在没有管理员权限的情况下从桌面应用访问OSK(屏幕键盘)句柄
[英]Access OSK(on screen keyboard) handle from desktop app without administrator rights
问题描述
I have a desktop delphi application that runs without administrator rights on windows 7 and 8. This application, needs to send (SendInput) mouse events(click and move) to another running apps. 
我有一个在Windows 7和8上没有管理员权限运行的桌面delphi应用程序。该应用程序需要将(SendInput)鼠标事件(单击并移动)发送到另一个正在运行的应用程序。 This app works like a driver for a remote wifi pen, that controls mouse over desktop. 此应用程序的工作方式类似于远程wifi笔的驱动程序,可控制鼠标移至桌面。 When the focus is over OSK(on screen keyboard), the mouse move with left key pressed dont work, the osk windows dont move, all others applications move when receive these mouve events. 当焦点位于OSK(在屏幕键盘上)上时,鼠标按下左键移动不起作用,osk窗口不移动,所有其他应用程序在收到这些mouve事件时都移动。 I cand get handle of OSK. 我可以处理OSK。 When I run my app with administrator privileges(UAC) all works fine, OSK move when app send mouve envets. 当我以管理员权限(UAC)运行我的应用程序时,一切正常,当应用程序发送Mouve Envets时,OSK移动。 I think that problem is related to UAC. 我认为该问题与UAC有关。 I found a way to bypass the UAC like this http://www.thewindowsclub.com/create-elevated-shortcut-run-programs-bypass-uac , but is not a good ideia in some enviroments. 我找到了一种绕过UAC的方法,例如http://www.thewindowsclub.com/create-elevated-shortcut-run-programs-bypass-uac ,但在某些环境中并不是一个好主意。 There is a way to bypass the UAC without underground ways ? 有没有一种方法可以绕过UAC而无需地下方法? Or how can I force the OSK to respond on all mouse events that I send to him. 或者如何强制OSK对发送给他的所有鼠标事件做出响应。
1 个解决方案
解决方案1
4 已采纳 2015-02-11 14:01:17
Here is a snip of the manifest that is embedded in Osk.exe: 这是嵌入在Osk.exe中的清单的一个片段:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="true"/>
</requestedPrivileges>
</security>
</trustInfo>
Note the level it asks for, asInvoker does not ask for UAC elevation, only requireAdministrator does. 需要注意的level ,它要求,asInvoker 不要求UAC提升,只有requireAdministrator一样。 In other words, it runs with whatever privileges the starting program has. 换句话说,它以启动程序具有的任何特权运行。 You can tell, you don't get the consent prompt when you start Osk.exe 您可以说,启动Osk.exe时没有得到同意提示
What matters here is uiAccess . 此处重要的是uiAccess 。 With it set to true , the program bypasses UIPI. 将其设置为true时 ,程序将绕过UIPI。 The lesser-known twin of UAC, User Interface Privilege Isolation protects against shatter attacks by disallowing another process to poke keystrokes and mouse clicks into the window owned by an elevated app. UAC鲜为人知的双胞胎用户界面特权隔离通过不允许另一个进程将键盘敲击和鼠标单击戳入高架应用程序所拥有的窗口中来防止遭受破坏攻击。 Such a process still runs in high integrity mode, that's why you cannot poke into Osk yourself, but doesn't have the privileges enabled that make an UAC elevated app dangerous. 这样的过程仍在高完整性模式下运行,这就是为什么您不能自己戳入Osk,但没有启用使UAC提升的应用程序变得危险的特权。
This is not unusual, most any program that uses UI Automation or provides an accessibility feature needs to be able to do this. 这并不罕见,大多数使用UI自动化或提供可访问性功能的程序都必须能够做到这一点。 Like Osk.exe, it needs to be able to poke keystrokes into any app. 与Osk.exe一样,它需要能够将击键击入任何应用程序。 Clearly what you want to do as well. 显然,您也想做什么。
Getting uiAccess does not require the user to consent to a prompt like UAC elevation does. 获取uiAccess不需要用户像UAC提升一样同意提示。 The operating system has to "trust" you. 操作系统必须“信任”您。 Covered well in this MSDN article , "UIAccess for UI automation applications" section. 在MSDN这篇文章的 “用于UI自动化应用程序的UIAccess”一节中对此进行了很好的介绍。 I'll just summarize it here: 我在这里总结一下:
- Set uiAccess="true" in the application manifest 在应用清单中设置uiAccess =“ true”
- Your executable must have valid digital certificate, the kind you buy from a vendor like Verisign. 您的可执行文件必须具有有效的数字证书,即您从Verisign等供应商处购买的证书。
- Your executable must be stored in a directory that has write access denied, in a subdirectory of c:\\program files or c:\\windows. 您的可执行文件必须存储在c:\\ program文件或c:\\ windows子目录下的拒绝写访问的目录中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.