Installer Detection -...
12
Hands-On Lab Installer Detection - Native Lab version: 1.0.0 Last updated: 9/1/2022
Transcript of Installer Detection -...
Hands-On LabInstaller Detection - Native
Lab version: 1.0.0
Last updated: 5/15/2023
Installer Detection - Native
CONTENTS
OVERVIEW................................................................................................................................................. 3
EXERCISE 1: INSTALLER DETECTION ISSUES.....................................................................................4Task 1 - Make Sure UAC is Active.........................................................................................................4
Task 2 - Identifying the Problem..........................................................................................................5
EXERCISE 2: SOLVING THE PROBLEM..................................................................................................5Task 1 - Adding an External Manifest..................................................................................................5
Task 2 - Adding an Embedded Manifest..............................................................................................7
SUMMARY.................................................................................................................................................. 9
2
Installer Detection - Native
Overview
Objectives
In this lab, you will learn how to:
Identify issues related to installer detection on Windows Vista® and later versions
Fix installer detection issues
System Requirements
You must have the following items to complete this lab:
Microsoft Visual Studio® 2008 SP1
Microsoft Windows® 7
3
Installer Detection - Native
Exercise 1: Installer Detection Issues
In this exercise, you will look at an “old” executable that is mistakenly identified as an installer, when in fact it is a normal application that does not require administrative privileges.
Task 1 - Make Sure UAC is Active
In this task, you will confirm that User Account Control (UAC) is active. This will allow the problem to occur.
1. From Start:
a. Click Control Panel.
b. Click User Accounts and Family Safety.
c. Click User Accounts.
d. Click Change User Account Control Settings. A dialog box similar to the following should appear.
Help
Alternatively, click Start, click Run, and type UAC. Then click Change User Account Control Settings.
4
Installer Detection - Native
2. Make sure the slider is set at the default level as pictured (you can set it to another level, but not to Never notify, as this disables UAC).
3. Click OK.
Task 2 - Identifying the Problem
1. Navigate to the BrokenStockUpdater\Debug folder with Windows Explorer.
2. Switch to medium or large icon view so you can more easily see the shield icon overlay that appears over the BrokenNativeStockUpdater.Exe file. It should look something like this:
3. Double-click the file and verify that a UAC prompt for elevation appears. This is undesired behavior, stemming from the fact that the word “update” is included in the filename (and it is a 32-bit application without a manifest). The heuristics include the words “setup,” “install,” and “update.”
Exercise 2: Solving the Problem
The problem identified in the last task can be solved by adding a manifest, either external or internal.
Task 1 - Adding an External Manifest
1. Navigate to the BrokenStockUpdater\Debug folder with Windows Explorer and:
a. Right-click an empty space.
b. Point to New.
5
Installer Detection - Native
c. Click Text Document.
d. Name it BrokenNativeStockUpdate.Exe.manifest. Notice that as soon as the file exists with the new name, even though it is still empty, the shield icon overlay disappears:
2. Open the manifest file in Notepad or another text editor.
3. Enter the following text:
XML
<?xml version="1.0" encoding="utf-8"?><asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="StockUpdater"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo></asmv1:assembly>
Help
The critical information is the level attribute. The value asInvoker instructs the .exe file to run with the same privileges as the creator (for example, Windows Explorer), which indicates that this .exe file is not an installer, but a regular application. The other relevant level is requireAdministrator, indicating that this .exe file needs administrative privileges to operate correctly. For example, it is an actual installer and needs access to privileged locations, such as \Windows\System32 folder or HKEY_LOCAL_MACHINE\Software key.
4. Save the file.
6
Installer Detection - Native
5. Exit the text editor.
6. Verify that the change works as expected by double-clicking the .exe file. This time, you should not see a UAC elevation prompt and the application should function normally.
Task 2 - Adding an Embedded Manifest
1. Open the BrokenStockUpdater.sln solution file located in the BrokenStockUpdater folder with Visual Studio 2008.
2. Examine the BrokenNativeStockUpdater project. This project has no manifest. To verify this:
3. Click the Project menu.
4. Click Properties.
5. In the left column, locate the node named Linker.
6. Open it and find the node named Manifest File. In the right pane, the Generate Manifest setting should be set to No, as shown in the following screen shot:
7
Installer Detection - Native
Help
The default setting in Visual Studio 2008 is to generate a manifest file.
7. Change the Generate Manifest setting to Yes.
8. Use the UAC Execution Level setting to set the desired level (either asInvoker, requireAdministrator, or highestAvailable):
9. In the left pane, open the node named Manifest Tool.
10. Click the node named Input and Output. The Embed Manifest setting in the right pane controls whether the manifest is embedded as a Win32 resource or remains a loose file (as in the previous task).
11. Select Yes to embed the manifest as resource, so no additional manifest file needs to be carried with the executable, as shown in the following screen shot:
8
Installer Detection - Native
12. Rebuild the solution and delete the manifest file from the previous task.Make sure the shield icon disappears, and no UAC elevation prompt appears when double-clicking the application.The fixed solution is in the FixedStockUpdater.sln located in the FixedStockUpdater folder.
Summary
In this lab, you learned how installer detection works. You learned that 32-bit images without a manifest containing certain keywords in the filename might cause elevation of privileges when not actually needed. The reverse problem is also possible, where an installer that fails the heuristics is not elevated automatically when it actually requires it.
For more information, please refer to:
Application Compatibility Cookbook: http://msdn.microsoft.com/en-us/library/bb963893.aspx
The Windows Vista and Windows Server® 2008 Developer Story: http://msdn.microsoft.com/en-us/library/aa905330.aspx
9
