uac.cpp - This is a C++ code snippet that appears to be par…

/admin/win/nsi/nsis_uac/uac.cpp

http://github.com/tomahawk-player/tomahawk · C++ · 1518 lines · 1438 code · 39 blank · 41 comment · 66 complexity · c61bd6a7e2029a603bf357d381fbdb94 MD5 · raw file

//Copyright (C) 2007 Anders Kjersem. Licensed under the zlib/libpng license, see License.txt for details.

/*

UAC plugin for NSIS

===================

Compiled with VC6+PlatformSDK (StdCall & MinimizeSize)





Todo:

-----

¤GetCurrentDir in elevated parent and pass along to outer process for Exec* (or somekind of ipc to request it if workingdir param is empty)

X¤Check if secondary logon service is running in SysElevationPresent() on NT5

¤Use IsUserAnAdmin? MAKEINTRESOURCE(680) export on 2k (it even exists on NT4?) //http://forums.winamp.com/showthread.php?s=&threadid=195020

¤AllowSetForegroundWindow

¤Use RPC instead of WM_COPYDATA for IPC

¤Autodetect "best" default admin user in MyRunAs

¤Use ChangeWindowMessageFilter so we can get >WM_USER msg success feedback and possibly fill the log with detailprints

¤Hide IPC window inside inner instance window? (Could this add unload problems?)

¤CREATE_PRESERVE_CODE_AUTHZ_LEVEL? http://msdn2.microsoft.com/en-us/library/ms684863.aspx

¤UpdateProcThreadAttribute?

¤Consent UI on XP ?

¤All langs in single file; [MyRunAsStrings]>LangSections != 0 then load strings from [langid] sections

¤BroadcastSystemMessage to help with SetForeground

¤UAC::StackPop





Notes:

------

Primary integrity levels:

Name					SID				RID 

Low Mandatory Level		S-1-16-4096		0x1000

Medium Mandatory Level	S-1-16-8192		0x2000

High Mandatory Level	S-1-16-12288	0x3000

System Mandatory Level	S-1-16-16384	0x4000



*/



#define UAC_HACK_Clammerz	//ugly messagebox focus hack for .onInit

#define UAC_HACK_FGWND1		//super ugly fullscreen invisible window for focus tricks



#define UAC_INITIMPORTS

#include "UAC.h"

#include <objbase.h>//CoInitialize

#include "NSISUtil.h"

using namespace NSIS;

NSISUTIL_INIT();





#define ERRAPP_BADIPCSRV (0x20000000|1)

#define SW_INVALID ((WORD)-1)

#define IPCTOUT_DEF (1000*3) //default timeout for IPC messages

#define IPCTOUT_SHORT 1500

#define IPCTOUT_LONG (IPCTOUT_DEF*2)



enum _IPCSRVWNDMSG 

{

	IPC_GETEXITCODE=WM_USER,	//Get exit-code of the process spawned by the last call to ExecWait/ShellExecWait

	IPC_ELEVATEAGAIN,

	IPC_GETSRVPID,				//Get PID of outer process

	IPC_GETSRVHWND,				//Get $HWNDParent of outer process

	IPC_EXECCODESEGMENT,		//wp:pos | lp:hwnd | returns ErrorCode+1

	IPC_GETOUTERPROCESSTOKEN,	

#ifdef UAC_HACK_FGWND1

	IPC_HACKFINDRUNAS,

#endif

};



enum _COPYDATAID 

{

	CDI_SHEXEC=666,	//returns WindowsErrorCode+1

	CDI_SYNCVAR,

	CDI_STACKPUSH,

};



typedef struct 

{

	UINT VarId;

	NSISCH buf[ANYSIZE_ARRAY];

} IPC_SYNCVAR;



typedef struct 

{

	HWND hwnd;

	bool Wait;

	bool UseCreateProcess;

	WORD ShowMode;	

	NSISCH*strExec;

	NSISCH*strParams;

	NSISCH*strWorkDir;

	NSISCH*strVerb;

	NSISCH buf[ANYSIZE_ARRAY];

} IPC_SHEXEC;





typedef struct 

{

	HINSTANCE	hInstance;

	HWND		hSrvIPC;

	BYTE		DllRef;

	bool		UseIPC;

	bool		CheckedIPCParam;

	UINT NSISStrLen;

	//IPC Server stuff:

	HANDLE		hElevatedProcess;

	HANDLE		threadIPC;

	DWORD		LastWaitExitCode;//Exit code of process started from last call to ExecWait/ShellExecWait

	NSIS::extra_parameters*pXParams;

	bool		ElevateAgain;

	//DelayLoadedModules:

	HMODULE		hModAdvAPI;

} GLOBALS;





GLOBALS g = {0};





void StopIPCSrv();

DWORD _GetElevationType(TOKEN_ELEVATION_TYPE* pTokenElevType);

bool GetIPCSrvWndFromParams(HWND&hwndOut);







#if _MSC_VER >= 1400 //MSVC 2005 wants to pull in the CRT, let's try to help it out

void* __cdecl memset(void*mem,int c,size_t len) 

{

	char *p=(char*)mem;

	while (len-- > 0){*p++=c;}

	return mem;

}

#endif







FORCEINLINE NSISCH* GetIPCWndClass() { return _T("NSISUACIPC"); }

FORCEINLINE bool StrCmpI(LPCTSTR s1,LPCTSTR s2) {return 0==lstrcmpi(s1,s2);}

LPTSTR StrNextChar(LPCTSTR Str) { return CharNext(Str); }

bool StrContainsWhiteSpace(LPCTSTR s) { if (s) {while(*s && *s>_T(' '))s=StrNextChar(s);if (*s)return true;}return false; }



DWORD GetSysVer(bool Major=true) 

{

	OSVERSIONINFO ovi = { sizeof(ovi) };

	if ( !GetVersionEx(&ovi) ) return 0;

	return Major ? ovi.dwMajorVersion : ovi.dwMinorVersion;

}

#define GetOSVerMaj() (GetSysVer(true))

#define GetOSVerMin() (GetSysVer(false))



UINT_PTR StrToUInt(LPTSTR s,bool ForceHEX=false,BOOL*pFoundBadChar=0) 

{

	UINT_PTR v=0;

	BYTE base=ForceHEX?16:10;	

	if (pFoundBadChar)*pFoundBadChar=false;

	if ( !ForceHEX && *s=='0' && ((*(s=StrNextChar(s)))&~0x20)=='X' && (s=StrNextChar(s)) )base=16;

	for (TCHAR c=*s; c; c=*(s=StrNextChar(s)) ) 

	{

		if (c >= _T('0') && c <= _T('9')) c-='0';

		else if (base==16 && (c & ~0x20) >= 'A' && (c & ~0x20) <= 'F') c=(c & 7) +9;

		else 

		{

			if (pFoundBadChar /*&& c!=' '*/)*pFoundBadChar=true;

			break;

		}

		v*=base;v+=c;

	}

	return v;

}



LPTSTR FindExePathEnd(LPTSTR p) 

{

	if ( *p=='"' && *(++p) ) 

	{

		while( *p && *p!='"' )p=StrNextChar(p);

		if (*p)

			p=StrNextChar(p);

		else 

			return 0;

	}

	else 

		if ( *p!='/' )while( *p && *p!=' ' )p=StrNextChar(p);

	return p;

}





#ifdef FEAT_MSRUNASDLGMODHACK

HHOOK g_MSRunAsHook;

void MSRunAsDlgMod_Unload(void*hook) 

{

	if (hook) 

	{

		//ASSERT(g_MSRunAsHook==hook);

		UnhookWindowsHookEx((HHOOK)hook);

		//g_MSRunAsHook=0;

	}

}

LRESULT CALLBACK MSRunAsDlgMod_ShellProc(int nCode,WPARAM wp,LPARAM lp) 

{

	CWPRETSTRUCT*pCWPS;

	if (nCode >= 0 && (pCWPS=(CWPRETSTRUCT*)lp) && WM_INITDIALOG==pCWPS->message)

	{

		TCHAR buf[30];

		GetClassName(pCWPS->hwnd,buf,COUNTOF(buf));

		if (!lstrcmpi(buf,_T("#32770"))) 

		{ 

			const UINT IDC_USRSAFER=0x106,IDC_OTHERUSER=0x104,IDC_SYSCRED=0x105;

			GetClassName(GetDlgItem(pCWPS->hwnd,IDC_SYSCRED),buf,COUNTOF(buf));

			if (!lstrcmpi(buf,_T("SysCredential"))) //make sure this is the run as dialog

			{

				MySndDlgItemMsg(pCWPS->hwnd,IDC_USRSAFER,BM_SETCHECK,BST_UNCHECKED);

