My application does not always require "admin" privileges and most of the time would run as the current user. Is there any way, I can escalate privs by throwing up a UAC at runtime after my program is already running? This will only happen as and when I need privs. Rather than having to start with high privs.
I know the "runas" technique, manifest file etc. but all these are before the process is created and not at runtime, on-demand
恭喜,这正是 UAC 的设计工作方式,大多数应用程序开发人员要么太懒,要么太害怕,不敢考虑看 :)
简而言之,您将需要提升的代码放在单独的 COM 对象(位于 DLL 中)中,然后使用此处描述的方法创建它的提升实例。
HRESULT CoCreateInstanceAsAdmin(HWND hwnd, REFCLSID rclsid, REFIID riid, __out void ** ppv)
{
BIND_OPTS3 bo;
WCHAR wszCLSID[50];
WCHAR wszMonikerName[300];
StringFromGUID2(rclsid, wszCLSID, sizeof(wszCLSID)/sizeof(wszCLSID[0]));
HRESULT hr = StringCchPrintf(wszMonikerName, sizeof(wszMonikerName)/sizeof(wszMonikerName[0]),\
L"Elevation:Administrator!new:%s", wszCLSID);
if (FAILED(hr))
return hr;
memset(&bo, 0, sizeof(bo));
bo.cbStruct = sizeof(bo);
bo.hwnd = hwnd;
bo.dwClassContext = CLSCTX_LOCAL_SERVER;
return CoGetObject(wszMonikerName, &bo, riid, ppv);
}
键是Elevation:Administrator!new:名字对象名称的前缀。这会触发提升提示,并使用提升的令牌创建生成的 COM 对象。