How to detect if executable requires UAC elevation (C# pref)

how can I detect if executable requires UAC elevation? So far I came to two ideas: picture recognition of executable's icon to check if UAC shield icon is on it and information from wikipedia: http://en.wikipedia.org/wiki/User_Account_Control

it is possible to programmatically detect if an executable will require elevation by using CreateProcess() and setting the dwCreationFlags parameter to CREATE_SUSPENDED. If elevation is required, then ERROR_ELEVATION_REQUIRED will be returned.[16] If elevation is not required, a success return code will be returned at which point you can use TerminateProcess() on the newly created, suspended process. This will not allow you to detect that an executabl开发者_高级运维e requires elevation if you are already executing in an elevated process.

Thanks

Try using the CheckElevation function exported by kernel32.dll. This is a completely undocumented function, but here's what I've been able to reverse-engineer:

ULONG CheckElevation(
    __in PWSTR FileName,
    __inout PULONG Flags, // Have a ULONG set to 0, and pass a pointer to it
    __in_opt HANDLE TokenHandle, // Use NULL
    __out_opt PULONG Output1, // On output, is 2 or less.
    __out_opt PULONG Output2
    );

You'll have to do some experimentation to find out how to call the function properly. What I've been able to work out so far is that if Output1 is not 0, elevation is required.

Why would you want to use picture recognition if it can be checked programmatically? You can use P/invoke to call CreateProcess with desired parameters.

The best way is to parse its PE format and then know whether its manifest file requires UAC.

http://weblogs.asp.net/kennykerr/archive/2007/07/10/manifest-view-1-0.aspx?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+KennyKerr+(Kenny+Kerr)

Not sure how Kenny wrote the code, but it shows the possibility.