				MySndDlgItemMsg(pCWPS->hwnd,IDC_OTHERUSER,BM_CLICK);

			}

		}

	}

	return CallNextHookEx(g_MSRunAsHook,nCode,wp,lp);

}

void* MSRunAsDlgMod_Init() 

{

	if(GetOSVerMaj()!=5 || GetOSVerMin()<1)return NULL;//only XP/2003

	return g_MSRunAsHook=SetWindowsHookEx(WH_CALLWNDPROCRET,MSRunAsDlgMod_ShellProc,0,GetCurrentThreadId());

}

#endif



DWORD DllSelfAddRef() 

{

	NSISCH buf[MAX_PATH*5];//Lets hope $pluginsdir is shorter than this, only special builds could break this

	DWORD len=GetModuleFileName(g.hInstance,buf,MAX_PATH*5);

	if ( len && len<MAX_PATH*5 && LoadLibrary(buf) ) 

	{

		if (!g.DllRef)g.DllRef++;

		return NO_ERROR;

	}

	ASSERT(!"DllSelfAddRef failed!");

	return ERROR_BUFFER_OVERFLOW;

}



FORCEINLINE DWORD MaintainDllSelfRef() //Call this from every exported function to prevent NSIS from unloading our plugin

{ 

	if(!g.CheckedIPCParam && !g.DllRef) 

	{

		HWND hSrv;

		g.CheckedIPCParam=true;

		g.UseIPC=GetIPCSrvWndFromParams(hSrv);

		if(g.UseIPC) 

		{

			g.DllRef++;

			g.hSrvIPC=hSrv;

		}

	}

	return (g.DllRef)?DllSelfAddRef():NO_ERROR;

}





DWORD SendIPCMsg(UINT Msg,WPARAM wp,LPARAM lp,DWORD_PTR&MsgRet,DWORD tout=IPCTOUT_DEF,const HWND hIPCSrv=g.hSrvIPC) 

{

	if (tout==INFINITE) //BUGFIX: SendMessageTimeout(...,INFINITE,...) seems to be broken, SendMessageTimeout(...,SMTO_NORMAL,0,..) seems to work but why take the chance

	{

		MsgRet=SendMessage(hIPCSrv,Msg,wp,lp);

		return NO_ERROR;

	}

	if ( SendMessageTimeout(hIPCSrv,Msg,wp,lp,SMTO_NORMAL,tout,&MsgRet) )return NO_ERROR;

	return (tout=GetLastError()) ? tout : ERROR_TIMEOUT; 

}



void _Unload() 

{

	StopIPCSrv();

	if (g.DllRef) 

	{

		g.DllRef=0;

		FreeLibrary(g.hInstance);

		//Why bother?> FreeLibrary(g.hModAdvAPI);

	}

}



DWORD DelayLoadGetProcAddr(void**ppProc,HMODULE hLib,LPCSTR Export) 

{

	ASSERT(ppProc && hLib && Export);

	if (!*ppProc) 

	{

		*ppProc=GetProcAddress(hLib,Export);

		if (!*ppProc)return GetLastError();

	}

	return NO_ERROR;

}



DWORD DelayLoadDlls() 

{



#ifdef UNICODE

#	define __DLD_FUNCSUFFIX "W"

#	else

#	define __DLD_FUNCSUFFIX "A"

#	endif



	if (!g.hModAdvAPI) //using g.hModAdvAPI to test if this is the first time we have been called

	{

		struct 

		{

			HMODULE*pMod;

			LPCSTR DllName;//NOTE: Always using ANSI strings to save a couple of bytes

		} 

		dld[]=

		{ 

			{&g.hModAdvAPI,"AdvAPI32"},

			{0}

		};

		DWORD ec;

		UINT o;



		for (o=0; dld[o].pMod; ++o)

			if ( !(*dld[o].pMod=LoadLibraryA(dld[o].DllName)) )

				return GetLastError();



		struct 

		{

			HMODULE hMod;

			void**ppProc;

			LPCSTR Export;

			bool Optional;

		} 

		dldprocs[]=

		{

			{GetModuleHandle(_T("USER32")),(void**)&_AllowSetForegroundWindow,"AllowSetForegroundWindow",true},

			{g.hModAdvAPI,(void**)&_OpenProcessToken,			"OpenProcessToken"},

			{g.hModAdvAPI,(void**)&_OpenThreadToken,			"OpenThreadToken"},

			{g.hModAdvAPI,(void**)&_GetTokenInformation,		"GetTokenInformation"},

			{g.hModAdvAPI,(void**)&_AllocateAndInitializeSid,	"AllocateAndInitializeSid"},

			{g.hModAdvAPI,(void**)&_FreeSid,					"FreeSid"},

			{g.hModAdvAPI,(void**)&_EqualSid,					"EqualSid"},

			{g.hModAdvAPI,(void**)&_CheckTokenMembership,		"CheckTokenMembership",true},

			#ifdef FEAT_CUSTOMRUNASDLG

			{g.hModAdvAPI,(void**)&_GetUserName,			"GetUserName" __DLD_FUNCSUFFIX},

			{g.hModAdvAPI,(void**)&_CreateProcessWithLogonW,"CreateProcessWithLogonW",true},

			{LoadLibraryA("SECUR32"),(void**)&_GetUserNameEx,"GetUserNameEx" __DLD_FUNCSUFFIX,true},//We never free this library

			#endif

			{0}

		};

//#undef __DLD_FUNCSUFFIX

		for (o=0; dldprocs[o].hMod; ++o)

			if (ec=DelayLoadGetProcAddr(dldprocs[o].ppProc,dldprocs[o].hMod,dldprocs[o].Export) && !dldprocs[o].Optional) 

			{

				TRACEF("DelayLoadDlls failed to find %s in %X\n",dldprocs[o].Export,dldprocs[o].hMod);

				return ec;

			}

	}

	return NO_ERROR;

}



void AllowOuterInstanceWindowFocus() 

{

	if (g.UseIPC) 

	{

		DWORD_PTR MsgRet;

		if (!SendIPCMsg(IPC_GETSRVPID,0,0,MsgRet,IPCTOUT_SHORT) && MsgRet && _AllowSetForegroundWindow)_AllowSetForegroundWindow(MsgRet);

	}

}



DWORD SyncVars(HWND hwndNSIS) 

{

	DWORD i,ec=NO_ERROR;

	IPC_SYNCVAR*pSV=0;

	if (!g.UseIPC)return NO_ERROR;

	g.NSISStrLen=NSIS::StrSize;

	TRACEF("SyncVars: g.NSISStrLen=%d\n",g.NSISStrLen);ASSERT(g.NSISStrLen>10);

	DWORD cbStruct=FIELD_OFFSET(IPC_SYNCVAR,buf[g.NSISStrLen+1]);

	pSV=(IPC_SYNCVAR*)MemAlloc(cbStruct);

	if (!pSV)

		goto die_GLE;

	else 

	{

		COPYDATASTRUCT cds={CDI_SYNCVAR,cbStruct,pSV};

		for (i=0;i<__INST_LAST && !ec;++i) 

		{

			pSV->VarId=i;

			lstrcpyn(pSV->buf,GetVar(i),g.NSISStrLen);

			DWORD MsgRet;//TRACEF("SyncVars: (%d)%s|\n",i,pSV->buf);

			if (!(ec=SendIPCMsg(WM_COPYDATA,(WPARAM)hwndNSIS,(LPARAM)&cds,MsgRet,3000 )))ec=MsgRet-1;

		}	

	}

	return ec;

die_GLE:

	return GetLastError();

}



DWORD _Exec(HWND hwnd,NSISCH*Verb,NSISCH*Exec,NSISCH*Params,NSISCH*WorkDir,WORD ShowWnd,bool Wait,bool UseCreateProcess) 

{

	DWORD ec;

	NSISCH*buf=0;

	SHELLEXECUTEINFO sei={sizeof(SHELLEXECUTEINFO)};

	sei.hwnd		=hwnd;

	sei.nShow		=(ShowWnd!=SW_INVALID)?ShowWnd:SW_NORMAL;

	sei.fMask		=SEE_MASK_FLAG_DDEWAIT;

	sei.lpFile		=(Exec&&*Exec)			?Exec:0;

	sei.lpParameters=(Params&&*Params)		?Params:0;

	sei.lpDirectory	=(WorkDir&&*WorkDir)	?WorkDir:0;

	sei.lpVerb		=(Verb&&*Verb)			?Verb:0;

	TRACEF("_Exec:%X|%s|%s|%s|wait=%d useCreateProc=%d ShowWnd=%d useShowWnd=%d\n",hwnd,Exec,Params,WorkDir,Wait,UseCreateProcess,ShowWnd,ShowWnd!=SW_INVALID);

	if (UseCreateProcess) 

