Generating an application manifest with a trust level section for an administrative application

Is there any way to coax the VC8 linker into generating an application
manifest with a trust level section suitable for an administrative
application? Or do I have to add this manually each time that I rebuild?

Regards,

George.

Hi George,
[color=blue]
>Is there any way to coax the VC8 linker into
>generating an application manifest with a trust
>level section suitable for an administrative
>application?[/color]

Would you please provide more detailed information about this issue? How do
you use the -tr option manually to generate the application manifest right
now?

Thanks for your understanding!

Best regards,

Gary Chang
Microsoft Community Support
================================================== ====
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
================================================== ====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
================================================== ====
This posting is provided "AS IS" with no warranties, and confers no rights.
================================================== ====

Gary,

Thanks for your reply. I am referring to setting the
requestedExecutionLevel attribute. See the section on "Application Manifest
Schema" in
http://msdn.microsoft.com/library/de...cProtVista.asp.
According to another MSDN article which I can't seem to find right now, this
is an extension of the trust level section. The article is dated September
2005 but you must have known about it for some time internally. Surely you
have given some thought to this by now.
[color=blue]
> Would you please provide more detailed information about this issue? How
> do
> you use the -tr option manually to generate the application manifest right
> now?[/color]

Frankly, that is not a very palatable option. It would be nice to find a
simple example of an administrative application manifest that didn't contain
a bunch of COM or .Net gobble-de-gook.

Regards,

George.

To answer my own post (in part):
[color=blue]
> It would be nice to find a simple example of an administrative
> application manifest that didn't contain a bunch of COM or .Net
> gobble-de-gook.
>[/color]

I pulled this off of somebody's blog (with corrected syntax):

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="true"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>

Regards,

George.

That's great, George! I am glad to know you found the solution.

If you have any more concerns on it, please feel free to post here.


Have a nice day!

Best regards,

Gary Chang
Microsoft Community Support
================================================== ====
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
================================================== ====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
================================================== ====
This posting is provided "AS IS" with no warranties, and confers no rights.
================================================== ====

Gary,

As I stated, my previous post only answered my question "in part." The
unanswered part is how to get the linker to add this automatically so that I
don't have to edit the manifests manually. Is there any way to get the
linker to insert custom xml into the manifest?

To update my previous post:
[color=blue]
> <requestedExecutionLevel level="requireAdministrator" uiAccess="true"/> <[/color]

Omit "uiAccess="true"" for console admin applications. Substitute this line
instead:

<requestedExecutionLevel level="requireAdministrator"/>

Regards,

George.

Sorry, Georgr, I missed your original point. :(
[color=blue]
>Is there any way to get the
>linker to insert custom xml into the manifest?[/color]

yes, you can merge your manifest into the application's manifest:

1. Open the project's Property Pages dialog.
2. Specify the manifest file you need to insert in the Configuraion
Properties/Manifest Tool/Input and Output/Additional Manifest Files entry.
3. Click OK and Rebuild the project.


Wish this helps!

Best regards,

Gary Chang
Microsoft Community Support
================================================== ====
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
================================================== ====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
================================================== ====
This posting is provided "AS IS" with no warranties, and confers no rights.
================================================== ====

Gary,

Well this procedure works well as far as the VC8 linker is concerned.
However the output took down every system on which I tried to run the
application with the merged manifest. This doesn't happen if I edit the
manifests manually. This isn't really your problem (in this NG) but it
certainly is a problem for someone at MS.

Regards,

George.

""Gary Chang[MSFT]"" <v-garych@online.microsoft.com> schrieb im Newsbeitrag
news:DpLolvaQGHA.5448@TK2MSFTNGXA03.phx.gbl...[color=blue]
> Sorry, Georgr, I missed your original point. :(
>[color=green]
>>Is there any way to get the
>>linker to insert custom xml into the manifest?[/color]
>
> yes, you can merge your manifest into the application's manifest:
>
> 1. Open the project's Property Pages dialog.
> 2. Specify the manifest file you need to insert in the Configuraion
> Properties/Manifest Tool/Input and Output/Additional Manifest Files entry.
> 3. Click OK and Rebuild the project.
>
>
> Wish this helps!
>
> Best regards,
>
> Gary Chang
> Microsoft Community Support
> ================================================== ====
> PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
> AM PST, February 14, 2006. Please complete a re-registration process by
> entering the secure code mmpng06 when prompted. Once you have entered the
> secure code mmpng06, you will be able to update your profile and access
> the
> partner newsgroups.
> ================================================== ====
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from this issue.
> ================================================== ====
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> ================================================== ====
>[/color]

Thanks for understanding, George.

I apologize for any inconvenience this may cause you, we will forward your
feedback to our corresponding product team for review.

Good Luck!

