runtime: Crash when trying to run non-elevated from an elevate process

Description

PowerToys needs to start a .NET Core application with non-elevated privileges from an elevated process.

We tried two different approaches, they both resulted in this crash report:

image

Application: PowerLauncher.exe
CoreCLR Version: 4.700.20.20201
.NET Core Version: 3.1.4
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException: The type initializer for 'System.Windows.Threading.Dispatcher' threw an exception.
 ---> System.ComponentModel.Win32Exception (5): Access is denied.
   at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
   at System.Diagnostics.NtProcessManager.GetModules(Int32 processId, Boolean firstModuleOnly)
   at System.Diagnostics.Process.get_Modules()
   at System.Windows.WpfDllVerifier.VerifyWpfDllSet(String[] additionalDlls)
   at System.Windows.Threading.Dispatcher..cctor()
   --- End of inner exception stack trace ---
   at System.Windows.Threading.Dispatcher.get_CurrentDispatcher()
   at System.Windows.Threading.DispatcherObject..ctor()
   at System.Windows.Application..ctor()
   at PowerLauncher.App..ctor() in C:\github\microsoft\PowerToys\src\modules\launcher\PowerLauncher\App.xaml.cs:line 33
   at PowerLauncher.App.Main() in C:\github\microsoft\PowerToys\src\modules\launcher\PowerLauncher\App.xaml.cs:line 44

First approch: start the application as suggested in this Raymond Chen’s article https://devblogs.microsoft.com/oldnewthing/20190425-00/?p=102443 It works for Win32 apps and for .Net Framework apps, it causes the crash when tested with the two .NET Core apps we have in PowerToys.

Second approach: use an intermediate process and drop the elevation in that process before starting the .NET Core app. It works when using SDDL_ML_MEDIUM but crashes when using SDDL_ML_MEDIUM_PLUS, in our scenario SDDL_ML_MEDIUM causes other issues so we can’t use it. https://github.com/microsoft/PowerToys/blob/e75a74565b8f7eb208af52dbb10632f943b66d21/src/common/common.cpp#L396-L421

Configuration

.NET Core 3.1.4 Windows 10 1909 x64

Regression?

Other information

I can provide a branch with the changes that cause the crash, if needed.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 19 (13 by maintainers)

Most upvoted comments

The most likely explanation for this behavior is that the techniques to launch non-elevated process from elevated one strip the rights for the process to inspect itself. An experiment with an app that calls ProcessModule procModule in Process.GetCurrentProcess().Modules would confirm or deny it.

+2
jkotas on May 29, 2020

Hi @adamsitnik we have been busy preparing the 0.19 release, hopefully next week I’ll have some time to do the testing.

+1
enricogior on Jun 25, 2020
Read more comments on GitHub
← runtime: Crash on WindowsCryptographicException on net60 GA
runtime: crash with 0x8007000E error on .NET 7.0 →