	{

		STARTUPINFO si={sizeof(STARTUPINFO)};

		if (ShowWnd != SW_INVALID) 

		{

			si.dwFlags|=STARTF_USESHOWWINDOW;

			si.wShowWindow=sei.nShow;

		}

		PROCESS_INFORMATION pi;

		const NSISCH*Q=( (*Exec!='"') && (*Params) && StrContainsWhiteSpace(Exec)) ? _T("\"") : _T("");//Add extra quotes to program part of command-line?

		const DWORD len= ((*Q)?2:0) + lstrlen(Exec) + 1 + lstrlen(Params) + 1;

		buf=(NSISCH*)NSIS::MemAlloc(len*sizeof(NSISCH));

		if (!buf)return ERROR_OUTOFMEMORY;

		//Build string for CreateProcess, "[Q]<Exec>[Q][Space]<Params>"

		wsprintf(buf,_T("%s%s%s%s%s"),Q,Exec,Q,((*Params)?_T(" "):_T("")),Params);

		TRACEF("_Exec: calling CreateProcess>%s< in >%s< addedQ=%d show=%u\n",buf,sei.lpDirectory,*Q,sei.nShow);

		if ( !CreateProcess(0,buf,0,0,false,0,0,sei.lpDirectory,&si,&pi) ) goto die_GLE;

		CloseHandle(pi.hThread);

		sei.hProcess=pi.hProcess;

	}

	else 

	{

		sei.fMask|=SEE_MASK_NOCLOSEPROCESS;

		TRACEF("_Exec: calling ShellExecuteEx...\n");

		if ( !ShellExecuteEx(&sei) )goto die_GLE;

	}

	if (Wait) 

	{

		WaitForSingleObject(sei.hProcess,INFINITE);

		GetExitCodeProcess(sei.hProcess,&g.LastWaitExitCode);

	}

	else WaitForInputIdle(sei.hProcess,1500);//wait a little bit so the finish page window does not go away too fast and cause focus problems



	CloseHandle(sei.hProcess);

	ec=NO_ERROR;

ret:

	if (buf)NSIS::MemFree(buf);

	return ec;

die_GLE:

	ec=GetLastError();

	TRACEF("_Exec>%s failed with error %u (%s)\n",UseCreateProcess?"CreateProcess":"ShExec",ec,buf);

	goto ret;

}



WORD GetShowWndCmdFromStr(NSISCH*s) 

{

	//NOTE: Little used modes are still supported, just not with strings, you must use the actual number or ${SW_xx} defines from WinMessages.h

	struct {NSISCH*id;WORD cmd;} swcm[] = {

		{_T("SW_HIDE"),				SW_HIDE},

		{_T("SW_SHOW"),				SW_SHOW},

		{_T("SW_RESTORE"),			SW_RESTORE},

		{_T("SW_MAXIMIZE"),			SW_MAXIMIZE},

		{_T("SW_MINIMIZE"),			SW_MINIMIZE},

		//	{_T("SW_MAX"),			SW_MAXIMIZE},

		//	{_T("SW_MIN"),			SW_MINIMIZE},

		{_T("SW_SHOWNORMAL"),		SW_SHOWNORMAL},

		//{_T("SW_NORMAL"),			SW_NORMAL},

		//{_T("SW_SHOWMINIMIZED"),	SW_SHOWMINIMIZED},

		//{_T("SW_SHOWMAXIMIZED"),	SW_SHOWMAXIMIZED},

		//{_T("SW_SHOWNOACTIVATE"),	SW_SHOWNOACTIVATE},

		//{_T("SW_SHOWNA"),			SW_SHOWNA},

		//{_T("SW_SHOWMINNOACTIVE"),	SW_SHOWMINNOACTIVE},

		//{_T("SW_SHOWDEFAULT"),		SW_SHOWDEFAULT},

		//{_T("SW_FORCEMINIMIZE"),	SW_FORCEMINIMIZE},

		{0}

	};

	for (int i=0; swcm[i].id; ++i) if (StrCmpI(s,swcm[i].id)) return swcm[i].cmd;

	return SW_INVALID;

}



#define HasIPCServer() (g.UseIPC!=NULL)



void HandleExecExport(bool CreateProc,bool Wait,HWND&hwndNSIS,int&StrSize,NSISCH*&Vars,stack_t**&StackTop,NSIS::extra_parameters*pXParams) 

{

	DWORD ec=NO_ERROR,ForkExitCode=ERROR_INVALID_FUNCTION;

	UINT cch=0,cbStruct;

	WORD ShowWnd;

	IPC_SHEXEC*pISE=0;

	stack_t* const pSIVerb=CreateProc?0:StackPop();//Only ShellExec supports verb's

	stack_t* const pSIShowWnd	=StackPop();

	stack_t* const pSIExec		=StackPop();

	stack_t* const pSIParams	=StackPop();

	stack_t* const pSIWorkDir	=StackPop();



	if (ec=MaintainDllSelfRef())goto ret;

	if (!pSIExec || !pSIParams || !pSIWorkDir || !pSIShowWnd || (!pSIVerb && !CreateProc)) 

	{

		TRACE("If you see this you probably forgot that all parameters are required!\n");

		ec=ERROR_INVALID_PARAMETER;

		goto ret;

	}

	ShowWnd=GetShowWndCmdFromStr(pSIShowWnd->text);

	if (ShowWnd==SW_INVALID && *pSIShowWnd->text) 

	{

		BOOL BadCh;

		ShowWnd=StrToUInt(pSIShowWnd->text,false,&BadCh);

		if (BadCh)ShowWnd=SW_INVALID;

	}

	TRACEF("HandleExecExport: ipc=%X (%X)\n",g.UseIPC,g.hSrvIPC);

	SyncVars(hwndNSIS);

	if (!g.UseIPC) //No IPC Server, we are not elevated with UAC

	{

		ec=_Exec(hwndNSIS,pSIVerb?pSIVerb->text:0,pSIExec->text,pSIParams->text,pSIWorkDir->text,ShowWnd,Wait,CreateProc);

		if (Wait)ForkExitCode=g.LastWaitExitCode;

		goto ret;

	}	

	cch+=lstrlen(pSIExec->text)+1;

	cch+=lstrlen(pSIParams->text)+1;

	cch+=lstrlen(pSIWorkDir->text)+1;

	if (pSIVerb)cch+=lstrlen(pSIVerb->text)+1;

	cbStruct=FIELD_OFFSET( IPC_SHEXEC, buf[cch*sizeof(TCHAR)] );

	pISE=(IPC_SHEXEC*)NSIS::MemAlloc(cbStruct);

	if (!pISE)ec=GetLastError();

	if (!ec) 

	{

		DWORD_PTR MsgRet;

		pISE->hwnd		=hwndNSIS;

		pISE->Wait		=Wait;

		pISE->ShowMode	=ShowWnd;

		pISE->UseCreateProcess=CreateProc;

		//Just offsets at this point

		pISE->strExec	=(NSISCH*)0;

		pISE->strParams	=(NSISCH*)(lstrlen(pSIExec->text)	+pISE->strExec+1);

		pISE->strWorkDir=(NSISCH*)(lstrlen(pSIParams->text)	+pISE->strParams+1);

		pISE->strVerb=	 (NSISCH*)(lstrlen(pSIWorkDir->text)+pISE->strWorkDir+1);

		lstrcpy(pISE->buf,pSIExec->text);

		lstrcpy(&pISE->buf[(DWORD_PTR)pISE->strParams],	pSIParams->text);

		lstrcpy(&pISE->buf[(DWORD_PTR)pISE->strWorkDir],pSIWorkDir->text);

		if (pSIVerb)lstrcpy(&pISE->buf[(DWORD_PTR)pISE->strVerb],	pSIVerb->text);

		COPYDATASTRUCT cds;

		cds.dwData=CDI_SHEXEC;

		cds.cbData=cbStruct;

		cds.lpData=pISE;

		AllowOuterInstanceWindowFocus();

		if (!(ec=SendIPCMsg(WM_COPYDATA,(WPARAM)hwndNSIS,(LPARAM)&cds,MsgRet,Wait?(INFINITE):(IPCTOUT_LONG) )))ec=MsgRet-1;

		TRACEF("HandleExecExport: IPC returned %X, ec=%d\n",MsgRet,ec);

		if (Wait && NO_ERROR==ec) 

		{

			ec=SendIPCMsg(IPC_GETEXITCODE,0,0,ForkExitCode);

			TRACEF("HandleExecExport(Wait): Spawned process exit code=%d",ForkExitCode);

