how to call another application from qt in run admistrator mode

Blackzero

as in the title I want to call another application in run admistrator mode from the main application, will this process be detected as a virus by Windows security?

JonB

@Blackzero said in how to call another application from qt in run admistrator mode:

will this process be detected as a virus by Windows security?

Not particularly, why should it be? Unless you are saying that is a Windows "feature". And I don't see why it would be affected by whether you spawn it from a Qt program or not.

Blackzero

@JonB said in how to call another application from qt in run admistrator mode:

whether you spawn it from a Qt program or not.

yes I bring it up from the Qt program the application I call is my own creation he needs adminstartor rights to change the main application or called Auto Update.exe

Blackzero

@JonB I have tried this code on another laptop but nothing seems to happen, the Auto Update application opens but when Auto Update wants to install the downloaded file it fails but if it is run with adminstartor rights manually Auto update can install the file in the C:/Program Files/ folder.

QStringList arguments;
arguments << QString(“/c”) << QString(“start”) << QString(“AutoUpdate.exe”);
bool success = QProcess::startDetached(“cmd.exe”, arguments);

Bonnie

Normally, the called process won't have adminstartor privilege unless the caller process already have it.
You need to make AutoUpdate.exe request adminstartor privilege itself.
In that case during QProcess::startDetached Qt will first try CreateProcess API and receive an ERROR_ELEVATION_REQUIRED error. Then it will try ShellExecuteEx API which will trigger an UAC prompt.
Edit: I mean start AutoUpdate.exe directly not by cmd.exe.

Blackzero

@Bonnie said in how to call another application from qt in run admistrator mode:

unless the caller process already have it.
You need to make AutoUpdate.exe request adminstartor privilege itself.

so in order for AutoUpdate.exe to have administartor rights I have to change it like a manifest?

Blackzero

@Bonnie I used 2 ways here, I don't know if this way is stupid, I changed the AutoUpdate manifest and called AutoUpdate in this way

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' publicKeyToken='6595b64144ccf1df' language='*' processorArchitecture='*' />
    </dependentAssembly>
  </dependency>
</assembly>

QString pathToAutoUpdate = "AutoUpdate.exe";
runAsAdmin(pathToAutoUpdate);
void runAsAdmin(const QString &exePath) {
    LPCWSTR applicationPath = (LPCWSTR)exePath.utf16();
    HINSTANCE hInstance = ShellExecute(nullptr, L"runas", applicationPath, nullptr, nullptr, SW_SHOWNORMAL);
    if (reinterpret_cast<intptr_t>(hInstance) <= 32) {
    } else {
        qApp->quit();
    }
}

Bonnie

Looks fine by me. In my original reply I mean after setting the manifest thing of AutoUpdate (which makes it only runs in admin mode), QProcess::startDetached would handle ERROR_ELEVATION_REQUIRED by calling ShellExecuteEx. But it is OK to use ShellExecute directly if cross-platform is not required.

Blackzero

@Bonnie yes this is working fine, thanks for giving advice

SimonSchroeder

@Blackzero said in how to call another application from qt in run admistrator mode:

will this process be detected as a virus by Windows security?

There is antivirus software which will detect this as potential thread. This has, however, nothing to do with administrator mode. Programs that execute other programs show suspicious behavior in general. The best you can do to improve the situation is to sign your software (which is what we did). It's not bullet proof, but helps a lot with certain AV products.

JonB

@SimonSchroeder said in how to call another application from qt in run admistrator mode:

Programs that execute other programs show suspicious behavior in general.

You mean like Command Prompt? Or make? Or C++ compiler? Or IDE? Or bat files? Are these really all "signed for AV", e.g. MInGW toolchain?

SimonSchroeder

@JonB That's just my observation with our company's software. There are two different levels of code signing (we are using the simpler one: The signature includes our name and the identity was checked by the issuing company, but the trust chain does not go up to Microsoft itself.). But I bet that all Microsoft products are signed properly (even the command prompt) to avoid being detected by AV software. I've seen at least some open source software being signed (not sure about MinGW, though).

bat files are different as they are not executables. However, every bat file you download from the internet or which is saved on a network drive (everything not your own computer is the "internet" for Windows) will warn you that it might be unsafe to execute and if you are really sure if you want to do this. Every. Single. Time. This is not AV, but just Windows being careful about "untrusted sources" (even opening an Excel or Word file from a network drive by default is only opened in read-only mode).

JonB

@SimonSchroeder said in how to call another application from qt in run admistrator mode:

will warn you that it might be unsafe to execute and if you are really sure if you want to do this. Every. Single. Time. This is not AV, but just Windows being careful about "untrusted sources"

Is this the one where the file properties shows "This was downloaded from a remote source" and I clear that if I'm happy with it and then it's fine? I certainly execute things from other LAN machines. I rarely download a .bat file!