问题
I just ran an old program I had written years ago, several years before Vista was released. Windows (7) gave me the UAC prompt and asked for permission to run it. I was surprised because it is a relatively simple program which does nothing too fancy and certainly nothing that should require elevated privileges. I then checked the directory and sure enough, Windows is overlaying the shield icon on the program.
I did a quick scan of the code and do not see anything that would obviously trigger a UAC prompt. Moreover, the program shares a framework with several other programs I had written, none of which have the UAC requirement. The program in question, as well as the others which don’t trigger the UAC prompt are all stored in the same directory on a (FAT32) flash-drive.
The only really unique thing about this program that differs from the other, nearly-identical programs is that it uses ShellExecute to allow the user to launch the default web-browser to open selected URLs, but I can’t imagine if/why that would actually require elevated permissions.
Now I am trying to find some sort of information about what kind of heuristics Windows uses to determine whether it should use the UAC prompt or not. I know that old installers usually trigger the prompt, but those are usually called setup.exe or install.exe, while this has a pretty innocuous name (udb.exe). I suspect that it is detecting certain function calls or some such (of course, that would mean that Windows Explorer reads and disassembles the of all executable files which seems doubtful).
I assumed that there would exist some information on this, but the research I did only found a few off-site discussions (no mentions in the “similar question” lists above or to the right), which listed a few causes, none of which seem to apply:
- A specific request of the program (which is not possible since it was written before UAC existed),
- Lack of manifest (which it does have and would not explain why the other programs don’t trigger it)
- An internal list of filenames/paths (not applicable here)
- Source (again, that doesn’t explain the other programs being okay)
- Access to restricted files/registry keys (not applicable here either)
- Resource entries (again, the other programs share common resource data)
- Other system-related activities (again, not applicable to the program)
I eventually found a few related questions like one that asked what I am, but that ended up with a completely different outcome which is of no help here, or another one which asked a similar, yet opposite question of equally no help. Unfortunatly, the best question I found was about an installer/updater (which of course, does not apply here), and was also no help because the answers were just the same old information I had found on other sites and listed above.
Does anybody know of a list of UAC triggers or some other way to figure out why Windows would think that some programs would needs elevation? Is there a list of restricted API functions or something?
To be clear, I am trying to find out why Windows is flagging one program for UAC, but not another, similar one.
回答1:
A search for UAC heuristics yields this blog entry: Identification of Administrative Applications. On that page:
The O/S makes a decision that the application looks like an installer or updater and will automatically invoke elevation to run the program with administrative permissions/privileges when a user runs it.This decision is based on a heuristic. Here are some of the heuristic detection points, although this list is not exhaustive:
- File name detection – looks for the words “setup”, “update”, “install” in the filename
- SxS Manifest word detection – looks for well-known values in the assembly name attribute program’s SxS Manifest
- String table detection – looks for well known values in the string table within the resource section of an executable
Thus Xearinox is simply not correct that it is completely based on permissions.
One way you may be able to find out why your program is triggering the UAC prompt is to use Process Monitor and check for permission errors.
来源:https://stackoverflow.com/questions/24560531/list-of-uac-prompt-triggers