		}

	}

ret:

	NSIS::MemFree(pISE);

	StackFreeItem(pSIShowWnd);

	StackFreeItem(pSIExec);

	StackFreeItem(pSIParams);

	StackFreeItem(pSIWorkDir);

	StackFreeItem(pSIVerb);

	SetVarUINT(INST_0,ec);

	if (ec)SetErrorFlag(pXParams);

	if (Wait)SetVarUINT(INST_1,ForkExitCode);

}





bool _SupportsUAC(bool VersionTestOnly=false) 

{

	TOKEN_ELEVATION_TYPE tet;

	OSVERSIONINFO ovi={sizeof(ovi)};

	if (!GetVersionEx(&ovi)) 

	{

		ASSERT(!"_SupportsUAC>GetVersionEx");

		return false;

	}

	if (VersionTestOnly)return ovi.dwMajorVersion>=6;

	if (ovi.dwMajorVersion>=6 && _GetElevationType(&tet)==NO_ERROR) 

	{

		const bool ret=tet!=TokenElevationTypeDefault && tet!=NULL;

		TRACEF("_SupportsUAC tet=%d, returning %d\n",tet,ret);

		return ret;

	}

	DBGONLY(TRACEF("_SupportsUAC returning false! ver=%d _GetElevationType.ret=%u\n",ovi.dwMajorVersion,_GetElevationType(&tet)));

	return false;

}



DWORD _GetElevationType(TOKEN_ELEVATION_TYPE*pTokenElevType) 

{

	DWORD ec=ERROR_ACCESS_DENIED;

	HANDLE hToken=0;

	DWORD RetLen;

	if (!pTokenElevType)return ERROR_INVALID_PARAMETER;

	if (ec=DelayLoadDlls())return ec;

	*pTokenElevType=(TOKEN_ELEVATION_TYPE)NULL;

	if (!_SupportsUAC(true))return NO_ERROR;

	if (!_OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&hToken))goto dieLastErr;

	if (!_GetTokenInformation(hToken,(_TOKEN_INFORMATION_CLASS)TokenElevationType,pTokenElevType,sizeof(TOKEN_ELEVATION_TYPE),&RetLen))goto dieLastErr;

	SetLastError(NO_ERROR);

dieLastErr:

	ec=GetLastError();

	CloseHandle(hToken);

	TRACEF("_GetElevationType ec=%u type=%d\n",ec,*pTokenElevType);

	return ec;

}





bool _IsUACEnabled() 

{

	HKEY hKey;

	bool ret=false;

	if (GetSysVer()>=6 && NO_ERROR==RegOpenKeyEx(HKEY_LOCAL_MACHINE,_T("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"),0,KEY_READ,&hKey)) 

	{

		//Check must be !=0, see http://codereview.chromium.org/3110 & http://src.chromium.org/viewvc/chrome?view=rev&revision=2330

		//Apparently, Vista treats !=0 as UAC on, and some machines have EnableLUA=2 !!

		DWORD val,type,size=sizeof(DWORD);

		if (NO_ERROR==RegQueryValueEx(hKey,_T("EnableLUA"),0,&type,(LPBYTE)&val,&size) && type==REG_DWORD && val!=0) ret=true;

		RegCloseKey(hKey);

	}

	return ret;

}



bool SysQuery_IsServiceRunning(LPCTSTR servicename) 

{

	bool retval=false;

	SC_HANDLE scdbh=NULL,hsvc;

	scdbh=OpenSCManager(NULL,NULL,GENERIC_READ);

	if (scdbh) 

	{

		if (hsvc=OpenService(scdbh,servicename,SERVICE_QUERY_STATUS)) 

		{

			SERVICE_STATUS ss;

			if (QueryServiceStatus(hsvc,&ss))retval=(ss.dwCurrentState==SERVICE_RUNNING);

			CloseServiceHandle(hsvc);

		}

	}

	CloseServiceHandle(scdbh);

	return retval;

}



inline bool SysNT5IsSecondaryLogonSvcRunning() 

{

	return SysQuery_IsServiceRunning(_T("seclogon"));

}



bool SysElevationPresent() //Will return false on Vista if UAC is off

{ 

	const DWORD vmaj=GetSysVer();

	ASSERT(vmaj<=6 && vmaj>=4);

	if (vmaj==5) return true; //TODO:Check if secondary logon service is running?

	if (vmaj>=6) return _IsUACEnabled();

	return false;

}



FORCEINLINE bool SysSupportsRunAs() 

{ 

	return GetSysVer()>=5;

}











bool _IsAdmin() 

{

	

#ifdef BUILD_XPTEST

	static int _dbgOld=-1;

	unsigned _dbg=(unsigned)FindExePathEnd(GetCommandLine());

	if (_dbgOld==-1){_dbg=(_dbg && *((TCHAR*)_dbg))?MessageBoxA(0,"Debug: Pretend to be admin?",GetCommandLine(),MB_YESNOCANCEL):IDCANCEL;} else _dbg=_dbgOld;_dbgOld=_dbg;TRACEF("_IsAdmin=%d|%d\n",_dbg,_dbg==IDYES);

	if (_dbg!=IDCANCEL){SetLastError(0);return _dbg==IDYES;}

#endif



	BOOL isAdmin=false;

	DWORD ec;

	OSVERSIONINFO ovi={sizeof(ovi)};	

	if (!GetVersionEx(&ovi))return false;

	if (VER_PLATFORM_WIN32_NT != ovi.dwPlatformId) //Not NT

	{

		SetLastError(NO_ERROR);

		return true;

	}

	if (ec=DelayLoadDlls()) 

	{

		TRACEF("DelayLoadDlls failed in _IsAdmin() with err x%X\n",ec);

		SetLastError(ec);

		return false;

	}



	ASSERT(_OpenThreadToken && _OpenProcessToken && _AllocateAndInitializeSid && _EqualSid && _FreeSid);

	HANDLE hToken;

	if (_OpenThreadToken(GetCurrentThread(),TOKEN_QUERY,FALSE,&hToken) || _OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&hToken)) 

	{

		SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;

		PSID psid=0;

		if (_AllocateAndInitializeSid(&SystemSidAuthority,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,&psid)) 

		{

			if (_CheckTokenMembership) 

			{

				if (!_CheckTokenMembership(0,psid,&isAdmin))isAdmin=false;

			}

			else 

			{

				DWORD cbTokenGrps;

				if (!_GetTokenInformation(hToken,TokenGroups,0,0,&cbTokenGrps)&&GetLastError()==ERROR_INSUFFICIENT_BUFFER) 

				{

					TOKEN_GROUPS*ptg=0;

					if (ptg=(TOKEN_GROUPS*)NSIS::MemAlloc(cbTokenGrps)) 

					{

						if (_GetTokenInformation(hToken,TokenGroups,ptg,cbTokenGrps,&cbTokenGrps)) 

						{

							for (UINT i=0; i<ptg->GroupCount;i++) 

							{								

								if (_EqualSid(ptg->Groups[i].Sid,psid))isAdmin=true;

							}

						}

						NSIS::MemFree(ptg);

					}

				}

			}			

			_FreeSid(psid);

		}

		CloseHandle(hToken);

	}

	if (isAdmin) //UAC Admin with split token check

	{

		if (_SupportsUAC()) 

		{

			TOKEN_ELEVATION_TYPE tet;

			if (_GetElevationType(&tet) || tet==TokenElevationTypeLimited)isAdmin=false;

		}

		else SetLastError(NO_ERROR);

	}

	return FALSE != isAdmin;

}





LRESULT CALLBACK IPCSrvWndProc(HWND hwnd,UINT uMsg,WPARAM wp,LPARAM lp) 

{

	switch(uMsg) 

	{

	case WM_DESTROY:

		PostQuitMessage(0);

		break;

	case WM_CLOSE:

		return DestroyWindow(hwnd);

	case WM_COPYDATA:

		if (lp) 

		{

			const COPYDATASTRUCT*pCDS=(COPYDATASTRUCT*)lp;

			if (pCDS->dwData==CDI_SHEXEC && pCDS->lpData) 

			{

				if ( pCDS->cbData < sizeof(IPC_SHEXEC) )break;

				g.LastWaitExitCode=ERROR_INVALID_FUNCTION;

				IPC_SHEXEC& ise=*((IPC_SHEXEC*)pCDS->lpData);

				SetForegroundWindow(ise.hwnd);				

				DWORD ec=_Exec(

					ise.hwnd,

					&ise.buf[(DWORD_PTR)ise.strVerb],

					&ise.buf[(DWORD_PTR)ise.strExec],

					&ise.buf[(DWORD_PTR)ise.strParams],

					&ise.buf[(DWORD_PTR)ise.strWorkDir],

					ise.ShowMode,ise.Wait,ise.UseCreateProcess

					);

