Today I want to introduce a really useful application from the examples in JEDI Windows Security Code Library. In Windows Vista there is no possible way to run a program elevated from the command line. But today there is a cure. I call it RunEl, which stands for Run Elevated. This simple program uses Delphi, the JEDI API and JEDI WSCL. It runs only in Windows Vista and Server 2008 with activated UAC. If there is no UAC, it simply starts the requested application.


If you start the program without any parameter, you’ll get the help screen.

RunEl V1.0 – Run application elevated
by Christian Wimmer @ 2008
Visit us at http://blog.delphi-jedi.net

RunEl [/INSTALL][/UNINSTALL][/W[D][G]] [AppName] [Parameters]

Parameters:
/INSTALL – installs the RunElCOM.dll. Needed for parameter /D
RunElCOM.dll must be in the same folder as RunEl.
/UNINSTALL – uninstalls the RunElCOM.dll.
W – Wait for called process to be finished.
D – uses own elevation COM Class. Before using must be setup with /INSTALL .
G – uses foreground window to display UAC Prompt on.
Parameters W, D and G must be mixed up with only one “/”

Despite the INSTALL parameter, you do not have to install the program! I implemented two different ways to elevate an application. There is on the one side ShellExecute, which can elevate an application by passing “runas” as a parameter. On the other hand, I implemented the usual way by registering a COM DLL. In the last case, you have to register the DLL first. We get back there later.

Let’s see how we can use it. Open a command line window and type:

RunEl cmd

This command starts the Windows command line interpreter as an Administrator. You get the UAC prompt, allow the action and a new cmd window is opened. If you disallow the action, RunEl will return an error value through its process return value. This us useful if you want to check the errorlevel in a batch file.

Elevation failed. (2147943623) The operation was canceled by the user.

If you need to wait for the process to be closed, you can add the wait parameter. This is also mandatory if you want to check your application’s return value. Because it is clear that we have to wait until the process’ end to get the return value.

RunEl /w cmd

Sometimes the UAC prompt does not appear and just blinks in the task to get attention. This is because there is no available window. In this case you can specify parameter “g”, which uses the foreground window. The UAC prompt will appear again then.

RunEl /g cmd

Of course you can also combine both parameters. However there must only be one slash.
All these combinations are the same, so it ignores the case-sensitivity and the order of the three options letters.

RunEl /wg cmd
RunEl /gw cmd
RunEl /Gw cmd
RunEl /GW cmd

The last parameter “d” takes the usual way to get elevated privileges. It runs a COM method as the elevated user, creates the process, returns to non-elevated status and then eventually waits for the process or returns immediately.
However you have to install the provided DLL RunElCOM.dll at first. This is done by using RunEl.

RunEl /install
The COM DLL was successfully installed.

Now you are able to run applications with the “d” parameter in the nearly same way as shown above.

Run /d cmd
Run /dw cmd
Run /dwg cmd

I say nearly because of two issues:

  1. You always have to use /d parameter. Otherwise ShellExecute is used
  2. A major problem of ShellExecute is that it ignores the current directory if it is used for elevation. I circumnavigated this problem by using the following command line internally.

    cmd /C cd /d <current dir> & <your application> <parameters>

    The disadvantage of this solution is that you do not get the application’s return value. Cmd is the main process, so we get its return value instead of <your application>.
    If you need the correct return value directly, you have to use /d switch.

In the end you can uninstall the COM library.

runel /uninstall
The COM DLL was successfully uninstalled.

If you try to run an application using runel /d you’ll get the following error message.

RunEl /d cmd
Elevation failed. (2148007959) The class is not configured to support Elevated activation.


Statement:
I did not sign my application. So you’ll always get a nasty UAC dialog. But there are several solutions:

  1. Do nothing and accept this dialog
  2. Wait until I buy or get the very expensive sign certificate. I tell you that it will last a really long time.
  3. Use your own certificate to sign the file

Download and Sourecode:

You get the newest version of RunEl in the JWSCL Download section of RunEl.

RunEl is also available through Subversion repository:

https://jedi-apilib.svn.sourceforge.net/svnroot/jedi-apilib/jwscl/trunk/examples/runel

You can browse the repository or download it with a Subversion client.

Please send bugs to mail@delphi-jedi.net , the mailinglist or the forum.


Tell me how you liked this blog entry by adding a comment.