Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Find out whether an application needs administrator privileges

Tags:

c#

uac

windows-7

Windows 7 uses an automatic mechanism to detect whether an application needs elevated administrator privileges. Or the application itself has a manifest.

Is there a way to find out programmatically whether a specified application needs elevated administrator privileges or not? I don't want to start it to find it out.

Thank you ;).

like image 360
mmiccc Avatar asked Oct 08 '11 12:10

mmiccc


People also ask

How do I check for administrator privileges?

Select Control Panel. In the Control Panel window, double click on the User Accounts icon. In the lower half of the User Accounts window, under the or pick an account to change heading, find your user account. If the words “Computer administrator” are in your account's description, then you are an administrator.

How do I find out which app has administrator permission?

Select Start > Settings > Privacy. Select the app (for example, Calendar) and choose which app permissions are on or off. The Privacy page won't list apps with permission to use all system resources.


1 Answers

There's really just one way to tell Windows that a program needs to be elevated and that's through the manifest file. Manifest files can either be embedded within an assembly (exe/dll) or can live in a separate file named <YOUR_APP>.exe.manifest. That's really the only way and probably the only way that you can safely check. Officially.

Windows also contains a giant database that's used for application compatibility. If Microsoft has tested an app and found that it breaks when an OS upgrade happens they sometimes creates an entry in the database to essentially hack the app. Sometimes they lie about the current OS version, sometimes they automatically run as administrator, sometimes they do a bunch of other things. You can view the database using the Application Compatibility Toolkit. I don't know if there's an official way to query the database via code. This blog post talks about a tool that the blogger made but apparently never release.

The last automatic elevation mechanism is algorithm that tries to determine if that app is an installer. According to MSDN these attributes are checked:

  • Filename includes keywords like "install," "setup," "update," etc.
  • Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
  • Keywords in the side-by-side manifest embedded in the executable.
  • Keywords in specific StringTable entries linked in the executable.
  • Key attributes in the RC data linked in the executable.
  • Targeted sequences of bytes within the executable.

The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.

Lastly, an app can run as a normal user but spawn a child process that requires elevated privileges. I don't know if there's really any way to actually detect that short of decompiling the app itself.

like image 172
Chris Haas Avatar answered Nov 15 '22 10:11

Chris Haas