Hands-On LabInstaller Detection - .NET

Lab version: 1.0.0

Last updated: 5/15/2023

Installer Detection - .NET

CONTENTS

OVERVIEW................................................................................................................................................. 3

EXERCISE 1: INSTALLER DETECTION ISSUES.....................................................................................4Task 1 - Make Sure UAC is Active.........................................................................................................4

Task 2 - Identifying the Problem..........................................................................................................5

EXERCISE 2: SOLVING THE PROBLEM..................................................................................................5Task 1 - Adding an External Manifest..................................................................................................5

Task 2 - Adding an Embedded Manifest..............................................................................................7

SUMMARY................................................................................................................................................ 11

2

Installer Detection - .NET

Overview

Objectives

In this lab, you will learn how to:

Identify issues related to installer detection on Windows Vista® and later versions

Fix installer detection issues

System Requirements

You must have the following items to complete this lab:

Microsoft Visual Studio® 2008 SP1

Microsoft Windows 7

3

Installer Detection - .NET

Exercise 1: Installer Detection Issues

In this exercise, you will look at an “old” executable that is mistakenly identified as an installer, when in fact it is a normal application that does not require administrative privileges.

Task 1 - Make Sure UAC is Active

In this task, you will confirm that User Account Control (UAC) is active. This will allow the problem to appear.

1. From Start:

a. Click Control Panel.

b. Click User Accounts and Family Safety.

c. Click User Accounts.

d. Click Change User Account Control Settings. A dialog box similar to the following should appear.

Help

Alternatively, click Start, click Run, and type UAC. Then click Change User Account Control Settings.

4

Installer Detection - .NET

2. Make sure the slider is set at the default level as pictured (you can set it to another level, but not to Never notify, as this disables UAC).

3. Click OK.

Task 2 - Identifying the Problem

1. Navigate to the BrokenStockUpdater\Debug folder with Windows Explorer.

2. Switch to medium or large icon view to make it easier to see the shield icon overlay that appears over the BrokenManagedStockUpdater.Exe file. It should look something like this:

3. Double-click the file and verify that a UAC prompt for elevation appears. This is undesired behavior, stemming from the fact that the word “update” is included in the filename (and it is a 32-bit application without a manifest). The heuristics include the words “setup,” “install,” and “update.”

Exercise 2: Solving the Problem

The problem identified in the last task can be solved by adding a manifest, either external or internal.

Task 1 - Adding an External Manifest

1. Navigate to the BrokenStockUpdater\Debug folder with Windows Explorer and:

5

Installer Detection - .NET

a. Right-click an empty space.

b. Point to New.

c. Click Text Document.

d. Name it BrokenManagedStockUpdate.Exe.manifest.

Help

Notice that as soon as the file exists with the new name, even though it is still empty, the shield icon overlay disappears.

2. Open the manifest file in Notepad or another text editor.

3. Enter the following text:

XML

<?xml version="1.0" encoding="utf-8"?><asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="StockUpdater"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo></asmv1:assembly>

Help

The critical information is the level attribute. The value asInvoker instructs the .exe file to run with the same privileges as the creator (for example, Windows Explorer), which indicates that

6

Installer Detection - .NET

this .exe file is not an installer, but a regular application. The other relevant level is requireAdministrator, indicating that this .exe file needs administrative privileges to operate correctly. For example, it is an actual installer and needs access to privileged locations, such as \Windows\System32 folder or HKEY_LOCAL_MACHINE\Software key.

4. Save the file.

5. Exit the text editor.

6. Verify that the change works as expected by double-clicking the .exe file. This time, you should not see a UAC elevation prompt and the application should function normally.

Task 2 - Adding an Embedded Manifest

For C#:

1. Open the BrokenStockUpdater.sln solution file located in the BrokenStockUpdater folder with Visual Studio 2008.

2. Examine the BrokenManagedStockUpdater project. This project has no manifest. To verify this:

3. Click the Project menu

4. Click Properties

5. Click Application (it should be selected already). The Icon and Manifest button should be selected and the Manifest setting should say Create application without a manifest, as shown in the following screen shot:

7

Installer Detection - .NET

Help

The default setting in Visual Studio 2008 is to generate a manifest file.

6. Change the Manifest setting to Embed manifest with default settings as shown:

8

Installer Detection - .NET

7. Rebuild the solution

8. Delete the manifest file from the previous task. Make sure the shield icon disappears, and no UAC elevation prompt appears when double-clicking the application.

Help

The fixed solution is in the FixedStockUpdater.sln located in the FixedStockUpdater folder.

For Visual Basic:

1. Open the BrokenStockUpdater.sln solution file located in the BrokenStockUpdater folder with

2. Visual Studio 2008.

3. Examine the BrokenManagedStockUpdater project. This project has no manifest by default in solution explorer.

4. Click the Project menu

5. Click Properties and click on “View UAC Settings”

9

Installer Detection - .NET

Help

The setting does not allow you to change the UAC level (it is set to asInvoker by default). To get other values, you can add a new item of type Application Manifest File and get the entire XML manifest to edit as text.

6. Save and Rebuild the solution.

7. Delete the manifest file from the previous task. Make sure the shield icon disappears, and no UAC elevation prompt appears when double-clicking the application.

Help

The fixed solution is in the FixedStockUpdater.sln located in the FixedStockUpdater folder.

10

Installer Detection - .NET

Summary

In this lab, you learned how installer detection works. You learned that 32-bit images without a manifest containing certain keywords in the filename might cause elevation of privileges when not actually needed. The reverse problem is also possible, where an installer that fails the heuristics is not elevated automatically when it actually requires it.

For more information, please refer to:

Application Compatibility Cookbook: http://msdn.microsoft.com/en-us/library/bb963893.aspx

The Windows Vista and Windows Server® 2008 Developer Story: http://msdn.microsoft.com/en-us/library/aa905330.aspx

11