Tyler Posted June 25, 2007 Share Posted June 25, 2007 I am having an odd problem within my script in Vista. I am using the script as a wrapper to start and stop various programs to analyze malware. These programs require Administrative privileges, so to get around the UAC prompts I set RunAsSet before calling the programs. At the point before I run the malware I drop privs back to the normal user by calling RunAsSet(), and then after running the malware for a specific period of time I RunAsSet back to Administrator to stop the analysis programs. Make sense so far? Here is my problem, when I begin to stop the programs I have RunAsSet("Administrator",...) set but the script is not actually running as Administrator. For some reason, when I try to stop one of the programs as the user the script is running under, I cannot even activate the window! I've tried WinActivate, various ControlFocus commands and everything else I can think of. Nothing will bring focus to that program. The only thing that works is to call my program again so it will run as Administrator and stop the program that way. When I do that, it has no problem stopping the program. I assume this is happening because the process is running as Administrator. If thats the case, why can I manually shut the program down when it is running as Administrator? Am I missing something or have I found some weird bug? Thanks in advance. If anyone needs me to post some code so it makes more sense I will. Tyler Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 25, 2007 Share Posted June 25, 2007 I don't have Vista and can't test, but I guess your process is still parent to the "Administrator's" process you spawned with RunAsSet(), giving you kill rights to it despite not being Admin. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now