开发者

Developing Apps with Administrator Rights in Delphi

I'm using D2010 under Windows 7 to write an app that seems to require admin rights (I think because it uses COM to communicate with a third party .exe, which also requires admin rights).

I've added the manifest resource as required, but when I try to debug the app from the IDE, it reports

"Unable to create process. The requested operation requires elevation"

...and it won't run. If I run Delphi as administrator, then my app runs correctly, but this feels like a dangerous brute force approach, especially as most of the apps I develop don't need admin privileges.

Is there any way of getting Delphi to prompt for elevation just when I run my app, rather than having the whole IDE run elevat开发者_C百科ed?


UAC also catches any application that has the words "setup", "update" or "install" in their name or in many of the Version Resource fields. (Company name, App Name, Description etc. It considers any such application to be a potential "installer" application and therefore must be run with Admin privileges.

Sounds crazy, but it's true. See the "Installer Detection" section in this document.

You can get around this by including a manifest that says that it doesn't need admin privileges.


There is none, it also doesn't work for VS:

https://stackoverflow.com/questions/3265787/how-do-i-debug-an-process-as-elevated-with-visual-studio-2008-sp1-on-windows-7

I guess you could run the remote debugger elevated and attach the IDE using remote debugging though.

It doesn't work, because the process is running as another user (or using another user token).

The IDE is trying to run the debugging process using CreateProcess and that fails when the application requires elavation, more details can be found in this article:

http://www.codeproject.com/KB/vista-security/UAC__The_Definitive_Guide.aspx

RAD Studio could run the application using ShellExecute with the "runas" verb, but this still doesn't solve the "debugging process under other user context" issue.

In other words: An elevated process can only be debugged by an elavated debugger.

Edit:

The Delphi XE2 IDE is 32-Bit and can debug 64-Bit applications only through the remote debugger (which is cleverly hidden from the user).

I guess Embarcadero could make it possible to debug elevated applications in a similar fashion.


The only way I know to debug such an app is to run the IDE as administrator. I wouldn't recommend doing this routinely, just for debugging sessions.


Actually it may be possible to debug a process with "higher level access" from a process with "normal level access".

At least until Windows XP it is sufficient to add your user account to the Debugger Users group to debug processes running e.g. with Administrator privileges.

That doesn't solve Delphi 2010s problem to run the process at all, but may be useful if you try to attach the debugger to a already running process.

I don't think this works on UAC enabled Vista+, but I thought I'd mention it anyway. :)

To be exact the UAC split token concept disables the SeDebugPrivilege:

http://blogs.msdn.com/b/greggm/archive/2006/03/30/565303.aspx

http://blogs.msdn.com/b/mithuns/archive/2006/04/04/568291.aspx


Run Delphi (any version) as Administrator.

You can change Delphi shortcut properties also (to run it always as administrator).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