Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

ElevationProxy: creates infinitely new instances when UAC is disabled #57

Closed
henjuv opened this Issue · 6 comments

3 participants

Henrik Juvonen Adam Baxter Garrett Serack
Henrik Juvonen

This happens on Windows 7 with CoApp 1.2.0.443. I can post a screenshot of the task manager if you want.

Basically it's in an infinite loop at ElevationProxyMain.ElevateSelf(), because it never returns at line 126.

Edit:

When UAC is disabled:

  • User is in Administrator group: All programs start elevated.
  • User is not in Administrator group: User must use "Run as different user" to start a program elevated.

How to fix the infinite loop:

internal static void ElevateSelf(bool processCreated) {
    try {
        var ntAuth = new SidIdentifierAuthority();
        ntAuth.Value = new byte[] {0, 0, 0, 0, 0, 5};

        var psid = IntPtr.Zero;
        bool isAdmin;
        if (AllocateAndInitializeSid(ref ntAuth, 2, 0x00000020, 0x00000220, 0, 0, 0, 0, 0, 0, out psid) && CheckTokenMembership(IntPtr.Zero, psid, out isAdmin) && isAdmin) {
            return; // yes, we're an elevated admin
        }
    } catch {
        // :) Seems that we need to elevate?
    }

    if (!processCreated) {
        // we're not an admin I guess.
        try {
            var process = new Process {
                StartInfo = {
                    UseShellExecute = true,
                    WorkingDirectory = Environment.CurrentDirectory,
                    FileName = Assembly.GetEntryAssembly().Location,
                    Verb = "runas",
                    Arguments = Environment.GetCommandLineArgs().Skip(1).Aggregate(string.Empty, (current, each) => current + " \"" + each + "\"").Trim() + " __EPM1__",
                    ErrorDialog = true,
                    ErrorDialogParentHandle = GetForegroundWindow(),
                    WindowStyle = ProcessWindowStyle.Maximized,
                }
            };

            if (!process.Start()) {
                throw new Exception();
            }

            // since we want the parent process to be able to wait for this, we'll wait for the child process.
            while( ParentIsRunning && !process.WaitForExit(100) ) {
                Thread.Sleep(100);
            }
        } catch {
            // nWindow.Fail(LocalizedMessage.IDS_REQUIRES_ADMIN_RIGHTS, "The installer requires administrator permissions.");
        }
    }

    // we should have elevated, or failed to. either way, GTFO.
    Environment.Exit(0);
}

private static void Main(string[] args) {
    parentProcess = ParentProcessUtilities.GetParentProcess();

    if( args.Length <1 ) {
        System.Windows.Forms.MessageBox.Show("Required: PipeName", "CoApp Elevation Proxy", MessageBoxButtons.OK, MessageBoxIcon.Error);
        return;
    }

    ElevateSelf(args.Length == 2 && args[1] == "__EPM1__");
    var epm = new ElevationProxyMain {
        ClientPipeName = args[0]
    };
    epm.Go();
}
Adam Baxter

Thanks again for this. Just wondering if this occurs when my account is an admin but UAC is disabled?

Henrik Juvonen

This occurs only with a non-admin (standard user) account when UAC is disabled.

Adam Baxter

I couldn't reproduce this in Windows 7 or 8.

Henrik Juvonen

I couldn't reproduce this in windows 8. This happens only in my windows 7 with standard user account (only when uac is disabled). Debug token: 46254265809597271E5903265640AE74

Elevation proxies

Henrik Juvonen

I had to enable "User Account Control: Run all administrators in Admin Approval Mode" and it seemed to fix the problem.

Garrett Serack

I will take the patch, at least we'll get rid of the infinite loop.

We should probably do something smarter though when the user isn't admin on a uac-disabled machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.