				TRACEF("IPCSrvWndProc>IPC_SHEXEC>_ShExec=%d\n",ec);

				return ec+1;

			}

			else if (pCDS->dwData==CDI_SYNCVAR && pCDS->lpData && pCDS->cbData>1) 

			{

				IPC_SYNCVAR*pSV=(IPC_SYNCVAR*)pCDS->lpData;

				if (pSV->VarId>=__INST_LAST)return 1+ERROR_INVALID_PARAMETER;

				TRACEF("WM_COPYDATA: CDI_SYNCVAR:%d=%s|\n",pSV->VarId,&pSV->buf[0]);

				lstrcpy(GetVar(pSV->VarId),&pSV->buf[0]);

				return NO_ERROR+1;

			}

			else if (pCDS->dwData==CDI_STACKPUSH && pCDS->lpData && pCDS->cbData>=1) 

			{

				TRACEF("WM_COPYDATA: CDI_STACKPUSH:%s|\n",pCDS->lpData);

				return StackPush((NSISCH*)pCDS->lpData)+1;

			}

		}

		break;

	case IPC_GETEXITCODE:

		return g.LastWaitExitCode;

	case IPC_ELEVATEAGAIN:

		TRACE("IPCSrvWndProc>IPC_ELEVATEAGAIN\n");

		return (g.ElevateAgain=true);

	case IPC_GETSRVPID:

		return GetCurrentProcessId();

	case IPC_GETSRVHWND:

		return GetWindowLongPtr(hwnd,GWLP_USERDATA);

	case IPC_EXECCODESEGMENT:

		return 1+(g.pXParams ? ExecuteCodeSegment(g.pXParams,wp,(HWND)lp) : ERROR_INVALID_FUNCTION);

	case IPC_GETOUTERPROCESSTOKEN:

		if (_OpenProcessToken)

		{

			HANDLE hToken,hOutToken;

			if (_OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken)) 

			{

				TRACEF("IPC_GETOUTERPROCESSTOKEN: hToken=%X targetProcess=%X\n",hToken,g.hElevatedProcess);

				if (DuplicateHandle(GetCurrentProcess(),hToken,g.hElevatedProcess,&hOutToken,lp,false,DUPLICATE_CLOSE_SOURCE))

				{

					TRACEF("IPC_GETOUTERPROCESSTOKEN: %X(%X) > %X(%X)\n",hToken,-1,hOutToken,g.hElevatedProcess);

					return (LRESULT)hOutToken;

				}

			}

		}

		return NULL;



#ifdef UAC_HACK_FGWND1

	case IPC_HACKFINDRUNAS: //super ugly hack to get title of run as dialog

		if (wp<200) 

		{

			HWND hRA=GetLastActivePopup((HWND)lp);

			TRACEF("IPC_HACKFINDRUNAS:%d %X %X\n",wp,lp,hRA);

			if (hRA && hRA !=(HWND)lp ) return PostMessage((HWND)lp,WM_APP,0,(LONG_PTR)hRA);

			Sleep(10);PostMessage(hwnd,uMsg,wp+1,lp);

		}

		break;

#endif

	}

	return DefWindowProc(hwnd,uMsg,wp,lp);

}





DWORD WINAPI IPCSrvThread(LPVOID lpParameter) 

{

	CoInitialize(0);

	const DWORD WStyle=WS_VISIBLE DBGONLY(|(WS_CAPTION));

	const int PosOffset=32700;

	MSG msg;

	WNDCLASS wc={0};

	wc.lpszClassName=GetIPCWndClass();

	wc.lpfnWndProc=IPCSrvWndProc;

	wc.hInstance=g.hInstance;

	if (!RegisterClass(&wc))goto dieLastErr;	

	if (!(g.hSrvIPC=CreateWindowEx(WS_EX_TOOLWINDOW DBGONLY(&~WS_EX_TOOLWINDOW),

		GetIPCWndClass(),

		DBGONLY(_T("Debug: NSIS.UAC")+)0,

		WStyle,

		-PosOffset DBGONLY(+PosOffset),-PosOffset DBGONLY(+PosOffset),DBGONLY(150+)1,DBGONLY(10+)1,

		0,0,wc.hInstance,0

		)))goto dieLastErr;		

	SetWindowLongPtr(g.hSrvIPC,GWLP_USERDATA,(LONG_PTR)lpParameter);

	TRACEF("IPCSrv=%X server created...\n",g.hSrvIPC);

	while (GetMessage(&msg,0,0,0)>0)DispatchMessage(&msg);

	SetLastError(NO_ERROR);

dieLastErr:

	CoUninitialize();

	return g.LastWaitExitCode=GetLastError();

}



DWORD InitIPC(HWND hwndNSIS,NSIS::extra_parameters*pXParams,UINT NSISStrLen) 

{

	if (g.threadIPC)return NO_ERROR;

	TRACEF("InitIPC StrSize=%u vs %u\n",NSIS::StrSize,NSISStrLen);

	DWORD tid;

	ASSERT(!g.pXParams && pXParams);

	ASSERT(NSISStrLen>0 && NSISStrLen==NSIS::StrSize);

	g.NSISStrLen=NSISStrLen;

	g.pXParams=pXParams;

	g.threadIPC=CreateThread(0,0,IPCSrvThread,hwndNSIS,0,&tid);

	if (g.threadIPC) 

	{

		while(!g.hSrvIPC && !g.LastWaitExitCode)Sleep(20);

		return g.hSrvIPC ? NO_ERROR : g.LastWaitExitCode;

	}

	return GetLastError();

}



void StopIPCSrv() 

{

	if (g.threadIPC) 

	{

		TRACEF("StopIPCSrv h=%X \n",g.hSrvIPC);

#ifdef UAC_HACK_Clammerz

		if ( GetSysVer()>=5 )

		{

			//WINBUGFIX: This ugly thing supposedly solves the problem of messagebox'es in .OnInit appearing behind other windows in Vista

			HWND hack=CreateWindowEx(WS_EX_TRANSPARENT|WS_EX_LAYERED,_T("Button"),NULL,NULL,0,0,0,0,NULL,NULL,NULL,0);

			ShowWindow(hack,SW_SHOW);

			SetForegroundWindow(hack);

			DestroyWindow(hack);		

		}

#endif

		PostMessage(g.hSrvIPC,WM_CLOSE,0,0);

		WaitForSingleObject(g.threadIPC,INFINITE);

		CloseHandle(g.threadIPC);

		UnregisterClass(GetIPCWndClass(),g.hInstance);//DLL can be loaded more than once, so make sure RegisterClass doesn't fail

		g.hSrvIPC=0;

		g.threadIPC=0;

	}

}



#ifdef UAC_HACK_FGWND1 

LRESULT CALLBACK HackWndSubProc(HWND hwnd,UINT Msg,WPARAM wp,LPARAM lp) 

{

	switch(Msg) 

	{

	case WM_APP:

		GetWindowText((HWND)lp,GetVar(0),NSIS::StrSize);

		if (*GetVar(0))SendMessage(hwnd,WM_SETTEXT,0,(LONG_PTR)GetVar(0));

		break;

	}

	return DefWindowProc(hwnd,Msg,wp,lp);

}

#endif



inline bool MustUseInternalRunAs() 

{ 

#ifdef BUILD_DBGSELECTELVMODE

	TCHAR dbgb[MAX_PATH*4];wsprintf(dbgb,_T("%s.ini"),GetVar(VIDX_EXEPATH));

	static int dbg_answer=GetPrivateProfileInt(_T("UACDBG"),_T("MustUseInternalRunAs"),2,dbgb);

	if (dbg_answer<2)return !!dbg_answer;WritePrivateProfileString(_T("UACDBG"),_T("MustUseInternalRunAs"),"",dbgb);

	if (MessageBox(GetActiveWindow(),"MustUseInternalRunAs?",dbgb,MB_YESNO)==IDYES)return true;

#endif

	return GetSysVer()>=6 && !SysElevationPresent(); 

}



DWORD ForkSelf(HWND hParent,DWORD&ForkExitCode,NSIS::extra_parameters*pXParams,UINT NSISStrLen) 

{

	DWORD ec=ERROR_ACCESS_DENIED;

	SHELLEXECUTEINFO sei={sizeof(sei)};

	//STARTUPINFO startInfo={sizeof(STARTUPINFO)};

	LPTSTR pszExePathBuf=0;

	LPTSTR pszParamBuf=0;

	LPTSTR p,pCL=GetCommandLine();

	UINT len;

	const OSVerMaj=GetOSVerMaj();

