Access OSK(on screen keyboard) handle from desktop app without administrator rights

吃可爱长大的小学妹 提交于 2019-12-24 22:40:27

问题


I have a desktop delphi application that runs without administrator rights on windows 7 and 8. This application, needs to send (SendInput) mouse events(click and move) to another running apps. This app works like a driver for a remote wifi pen, that controls mouse over desktop. When the focus is over OSK(on screen keyboard), the mouse move with left key pressed dont work, the osk windows dont move, all others applications move when receive these mouve events. I cand get handle of OSK. When I run my app with administrator privileges(UAC) all works fine, OSK move when app send mouve envets. I think that problem is related to UAC. I found a way to bypass the UAC like this http://www.thewindowsclub.com/create-elevated-shortcut-run-programs-bypass-uac, but is not a good ideia in some enviroments. There is a way to bypass the UAC without underground ways ? Or how can I force the OSK to respond on all mouse events that I send to him.



回答1:


Here is a snip of the manifest that is embedded in Osk.exe:

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
    <requestedPrivileges>
      <requestedExecutionLevel level="asInvoker" uiAccess="true"/>
    </requestedPrivileges>
  </security>
</trustInfo>

Note the level it asks for, asInvoker does not ask for UAC elevation, only requireAdministrator does. In other words, it runs with whatever privileges the starting program has. You can tell, you don't get the consent prompt when you start Osk.exe

What matters here is uiAccess. With it set to true, the program bypasses UIPI. The lesser-known twin of UAC, User Interface Privilege Isolation protects against shatter attacks by disallowing another process to poke keystrokes and mouse clicks into the window owned by an elevated app. Such a process still runs in high integrity mode, that's why you cannot poke into Osk yourself, but doesn't have the privileges enabled that make an UAC elevated app dangerous.

This is not unusual, most any program that uses UI Automation or provides an accessibility feature needs to be able to do this. Like Osk.exe, it needs to be able to poke keystrokes into any app. Clearly what you want to do as well.

Getting uiAccess does not require the user to consent to a prompt like UAC elevation does. The operating system has to "trust" you. Covered well in this MSDN article, "UIAccess for UI automation applications" section. I'll just summarize it here:

  • Set uiAccess="true" in the application manifest
  • Your executable must have valid digital certificate, the kind you buy from a vendor like Verisign.
  • Your executable must be stored in a directory that has write access denied, in a subdirectory of c:\program files or c:\windows.


来源:https://stackoverflow.com/questions/28454538/access-oskon-screen-keyboard-handle-from-desktop-app-without-administrator-rig

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!