runtime: Crash when trying to run non-elevated from an elevate process
Description
PowerToys needs to start a .NET Core application with non-elevated privileges from an elevated process.
We tried two different approaches, they both resulted in this crash report:
Application: PowerLauncher.exe
CoreCLR Version: 4.700.20.20201
.NET Core Version: 3.1.4
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException: The type initializer for 'System.Windows.Threading.Dispatcher' threw an exception.
---> System.ComponentModel.Win32Exception (5): Access is denied.
at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
at System.Diagnostics.NtProcessManager.GetModules(Int32 processId, Boolean firstModuleOnly)
at System.Diagnostics.Process.get_Modules()
at System.Windows.WpfDllVerifier.VerifyWpfDllSet(String[] additionalDlls)
at System.Windows.Threading.Dispatcher..cctor()
--- End of inner exception stack trace ---
at System.Windows.Threading.Dispatcher.get_CurrentDispatcher()
at System.Windows.Threading.DispatcherObject..ctor()
at System.Windows.Application..ctor()
at PowerLauncher.App..ctor() in C:\github\microsoft\PowerToys\src\modules\launcher\PowerLauncher\App.xaml.cs:line 33
at PowerLauncher.App.Main() in C:\github\microsoft\PowerToys\src\modules\launcher\PowerLauncher\App.xaml.cs:line 44
First approch: start the application as suggested in this Raymond Chen’s article https://devblogs.microsoft.com/oldnewthing/20190425-00/?p=102443 It works for Win32 apps and for .Net Framework apps, it causes the crash when tested with the two .NET Core apps we have in PowerToys.
Second approach: use an intermediate process and drop the elevation in that process before starting the .NET Core app. It works when using SDDL_ML_MEDIUM
but crashes when using SDDL_ML_MEDIUM_PLUS
, in our scenario SDDL_ML_MEDIUM
causes other issues so we can’t use it.
https://github.com/microsoft/PowerToys/blob/e75a74565b8f7eb208af52dbb10632f943b66d21/src/common/common.cpp#L396-L421
Configuration
.NET Core 3.1.4 Windows 10 1909 x64
Regression?
Other information
I can provide a branch with the changes that cause the crash, if needed.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 19 (13 by maintainers)
The most likely explanation for this behavior is that the techniques to launch non-elevated process from elevated one strip the rights for the process to inspect itself. An experiment with an app that calls
ProcessModule procModule in Process.GetCurrentProcess().Modules
would confirm or deny it.Hi @adamsitnik we have been busy preparing the 0.19 release, hopefully next week I’ll have some time to do the testing.