#ifdef UAC_HACK_FGWND1

	HWND hHack=0;

#endif

	ASSERT(pXParams);

	

	//GetStartupInfo(&startInfo);

	if (ec=InitIPC(hParent,pXParams,NSISStrLen))goto ret;

	ASSERT(IsWindow(g.hSrvIPC));

	sei.hwnd=hParent;

	sei.nShow=/*(startInfo.dwFlags&STARTF_USESHOWWINDOW) ? startInfo.wShowWindow :*/ SW_SHOWNORMAL;

	sei.fMask=SEE_MASK_NOCLOSEPROCESS|SEE_MASK_NOZONECHECKS;

	sei.lpVerb=_T("runas");

	p=FindExePathEnd(pCL);

	len=p-pCL;

	if (!p || !len) 

	{

		ec=ERROR_FILE_NOT_FOUND;

		goto ret;

	}

	for (;;) 

	{

		NSIS::MemFree(pszExePathBuf);

		if (!(pszExePathBuf=(LPTSTR)NSIS::MemAlloc((++len)*sizeof(TCHAR))))goto dieOOM;

		if ( GetModuleFileName(0,pszExePathBuf,len) < len )break; //FUCKO: what if GetModuleFileName returns 0?

		len+=MAX_PATH;

	}

	sei.lpFile=pszExePathBuf;	

	len=lstrlen(p);

	len+=20;//space for "/UAC:xxxxxx /NCRC\0"

	if (!(pszParamBuf=(LPTSTR)NSIS::MemAlloc(len*sizeof(TCHAR))))goto dieOOM;

	wsprintf(pszParamBuf,_T("/UAC:%X /NCRC%s"),g.hSrvIPC,p);//NOTE: The argument parser depends on our special flag appearing first

	sei.lpParameters=pszParamBuf;





	if (OSVerMaj==5) 

	{

		bool hasseclogon=SysNT5IsSecondaryLogonSvcRunning();

		TRACEF("SysNT5IsSecondaryLogonSvcRunning=%d\n",hasseclogon);

		if (!hasseclogon) 

		{

			ec=ERROR_SERVICE_NOT_ACTIVE;

			goto ret;

		}

	}

	







#ifdef UAC_HACK_FGWND1

	if ( OSVerMaj>=5 && !sei.hwnd ) 

	{

		//sei.nShow=SW_SHOW;//forced, do we HAVE to do this?

		hHack=CreateWindowEx(WS_EX_TRANSPARENT|WS_EX_LAYERED|WS_EX_TOOLWINDOW|WS_EX_APPWINDOW,_T("Button"),GetVar(VIDX_EXEFILENAME),0|WS_MAXIMIZE,0,0,0,0,NULL,NULL,NULL,0);

		

		SetWindowLongPtr(hHack,GWLP_WNDPROC,(LONG_PTR)HackWndSubProc);

		if (GetSysVer()<6 || MustUseInternalRunAs())

			PostMessage(g.hSrvIPC,IPC_HACKFINDRUNAS,0,(LONG_PTR)hHack);

		else

			SetWindowLongPtr(hHack,GWL_EXSTYLE,GetWindowLongPtr(hHack,GWL_EXSTYLE)&~WS_EX_APPWINDOW);//kill taskbar btn on vista

		HICON hIcon=(HICON)LoadImage(GetModuleHandle(0),MAKEINTRESOURCE(103),IMAGE_ICON,0,0,LR_DEFAULTSIZE|LR_SHARED);	

		SendMessage(hHack,WM_SETICON,ICON_BIG,(LONG_PTR)hIcon);

		ShowWindow(hHack,SW_SHOW);

		SetForegroundWindow(hHack);

		sei.hwnd=hHack;

	}

#endif



	if (hParent)SetForegroundWindow(hParent);//try to force taskbar button active (for RunElevatedAndProcessMessages, really important on Vista)



#ifdef FEAT_CUSTOMRUNASDLG

	if (MustUseInternalRunAs()) 

	{ 

		ec=MyRunAs(g.hInstance,sei);

	}

	else 

#endif

	{

		if (GetSysVer()>=6) 

		{

			////////sei.nShow=SW_SHOW;

			//if ( _SupportsUAC() )sei.hwnd=0; //Vista does not like it when we provide a HWND

			//if (_AllowSetForegroundWindow) _AllowSetForegroundWindow(ASFW_ANY);//TODO: is GrantClientWindowInput() enough?

		}

#ifdef FEAT_MSRUNASDLGMODHACK

		void* hook=MSRunAsDlgMod_Init();

#endif

		TRACEF("ForkSelf:calling ShExec:app=%s|params=%s|vrb=%s|hwnd=%X\n",sei.lpFile,sei.lpParameters,sei.lpVerb,sei.hwnd);

		ec=(ShellExecuteEx(&sei)?NO_ERROR:GetLastError());

		TRACEF("ForkSelf: ShExec->Runas returned %d hInstApp=%d\n",ec,sei.hInstApp);

#ifdef FEAT_MSRUNASDLGMODHACK

		MSRunAsDlgMod_Unload(hook);

#endif

	}

#ifdef UAC_HACK_FGWND1

	DestroyWindow(hHack);

#endif

	if (ec)goto ret;

	TRACEF("ForkSelf: waiting for process %X (%s|%s|%s)sei.hwnd=%X\n",(sei.hProcess),sei.lpFile,sei.lpParameters,sei.lpVerb,sei.hwnd);

	ASSERT(sei.hProcess);

	ASSERT(NO_ERROR==ec);

	ShowWindow(g.hSrvIPC,SW_HIDE);



	g.hElevatedProcess=sei.hProcess;



	if (!IsWindow(sei.hwnd))

	{

		DWORD w=WaitForSingleObject(sei.hProcess,INFINITE);

		if (w==WAIT_OBJECT_0)

			VERIFY(GetExitCodeProcess(sei.hProcess,&ForkExitCode));

		else 

		{

			ec=GetLastError();

			TRACEF("ForkSelf:WaitForSingleObject failed ec=%d w=%d\n",ec,w);ASSERT(!"ForkSelf:WaitForSingleObject");

		}

	}

	else 

	{

		bool abortWait=false;

		const DWORD waitCount=1;

		const HANDLE handles[waitCount]={sei.hProcess};

		do 

		{

			DWORD w=MsgWaitForMultipleObjects(waitCount,handles,false,INFINITE,QS_ALLEVENTS|QS_ALLINPUT);

			switch(w)

			{

			case WAIT_OBJECT_0:

				VERIFY(GetExitCodeProcess(sei.hProcess,&ForkExitCode));

				abortWait=true;

				break;

			case WAIT_OBJECT_0+waitCount:

				{

					const HWND hwnd=sei.hwnd;

					MSG msg;

					while( !ec && PeekMessage(&msg,hwnd,0,0,PM_REMOVE) ) 

					{

						if (msg.message==WM_QUIT) 

						{

							ASSERT(0);

							ec=ERROR_CANCELLED;

							break;

						}

						if (!IsDialogMessage(hwnd,&msg)) 

						{

							TranslateMessage(&msg);

							DispatchMessage(&msg);

						}

					}

				}

				break;

			default:

				abortWait=true;

				ec=GetLastError();

				TRACEF("ForkSelf:MsgWaitForMultipleObjects failed, ec=%u w=%u\n",ec,w);

			}

		} while( NO_ERROR==ec && !abortWait );

	} 

	

	TRACEF("ForkSelf: wait complete, ec=%d forkexitcode=%u\n",ec,ForkExitCode);

	goto ret;

dieOOM:

	ec=ERROR_OUTOFMEMORY;

ret:

	StopIPCSrv();

	CloseHandle(sei.hProcess);

	NSIS::MemFree(pszExePathBuf);

	NSIS::MemFree(pszParamBuf);

	return ec;

}



bool GetIPCSrvWndFromParams(HWND&hwndOut) 

{

	LPTSTR p=FindExePathEnd(GetCommandLine());

	while(p && *p==' ')p=CharNext(p);TRACEF("GetIPCSrvWndFromParams:%s|\n",p);

	if (p && *p++=='/'&&*p++=='U'&&*p++=='A'&&*p++=='C'&&*p++==':') 

	{

		hwndOut=(HWND)StrToUInt(p,true);

		return !!IsWindow(hwndOut);

	}

	return false;

}





/*** RunElevated

Return:	r0:	Windows error code (0 on success, 1223 if user aborted elevation dialog, anything else should be treated as a fatal error)	

		r1: If r0==0, r1 is:

				0 if UAC is not supported by the OS, 

				1 if UAC was used to elevate and the current process should act like a wrapper (Call Quit in .OnInit without any further processing), 

