Login/Register
How to receive keyboard input from application with admin privileges to a non-admin application?
Asked Answered
Solved delphiwinapikeyboard-hookuipi
A

1

11

I have programmed an application that has an overlay-kind of window that can be shown and hidden via hotkey while another application has the focus. Said other application is a DirectX game that runs with admin privileges.

I have already tried 3 possible solutions to get notified when my hotkey is pressed in the other application, 2 of them kind of work, but require my application to have administrative privileges too. That is kind of acceptable, but I'd much rather have a solution that does not require those privileges. I am sure that there has to be a way, since applications like TeamSpeak do manage to receive input without being run as admin.

What I have tried already:

  1. RegisterHotkey - not suitable because it doesn't work while in DirectX windows.
  2. SetWindowsHookEx - works as a general keyboard hook, but only with admin privileges.
  3. GetAsyncKeyState - works to check the specified hotkey, but not without admin privileges yet again.

So yeah, I'd be really grateful if someone could provide an idea for a different solution since there is nothing more I could think of ... I am using Delphi, but since I'm relying on Windows API anyways I don't think the solution will be language specific.

Apostate answered 9/4, 2013 at 9:51 Comment(0)
F
4

I think TeamSpeak uses DirectInput for its hotkeys (a nice fit for you if you are already using DirectX). As for interacting with elevated programs, I think the only solution, and I believe the one TeamSpeak uses, is to embed an application manifest that sets uiAccess=true. This allows you to bypass UIPI without needing to run the application as administrator.

http://msdn.microsoft.com/en-us/library/bb756929.aspx

For this to work there are a few caveats

  • The application must be authenticode signed
  • The application must reside in a protected directory (\ProgramFiles\,\system32)

You can self-sign the application (as the alternative is expensive!) but you have to distribute the certificate manually and install it on any system running the application in question.

Florrie answered 9/4, 2013 at 11:23 Comment(2)
Thanks for your input, this seems to be the proper solution. However from what I've read, providing such a self-signed certificate along with my installer is a potential security risk, which I'd rather not take as I've no deeper insight into the matter ... correct me if I'm wrong though.Apostate
@HeinaBaumstamm I suppose it is safer for the user to have your application run with uiAccess over full admin privilege...in either case you have to have them trust that you're not foisting malware on them. Otherwise, the probability for your application to be an entry point for external exploits is rather minimal. Certainly your application will be more limited in the accidental damage it might cause through bugs if you run with uiAccess over straight admin. It's really a matter of convenience and trust...depends who will be using program, really.Florrie

© 2022 - 2024 — McMap. All rights reserved.