Delphi: application running as admin does not receive messages from non-admin app

Question

I want to send messages to another application, using SendMessage/PostMessage, but when the other app is running as admin it never receives the messages. How can I overcome

Answer 1

User Interface Privilege Isolation (UIPI) prevents a lower integrity process from sending window messages to a higher integrity process. The only ways you can deal with this limitation from a software perspective are to either:

• run your sending app at a higher integrity level (ie, run it with elevated privileges) to match the target process.

• if you have access to change the source code for the receiving app, make it opt-in to receive specific window messages from lower integrity processes, by calling ChangeWindowMessageFilter() or ChangeWindowMessageFilterEx() on itself.

• have your sending app bypass UIPI, by requesting uiaccess=true in its <requestedExecutionLevel> application manifest element. However, this has additional requirements:

  • The app must be digitally signed with a certificate that can be verified with a root certificate installed on the machine.

  • the app must be installed in a "secure" folder on the filesystem ¹ (one that standard users can't write to) under %ProgramFiles% and its subdirectories, or under %WinDir% and its subdirectories (except a few subdirectories that standard users do have write access to).

    ^{1: this requirement is configurable via a system policy.}

Outside of software control, the only other option available requires changing system policies to disable User Account Control (UAC) and/or UIPI altogether at the system level. Which you should not do.