				2 if the process is (already?) running @ HighIL (Member of admin group on other systems),

				3 if you should call RunElevated again (This can happen if a user without admin priv. is used in the runas dialog),

		r2: If r0==0 && r1==1: r2 is the ExitCode of the elevated fork process (The NSIS errlvl is also set to the ExitCode)

		r3: If r0==0: r3 is 1 if the user is a member of the admin group or 0 otherwise

*/

EXPORTNSISFUNC RunElevated(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);



	BYTE UACMode=0;

	bool UserIsAdmin=false;

	DWORD ec=ERROR_ACCESS_DENIED,ForkExitCode;

	TOKEN_ELEVATION_TYPE tet;

	

	UserIsAdmin=_IsAdmin();

	TRACEF("RunElevated:Init: IsAdmin=%d\n",UserIsAdmin);

#ifdef BUILD_XPTEST

	if (!UserIsAdmin)goto DbgXPAsUAC;//Skip UAC detection for special debug builds and force a call to runas on <NT6 systems

#endif

	if (!_SupportsUAC() && !SysSupportsRunAs())goto noUAC;

	if ((ec=DelayLoadDlls()))goto ret;

		

	if (GetIPCSrvWndFromParams(g.hSrvIPC)) 

	{

		if (ec=DllSelfAddRef())goto ret;

		if (!IsWindow(g.hSrvIPC))ec=ERRAPP_BADIPCSRV;

		UACMode=2;

		g.UseIPC=true;

		if (!UserIsAdmin) //Elevation used, but we are not Admin, let the wrapper know so it can try again...

		{ 		

			UACMode=0xFF;//Special invalid mode

			DWORD_PTR MsgRet;

			if (SendIPCMsg(IPC_ELEVATEAGAIN,0,0,MsgRet) || !MsgRet)ec=ERRAPP_BADIPCSRV;//if we could not notify the need for re-elevation, the IPCSrv must be bad

		}

		goto ret;

	}

	

	if ( (ec=DllSelfAddRef()) || (ec=_GetElevationType(&tet)) )goto ret;

	if ( tet==TokenElevationTypeFull || UserIsAdmin ) 

	{

		UserIsAdmin=true;

		UACMode=2;

		goto ret;

	}



	DBGONLY(DBG_RESETDBGVIEW());

	

#ifdef BUILD_XPTEST

DbgXPAsUAC:VERIFY(!DllSelfAddRef());

#endif

	//OS supports UAC and we need to elevate...

	ASSERT(!UserIsAdmin);

	UACMode=1;

	

	ec=ForkSelf(hwndNSIS,ForkExitCode,XParams,StrSize);

	if (!ec && !g.ElevateAgain) 

	{

		SetVarUINT(INST_2,ForkExitCode);

		SetErrLvl(XParams,ForkExitCode);

	}

	goto ret;

noUAC:

	ec=NO_ERROR;ASSERT(UACMode==0);

ret:

	if (ec==ERROR_CANCELLED) 

	{

		if (UACMode!=1)ec=ERROR_INVALID_FUNCTION;

		if (UACMode<2)g.UseIPC=false;

	}

	if (UACMode==0xFF && !ec) //We called IPC_ELEVATEAGAIN, so we need to quit so the wrapper gains control

	{

		ASSERT(g.UseIPC);

		UACMode=1;//We pretend to be the wrapper so Quit gets called in .OnInit

		SetErrLvl(XParams,0);

		_Unload();

	}

	if (g.ElevateAgain) 

	{

		ASSERT(!g.UseIPC);

		UACMode=3;//Fork called IPC_ELEVATEAGAIN, we need to change our UACMode so the wrapper(our instance) can try to elevate again if it wants to

	}

	if (!g.UseIPC)

		_Unload();//The wrapper can call quit in .OnInit without calling UAC::Unload, so we do it here

	

	SetVarUINT(INST_0,ec);

	SetVarUINT(INST_1,UACMode);

	SetVarUINT(INST_3,UserIsAdmin);

	TRACEF("RunElevated returning ec=%X UACMode=%d g.UseIPC=%d g.ElevateAgain=%d IsAdmin=%d\n",ec,UACMode,g.UseIPC,g.ElevateAgain,UserIsAdmin);



	NSISFUNCEND();

}







/*** Exec

Notes:

		¤ ErrorFlag is also set on error

STACK:	<ShowWindow> <File> <Parameters> <WorkingDir>

Return:	windows error code in r0, 0 on success

*/

EXPORTNSISFUNC Exec(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	HandleExecExport(true,false,hwndNSIS,StrSize,Vars,StackTop,XParams);

	NSISFUNCEND();

}



/*** ExecWait

Notes:

		¤ ErrorFlag is also set on error

STACK:	<ShowWindow> <File> <Parameters> <WorkingDir>

Return:	

		r0: windows error code, 0 on success

		r1: exitcode of new process 

*/

EXPORTNSISFUNC ExecWait(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	HandleExecExport(true,true,hwndNSIS,StrSize,Vars,StackTop,XParams);

	NSISFUNCEND();

}



/*** ShellExec

Notes:

		¤ ErrorFlag is also set on error

STACK:	<Verb> <ShowWindow> <File> <Parameters> <WorkingDir>

Return:	windows error code in r0, 0 on success

*/

EXPORTNSISFUNC ShellExec(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	HandleExecExport(false,false,hwndNSIS,StrSize,Vars,StackTop,XParams);

	NSISFUNCEND();

}



/*** ShellExecWait

Notes:

		¤ ErrorFlag is also set on error

STACK:	<Verb> <ShowWindow> <File> <Parameters> <WorkingDir>

Return:	

		r0: windows error code, 0 on success

		r1: exitcode of new process 

*/

EXPORTNSISFUNC ShellExecWait(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	HandleExecExport(false,true,hwndNSIS,StrSize,Vars,StackTop,XParams);

	NSISFUNCEND();

}





/*** GetElevationType

Notes:

		TokenElevationTypeDefault=1	:User is not using a split token (UAC disabled)

		TokenElevationTypeFull=2	:UAC enabled, the process is elevated

		TokenElevationTypeLimited=3	:UAC enabled, the process is not elevated

Return:	r0:	(TOKEN_ELEVATION_TYPE)TokenType, The error flag is set if the function fails and r0==0

*/

EXPORTNSISFUNC GetElevationType(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	TOKEN_ELEVATION_TYPE tet=(TOKEN_ELEVATION_TYPE)NULL; //Default to invalid value

	if (MaintainDllSelfRef() || /*!_SupportsUAC() ||*/ _GetElevationType(&tet)) SetErrorFlag(XParams);

	SetVarUINT(INST_0,tet);

	NSISFUNCEND();

}







/*** SupportsUAC

Notes:	Check if the OS supports UAC (And the user has UAC turned on)

Return:	r0:	(BOOL)Result 

*/

EXPORTNSISFUNC SupportsUAC(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	BOOL present=false;

	MaintainDllSelfRef();

	if (_SupportsUAC())present=true;	

	SetVarUINT(INST_0,present);

	NSISFUNCEND();

}





/*** IsAdmin

Return:	r0:	(BOOL)Result 

*/

EXPORTNSISFUNC IsAdmin(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	bool Admin=false;

	DWORD ec;

	if ( !(ec=MaintainDllSelfRef()) ) 

	{

		Admin=_IsAdmin();

		if ( ec=GetLastError() ) 

		{

			TRACEF("IsAdmin failed with %d\n",ec);

			SetErrorFlag(XParams);

			Admin=false;

		}

	}

	SetVarUINT(INST_0,Admin);

	NSISFUNCEND();

}







/*** ExecCodeSegment

Notes:	Sets error flag on error

		There is currently no way to transfer state to/from the executed code segment!

		If you use instructions that alter the UI or the stack/variables in the code segment (StrCpy,Push/Pop/Exch,DetailPrint,HideWindow etc.) they will affect the hidden wrapper installer and not "your" installer instance!

*/

EXPORTNSISFUNC ExecCodeSegment(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);



	DWORD ec;

	if (!(ec=DllSelfAddRef())) //force AddRef since our plugin could be called inside the executed code segment!

