| Good news & bad news..
|
| Good news first, anothe exe is being launched with willy's suggestion
| to get process info before doing impersonation.
| But....(bad news begins), exe is getting following exception:
|
| System.TypeInitializationException: The type initializer for
| "System.Runtime.Remoting.Identity" threw an exception. --->
| System.Security.Cryptography.CryptographicException: CryptoAPI
| cryptographic service provider (CSP) for this implementation could not
| be acquired.
| at
| System.Security.Cryptography.RNGCryptoServiceProvider..ctor(CspParameters
| cspParams)
| at System.Security.Cryptography.RNGCryptoServiceProvider..ctor()
| at System.Runtime.Remoting.Identity..cctor()
| --- End of inner exception stack trace ---
| at
| FHEG.Framework.AppUpdater.CopyFilesDelegate.BeginInvoke(AsyncCallback
| callback, Object object)
| at FHEG.Framework.AppUpdater.ProgressForm.BeginCopy()
| at
| FHEG.Framework.AppUpdater.ProgressForm.ProgressForm_Activated(Object
| sender, EventArgs e)
| at System.Windows.Forms.Form.OnActivated(EventArgs e)
| at System.Windows.Forms.Form.set_Active(Boolean value)
| at System.Windows.Forms.Form.WmActivate(Message& m)
| at System.Windows.Forms.Form.WndProc(Message& m)
| at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
| at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
| at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
| msg, IntPtr wparam, IntPtr lparam)
|
As was said before, when impersonating, you are only running the thread in
the impersonated context, not the process that you spawn from this thread,
that's exactly why I asked why you were impersonating.
The result is that:
1. won't be able to copy to the .exe directory, and
2. apparently the application you start this way needs to access the crypto
store of the administrator, which is impossible because, the store (assumed
it's registry based) is not loaded and if it was you won't be able to access
it anyway.
Really, the only thing you can do (on v1.1) it create the process to run as
an administrator by calling CreateProcessAs through PInvoke, or better
integrate the "update" into your application (while impersonating). But
honestly, do you really want to take all this overhead when starting a
client application, just because you do not want to grant write access to
the .exe directory?
Do you think, this is a real security measure? I would say it's not, think
of what can happen when the process crashes when impersonating an
administrator!
Willy.