Best regards,

Gary Chang
Microsoft Community Support
================================================== ====
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
================================================== ====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
================================================== ====
This posting is provided "AS IS" with no warranties, and confers no rights.
================================================== ====

""Gary Chang[MSFT]"" wrote:
[color=blue]
> Thanks for understanding, George.
>
> I apologize for any inconvenience this may cause you, we will forward your
> feedback to our corresponding product team for review.[/color]

I want to confirm what George is seeing. If I include the manifest he posted
in a .manifest file and let the manifest tool generate the resource, it
causes a BSoD on XP systems. Sometimes, I have to run the app two or three
times before it crashes, and sometimes the crash takes a few seconds to kick
in, but it's consistent.

Before I found this thread, I had narrowed it down to the <security> tag. It
seemed that, no matter what I included in <security>, if it was present, the
app would crash. However, the security section is necessary for UI automation
applications in Windows Vista
(http://windowssdk.msdn.microsoft.com...2ae702805.asp),
so removing it is not an option.

As a side note, the IDE doesn't understand the requestedPrivileges and
requestedExecutionLevel tags. It generates a warning if they are present in
the .manifest file.

I did enter a bug against this in the MSDN product feedback center at
http://lab.msdn.microsoft.com/Produc...ckID=FDBK48918 if anybody wants to validate/vote on it.

To workaround this, you can either edit the resource directly after
building, or do what I did:

1) Manually add a resource to the project of type RT_MANIFEST and ID of 1.
2) Paste the contents of the .manifest file into the resource.
3) Go to the project properties, go to the manifest tool's input/output
section, and turn off the option to embed the manifest.

Then, when you build, the resource will be properly formed, won't crash XP,
and will allow UI automation in Vista (as long as you sign it), without
having to remember to manually edit the resources after building.

--
Troy

Troy,

Sorry to see this is still a problem on XP systems. I guess someone will
have to develop an exploit to get it fixed. :-) What I find particularly
interesting is that vulnerable systems go down hard. They don't even
genearate a crash dump.

Regards,

George.

"Troy" <Troy@discussions.microsoft.com> schrieb im Newsbeitrag
news:1A836C97-B437-4C08-AD32-A30CB55F884F@microsoft.com...[color=blue]
> ""Gary Chang[MSFT]"" wrote:
>[color=green]
>> Thanks for understanding, George.
>>
>> I apologize for any inconvenience this may cause you, we will forward
>> your
>> feedback to our corresponding product team for review.[/color]
>
> I want to confirm what George is seeing. If I include the manifest he
> posted
> in a .manifest file and let the manifest tool generate the resource, it
> causes a BSoD on XP systems. Sometimes, I have to run the app two or three
> times before it crashes, and sometimes the crash takes a few seconds to
> kick
> in, but it's consistent.
>
> Before I found this thread, I had narrowed it down to the <security> tag.
> It
> seemed that, no matter what I included in <security>, if it was present,
> the
> app would crash. However, the security section is necessary for UI
> automation
> applications in Windows Vista
> (http://windowssdk.msdn.microsoft.com...2ae702805.asp),
> so removing it is not an option.
>
> As a side note, the IDE doesn't understand the requestedPrivileges and
> requestedExecutionLevel tags. It generates a warning if they are present
> in
> the .manifest file.
>
> I did enter a bug against this in the MSDN product feedback center at
> http://lab.msdn.microsoft.com/Produc...ckID=FDBK48918
> if anybody wants to validate/vote on it.
>
> To workaround this, you can either edit the resource directly after
> building, or do what I did:
>
> 1) Manually add a resource to the project of type RT_MANIFEST and ID of 1.
> 2) Paste the contents of the .manifest file into the resource.
> 3) Go to the project properties, go to the manifest tool's input/output
> section, and turn off the option to embed the manifest.
>
> Then, when you build, the resource will be properly formed, won't crash
> XP,
> and will allow UI automation in Vista (as long as you sign it), without
> having to remember to manually edit the resources after building.
>
> --
> Troy[/color]

"RossettoeCioccolato" wrote:
[color=blue]
> Troy,
>
> Sorry to see this is still a problem on XP systems. I guess someone will
> have to develop an exploit to get it fixed. :-) What I find particularly
> interesting is that vulnerable systems go down hard. They don't even
> genearate a crash dump.[/color]

Thanks to your post, I realized that it wasn't a problem in the manifest
itself, like I first thought. The workaround isn't too bad, but it does mean
that changes to the manifest are a two-step process, since you have to edit
the XML file as well as the .RC. I suppose you could edit the resource
directly, but it's much easier to work with XML than a hex dump. <g>

I've never entered a bug through the MSDN product feedback, so I'm not sure
if you can see it at
http://lab.msdn.microsoft.com/Produc...ckID=FDBK48918. Maybe if enough people vote on it, it might get fixed. :)

--
Troy