during the startup there's nothing to steal focus from, so looks like I'm having no luck. However it also seems that badly coded software (namely not assigning HWNDs somewhere, see here and here) precisely produces this effect. Is there a way to reproduce this "bug" (I'd call it a feature, in my case) with some code in a batch file? Also using a third party utility would be fine, however I'm not a programmer.
I solved the problem by using winapiexec.exe, an utility that allows (as per site) to run WinAPI functions through command line parameters.
winapiexec shell32.dll#ShellExecuteW NULL "runas" "chp" "elevapps.bat" NULL 7

ld.exe: cannot open output file ... : Permission denied

I recently installed CodeBlocks with mingw32 on Windows 7 Ultimate 32bit in order to dust off my c skills, but this problem has me somewhat stumped.
I decided to fire off a short Fibonacci generator to make sure my setup was working, but I ran into a hurdle.
The program compiles, links and whatnot like a charm and I get a corresponding executable which runs as expected.
The problems occur if I try to compile again, then I get the following:
c:/codeblocks/mingw/bin/../lib/gcc/mingw32/4.4.1/../../../../mingw32/bin/ld.exe: cannot open output file bin\Debug\Fibonacci.exe: Permission denied
I can't even edit the permissions of the generated executable.
I've checked the usual suspects:
Executable is verily not running.
Path to executable is read/writable to mingw32 (otherwise it wouldn't be able to build in the first place)
I'm not running cygwin in any shape or form.
And now for the funny bit: Usually after a few minutes, any executables generated by mingw32 which are displaying this Access Denied behaviour will automatically vanish without any intervention from me.
I've googled this somewhat, but most of the other results were either vague or inapplicable.
I wonder whether there is some Windows 7 security setting playing havoc with my .exe's, but I'm not that knowledgeable about Win 7 as to know where to begin searching.
Any one have any ideas?
I had exactly the same problem right after switching off some (in my opinion unneccessary) Windows services. It turned out that when I switched ON again the "Application Experience" everything resumed working fine.
May be you simply have to turn on this service? To switch ON Application Experience:
Click the Windows start buttonn.
In the box labeled "Search programs and files" type services.msc and click the search button. A new window with title "Services" opens.
Right click on "Application Experience" line and select "Properties" from popup menu.
Change Startup type to "Automatic (delayed start)".
Restart computer.
Application Experiences should prevent the problem in the future.
Your program is still running. You have to kill it by closing the command line window.
If you press control alt delete, task manager, process`s (kill the ones that match your filename).
If you think the executable is locked by a process, try Process Explorer from SysInternals. In the File/handle, enter Fibonacci.exe and you should see who holds the file.
If it is not enough, you can use Process Monitor (from SysInternals, again) to follow the activity of all processes on your system on Fibonacci.exe.
With a little bit of analysis (call stacks), you'll may find out why the access to the file is denied and what make it disappear.
Problem Cause :
The process of the current program is still running without interuption.
(This is the reason why you haven't got this issue after a restart)
The fix is simple :
Go to cmd and type the command taskkill -im process_name.exe -f
Eg:
taskkill -im demo.exe -f
here,
demo - is my program name
The Best solution is go to console in eclipse IDE and click the red button to terminate the program.
You will see the your program is running and output can be seen there. :) !!
I had the same behaviour, and fixed it by running Code::Blocks as administrator.
Open task manager -> Processes -> Click on .exe (Fibonacci.exe) -> End Process
if it doesn't work
Close eclipse IDE (or whatever IDE you use) and repeat step 1.
I had a similar problem. Using a freeware utility called Unlocker (version 1.9.2), I found that my antivirus software (Panda free) had left a hanging lock on the executable file even though it didn't detect any threat. Unlocker was able to unlock it.
Got the same issue. Read this. Disabled the antivirus software (mcaffee). Et voila
Confirmed by the antivirus log:
Blocked by Access Protection rule d:\mingw64\x86_64-w64-mingw32\bin\ld.exe d:\workspace\cpp\bar\foo.exe User-defined Rules:ctx3 Action blocked : Create
It may be your Antivirus Software.
In my case Malwarebytes was holding a handle on my program's executable:
Using Process Explorer to close the handle, or just disabling antivirus for a bit work just fine.
i experienced a similar issue. Bitdefender automatically quarantined each exe-file i created by MinGW g++. Instead of the full exe-file i found a file with a weird extension 'qzquar'
testAutoPtr1.exe.48352.gzquar
When i opened quarantined items in Bitdefender i found my exe-file quarantined there.
I got this error when using the Atom editor and mingw (through a package called gpp-compiler) for C++. Closing the open console window fixed my issue.

Running an app that requires an administrator account from a service

Is it possible to run handle.exe (from sysinternals) from a service (in windows7) without having to turn off UAC?
The service is a custom c-app that needs to find out which process is locking a file it tries to access and handle.exe seems to be a good way to solve it but i can't get it to work with UAC turned on. This app runs all the time so i can't have a UAC prompt while its running but its fine if it shows up at startup.
Handle.exe works fine from an admin commandprompt but fails when trying to run from a normal prompt.
I call handle.exe from CreateProcess() and get the output from pipes. I guess there should be a way to solve this but i can't figure it out. Setting up the service to log in from an admin account does not seem to work.
UAC does not affect services (it only affects interactive sessions) so that should work.
However, if you don't want to move your entire program into a service then there are better ways to do this which don't require creating, installing and managing a separate service process in addition to your main program.
If your program requires admin rights to work at all, and this isn't the only place it will require them, then you could flag your program (via its embedded manifest resource) as requiring administrator rights. It will then trigger one UAC prompt whenever it is run and be run with full admin rights, including the ability to run Handle.exe.
On the other hand, if this is the only place where your program needs admin rights, it may make sense to create a COM DLL which wraps your Handle.exe call (or any other admin work) so that you can use UAC to make elevated calls to that function from your non-elevated app. You will then trigger a UAC prompt each time you create (an elevated version of) that COM object. You can keep the COM object open as long as you want, and create it whenever you want, so when and how often the UAC prompt(s) appear are still up to you.
Both 1 & 2 are standard uses of UAC so any good documentation or tutorial on UAC will describe how to do them in detail.
You may want to look at the Win32 API method CreateProcessWithLogonW.
There is also an elevate VBS script here you may learn from: http://technet.microsoft.com/en-us/magazine/2007.06.utilityspotlight.aspx

How to write a Kiosk application in Windows that has control from startup?

I'm not sure if this is technically a Kiosk, but it's basically the same idea. I have a program that runs full screen all the time from boot to shutdown to control a machine that the computer is hooked to.
Right now I just have a shortcut to the exe in the Startup folder so it starts when the system boots up and logs in. Is there any better way to do this? I'd really like the user to never see the Windows environment (just the windows loading progress bar on boot) if at all possible, but I'm guessing that's not possible.
Just thought I'd ask and see if there is a better way to do this than putting it in the startup folder?
The best option is to use Windows Embedded. This gives you much more control over the shell, and what is run and installed with the system.
If you have to do this with a consumer OS, you can try to bypass the login prompts to auto-login your user, and have your program setup in the registry to startup. Disable any other services you don't need. That will minimize the time the shell is displayed (but it's very difficult to remove it).

Resources