11

I am developing a partition disk program, and for me to read the \\\\.\\PhysicalDrive0 I need admin rights.

I am wondering if it is possible, in the run time, for the program to gain admin rights? Is there any win api for that?

I want to do that because I want the program to execute with admin rights only when it is reading/writing the disk. For security reasons, I don't want the program to execute all the time with admin rights, because someone could find a bug (stack or heap overflow for example) in some module and execute arbitrary commands as adm.

Renan Greinert
  • 3,376
  • 3
  • 19
  • 29
  • No. You would have to move that code into another .exe project that has a manifest that asks for the UAC elevation permission. Start that .exe when necessary. – Hans Passant Jan 18 '12 at 19:17
  • Thank you for all the answers! The trick of separating the process will do the job. – Renan Greinert Jan 18 '12 at 19:40
  • 1
    @HansPassant: Not necessarily _another_ .exe. Look at Task Manager, which restarts itself with Administrator rights if you choose "view processes for all users". – MSalters Jan 19 '12 at 16:14
  • @MSalters - True. But that's autoElevate at work, not available to mere mortals. http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx#id0560031 – Hans Passant Jan 19 '12 at 16:30
  • @HansPassant: The _autoElevate_ is reserved to the OS, but that's just to suppress a prompt. – MSalters Jan 20 '12 at 08:41
  • @HansPassant: It just re runs itself with the "runas" verb which elevates (and prompts if required) – Deanna Jan 20 '12 at 09:49

4 Answers4

14

You cannot acquire elevated privileges after the process has started. Your options are:

  1. Put the part of your application that requires elevated privileges into a separate process and manifest that with requireAdministrator.
  2. Run the part of your application that requires elevated privileges as an out-of-proc COM object.
David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • See [this article](http://msdn.microsoft.com/en-us/library/windows/desktop/ms679687(v=vs.85).aspx) on MSDN for the COM elevation method. – Deanna Jan 20 '12 at 09:50
4

I have never seen a way to transition rights once a process has begun executing. The only way I know of is for the process to be created as privileged.

I look forward to other answers in case there is another way.

(update)
The article Teach Your Apps To Play Nicely With Windows Vista User Account Control (about halfway down) confirms that admin rights can be granted only at process creation time.

wallyk
  • 56,922
  • 16
  • 83
  • 148
1

You need to embed manifest with requireAdministrator flag

http://msdn.microsoft.com/en-us/library/bb756929.aspx

Kamil Klimek
  • 12,884
  • 2
  • 43
  • 58
  • Well as the program requires access to low level computer parts, I don't see any reason why shouldn't it run with admin priviliges. Same reason would apply to privilged subprocess launched everytime that priviliged operation needs to be done – Kamil Klimek Jan 18 '12 at 20:09
  • 2
    For exactly the same reason that OpenSSH isn't running everything with root rights, just because it has to listen at port 22.. anything else is horrible design and violates one of the most basic principles of secure code design. [There's even a wiki article about it](http://en.wikipedia.org/wiki/Privilege_separation) – Voo Jan 18 '12 at 20:27
  • "Partition program" itself is launched to perform some administrator priviliged operations. Partitioning itself requires admin priviliges. – Kamil Klimek Jan 18 '12 at 20:34
  • 2
    And there are obviously other things the program does that do not need admin rights - after all that's what the whole question is about! – Voo Jan 18 '12 at 20:42
0

Project's Propeties (Alt + Enter) -> Linker -> Manifest File -> UAC Execution level (in VS2015, in 2010 it's similar) -> requireAdministrator or highestAvailable

Edit: Also, if it's updating program, simply make your program's name starting with Update and Windows will automatically recognize it.

Brackets
  • 464
  • 7
  • 12