	{

		ec=ERROR_INVALID_PARAMETER;

		stack_t* pSI=StackPop();

		if (pSI) 

		{

			BOOL badCh;

			UINT pos=StrToUInt(pSI->text,false,&badCh);

			TRACEF("ExecCodeSegment %d (%s) badinput=%d\n",pos-1,pSI->text,badCh);

			if (!badCh && pos--) 

			{

				if (!g.UseIPC)

					ec=NSIS::ExecuteCodeSegment(XParams,pos);

				else 

				{

					SyncVars(hwndNSIS);

					DWORD_PTR MsgRet;

					AllowOuterInstanceWindowFocus();

					if (!(ec=SendIPCMsg(IPC_EXECCODESEGMENT,pos,0,MsgRet,INFINITE)))ec=MsgRet-1;

				}

			}

			StackFreeItem(pSI);

		}

	}

	if (ec)SetErrorFlag(XParams);



	NSISFUNCEND();

}







/*** StackPush   */

EXPORTNSISFUNC StackPush(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);



	DWORD ec;

	if (!(ec=DllSelfAddRef()) && g.UseIPC) 

	{

		stack_t* pSI=StackPop();

		ec=ERROR_INVALID_PARAMETER;

		if (pSI) 

		{

			DWORD_PTR MsgRet;

			COPYDATASTRUCT cds={CDI_STACKPUSH,(lstrlen(pSI->text)+1)*sizeof(NSISCH),pSI->text};

			if (!(ec=SendIPCMsg(WM_COPYDATA,(WPARAM)hwndNSIS,(LPARAM)&cds,MsgRet,5000 )))ec=MsgRet-1;

			StackFreeItem(pSI);

		}

	}

	if (ec)SetErrorFlag(XParams);



	NSISFUNCEND();

}







/*** GetOuterHwnd   */

EXPORTNSISFUNC GetOuterHwnd(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	MaintainDllSelfRef();

	DWORD_PTR MsgRet;HWND hSrvIPC;

	if (!GetIPCSrvWndFromParams(hSrvIPC)||!IsWindow(hSrvIPC)||SendIPCMsg(IPC_GETSRVHWND,0,0,MsgRet,IPCTOUT_DEF,hSrvIPC))MsgRet=0;

	SetVarUINT(INST_0,MsgRet);

	NSISFUNCEND();

}





DWORD SetPrivilege(LPCSTR PrivName,bool Enable)

{

	DWORD r=NO_ERROR;

	HANDLE hToken=NULL;

	TOKEN_PRIVILEGES TokenPrivs;

	if (!LookupPrivilegeValueA(NULL,PrivName,&TokenPrivs.Privileges[0].Luid))goto dieGLE;

	if (!_OpenProcessToken(GetCurrentProcess (),TOKEN_ADJUST_PRIVILEGES,&hToken))goto dieGLE;

	TokenPrivs.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0 ;

	TokenPrivs.PrivilegeCount=1;

	if (AdjustTokenPrivileges(hToken,FALSE,&TokenPrivs,0,NULL,NULL))goto ret;

dieGLE:

	r=GetLastError();

ret:

	CloseHandle(hToken);

	return r;

}





#include <shlobj.h>

/*** GetShellFolderPath   */

EXPORTNSISFUNC GetShellFolderPath(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	/*

	WINBUG: 

	For some reason, even with debug priv. enabled, a call to OpenProcessToken(TOKEN_READ|TOKEN_IMPERSONATE)

	will fail, even if we have a PROCESS_ALL_ACCESS handle on XP when running as a member of the Power Users Group.

	So we have to ask the outer process to give us the handle.

	*/



	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	MaintainDllSelfRef();



	const unsigned TokenAccessRights=TOKEN_READ|TOKEN_IMPERSONATE;

	unsigned clsidFolder;

	HWND hSrvIPC;

	HANDLE hToken=NULL,hOuterProcess=NULL;

	DWORD SrvPID;

	HRESULT hr;

	FARPROC pfnSHGetFolderPath;

	LPTSTR buf=GetVar(INST_0);

	stack_t*pssCLSID=StackPop();

	stack_t*pssFallback=NULL;

	BOOL ConvBadCh;

	if (!pssCLSID || !(pssFallback=StackPop())) goto fail;

	clsidFolder=StrToUInt(pssCLSID->text,false,&ConvBadCh);

	if (ConvBadCh)goto fail;

	TRACEF("GetShellFolderPath HasIPCServer=%X param=%s>%X fallback=%s|\n",HasIPCServer(),pssCLSID->text,clsidFolder,pssFallback->text);



	pfnSHGetFolderPath=GetProcAddress(GetModuleHandle(_T("SHELL32")),"SHGetFolderPath"__DLD_FUNCSUFFIX);

	if (!pfnSHGetFolderPath)goto fail;



	if (GetIPCSrvWndFromParams(hSrvIPC) && 0 != GetWindowThreadProcessId(hSrvIPC,&SrvPID)) 

	{

		hOuterProcess=OpenProcess(PROCESS_QUERY_INFORMATION,false,SrvPID);

		if (hOuterProcess)

		{

			BOOL bOk=OpenProcessToken(hOuterProcess,TokenAccessRights,&hToken);

			CloseHandle(hOuterProcess);

			if (bOk)goto gotToken;



		}

/*		SetPrivilege(SE_DEBUG_NAME,true);

		hOuterProcess=OpenProcess(PROCESS_DUP_HANDLE,false,SrvPID);

		SetPrivilege(SE_DEBUG_NAME,false);

		if (!hOuterProcess)goto fail;

		TRACEF("hOuterProcess=%X\n",hOuterProcess);

*/		SendIPCMsg(IPC_GETOUTERPROCESSTOKEN,0,TokenAccessRights,(DWORD_PTR&)hToken,IPCTOUT_DEF,hSrvIPC);

		TRACEF("IPC_GETOUTERPROCESSTOKEN=%X\n",hToken);//*/

	}

gotToken:

	if (HasIPCServer() && !hToken)goto fail;



	hr=((HRESULT(WINAPI*)(HWND,int,HANDLE,DWORD,LPTSTR))pfnSHGetFolderPath)(hwndNSIS,clsidFolder,hToken,SHGFP_TYPE_CURRENT,buf);

	TRACEF("SHGetFolderPath hr=%X with token=%X, clsidFolder=%X|%s\n",hr,hToken,clsidFolder,buf);

	if (FAILED(hr)) goto fail; else goto ret;

fail:

	TRACEF("GetShellFolderPath GLE=%X\n",GetLastError());

	lstrcpy(buf,pssFallback->text);

	TRACEF("%s|%s\n",buf,pssFallback->text);

ret:

//	CloseHandle(hOuterProcess);

	CloseHandle(hToken);

	StackFreeItem(pssFallback);

	StackFreeItem(pssCLSID);

	NSISFUNCEND();

}







/*** GetOuterPID   * /

EXPORTNSISFUNC GetOuterPID(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop,NSIS::extra_parameters* XParams) 

{

	NSISFUNCSTART(hwndNSIS,StrSize,Vars,StackTop,XParams);

	MaintainDllSelfRef();

	DWORD_PTR Ret=0;

	HWND hSrvIPC;

	if (GetIPCSrvWndFromParams(hSrvIPC))

		if (0==GetWindowThreadProcessId(hSrvIPC,&Ret))Ret=0;

	SetVarUINT(INST_0,Ret);

	NSISFUNCEND();

}//*/







/*** Unload

Notes:	Call in .OnInstFailed AND .OnInstSuccess !

*/

EXPORTNSISFUNC Unload(HWND hwndNSIS,int StrSize,NSISCH*Vars,NSIS::stack_t **StackTop) 

{

	NSISFUNCSTART4(hwndNSIS,StrSize,Vars,StackTop);

	if (!MaintainDllSelfRef())_Unload(); else ASSERT(!"MaintainDllSelfRef failed in Unload!");

	NSISFUNCEND();

}







#ifdef _DEBUG

BOOL WINAPI DllMain(HINSTANCE hInst,DWORD Event,LPVOID lpReserved) 

#else

extern "C" BOOL WINAPI _DllMainCRTStartup(HINSTANCE hInst,ULONG Event,LPVOID lpReserved) 

#endif

{

	if (Event==DLL_PROCESS_ATTACH) 

	{

		TRACEF("************************************ DllMain %u\n",GetCurrentProcessId());

		ASSERT(!_OpenProcessToken && !_EqualSid);

		g.hInstance=hInst;

	}

//	DBGONLY( if (Event==DLL_PROCESS_DETACH){ASSERT(g.DllRef==0);}TRACE("DLL_PROCESS_DETACH\n"); );//Make sure we unloaded so we don't lock $pluginsdir

	return TRUE;

}
Summary ✨

This is a C++ code snippet that appears to be part of an NSIS (Nullsoft Scriptable Install System) plugin. It defines several functions for interacting with the plugin’s IPC (Inter-Process Communication) server, including GetShellFolderPath, GetOuterPID, and Unload. The code also handles DLL main entry points and maintains a reference count for the plugin instance.
Alerts (3)

Complexity hotspot; lines 155 to 157 (total complexity: 7)
155 156 157