12

I've read this answer about how one cannot use drag & drop files from explorer (typically running without extra admin privileges) with UAC-elevated applications.

One would think that elevating privileges to an EXE would give, well, more privileges, yet MS managed to give less privileges and break drag & drop functionality at the same time!

Anyway, while appreciated, the answer given by Mr. Arnaud Bouchez (disabling UIPI - User Interface Privilege Isolation) seems a bit hackish, my question is: is there a recommended way to programmatically enable drag & drop without messing with user's registry

I'm thinking about requesting "drag & drop ability" in manifest or something like that.

NOTE: I mainly have this problem with Windows 7, but I assume the question is pertinent all Windows versions starting from Vista

Community
  • 1
  • 1
TheDude
  • 3,045
  • 4
  • 46
  • 95
  • 4
    In fact MS got this right. You don't want some low life program sending messages to elevated process. You should re-consider why you want your GUI app to run elevated in the first place. And if it's essential, consider staying within the security design and not accepting things from lower rights apps. – David Heffernan Dec 30 '12 at 15:44
  • @DavidHeffernan: one such example is Total Commander that I use heavily: I always elevate it to be able to read/write program files and system32 folder but I still want to be able to drag from/to explorer. – Remko Dec 30 '12 at 16:36
  • 3
    @Remko You'd be better off just disabling UAC if you spend all of your time writing to those folders – David Heffernan Dec 30 '12 at 16:46
  • 1
    @DavidHeffernan: MS basically disallowed elevated programs from interacting via drag n' drop with Windows Explorer (which is *not* a low life program!). With all due respect, I can't believe someone is not seeing the inability to use drag from Explorer as a handicap! (BTW, yes, I *do* have **very** strong reasons to run my app in an elevated mode :() – TheDude Dec 30 '12 at 20:17
  • Why do you run elevated? Anyway, if you want to sidestep this then just switch UAC off. If you let low priv processes invoke commands in high priv processes then it's easier for a low priv process to gain admin rights. That's a shatter attack. – David Heffernan Dec 30 '12 at 20:19
  • It's beyond the scope of my question, let's just say I have to. Also, turning UAC off isn't an option. Even if I could, my application will **never** turn off users' UAC, that's crazy! – TheDude Dec 30 '12 at 20:22
  • I didn't suggest that. Yes that would be crazy. I meant on your machine. One common route is only to elevate for the portions of your app that need elevated rights. So the main app runs as standard user. But the parts that need elevation run in a separate process. Or does everything your app do need elevation? – David Heffernan Dec 30 '12 at 20:24
  • In any case, Sertac showed you how to do what you want – David Heffernan Dec 30 '12 at 20:30
  • @DavidHeffernan: elevating proportions of my app isn't something that I considered, I'm not even sure how to do that and/or if it would be worth the effort. I'll consider that, thank you very much for the suggestion :) – TheDude Dec 30 '12 at 20:34
  • You do need a separate process. Can be the same exe with special startup args. – David Heffernan Dec 30 '12 at 20:45

1 Answers1

16

You can change the UIPI filter on the window of the privileged application by using ChangeWindowMessageFilterEx to let file drag&drop related messages be received. WM_DROPFILES is the most obvious one, WM_COPYDATA is another one. There's also an undocumented message involved: $0049, you'll find sometimes it is referred to as WM_COPYGLOBALDATA. In fact a search on the last one, I believe, will reveal some code examples related with your question.

Sertac Akyuz
  • 54,131
  • 4
  • 102
  • 169