On 19/03/2010 06:18, Ralf Wildenhues wrote:
>> [ ... snip ... ] The level of privileges required
>> for some executable program to accomplish its task may be designated by
>> the program developer by means of a manifest file (@pxref{Manifest
>> Files}), which may either be installed in the same directory alongside
>> the executable, or can be built directly in by adding the manifest file
>> as a binary resource in a Windows resource file (@pxref{Resource Files})
>> that is included in the executable's final link. [ ... snip ... ]
>
> That's better, but it makes it sounds like the resource file is a
> binary, and "built directly in" sounds unobvious to me. Is "binary
> resource" a technical term? Would using just "resource" be enough?
Actually, I was wrong:
> AFAIU, the resource file (*.rc) is a simple hand-written text file,
> which may refer to the manifest file (like a .c file includes a header),
> then gets compiled by windres to an object file and linked in like any
> other object. Right?
Yep, that's basically it. The resource file defines objects from a certain
number of pre-defined categories, such as strings, icons and other small
bitmaps, and various struct-like things such as version infos; these are
compiled (along with some management data) into a .rsrc section that is then
linked into the exe.
A "binary resource" is a catch-all object type that just includes any old
arbitrary binary data you like, it's a bag-o-bytes.
However I misunderstood the docs I looked up. MS have defined a specialised
type of resource for manifests, you don't just throw them in as a blob, and
that means you just create a "manifest resource" type entry and include the
manifest xml data as a string directly within it; it doesn't refer to a
separate file on disk at all. So better wording would be:
" ... or can be built directly in by adding the XML contents of the file as a
manifest resource in a Windows resource file (@pxref{Resource Files}) that is
included ... "
> BTW, if the password is not given correctly, then will the program run
> under lesser privileges or will it not run at all? I think we should
> document that as well, because either outcome has implications for the
> developer.
I don't have a handy installation to find out on. I would guess that if you
enter the password incorrectly it asks you to try again, just like a regular
windows log-on dialog, and if you click "Cancel", the application doesn't
launch. I'll see if I can find some more solid info anywhere.
> This is where I'm at now.
Looking good, apart from the above only one nit:
> If your executable does not need elevated privileges, but happens to match any
> of those strings, the OS will prompt for a password. If granted,
> run the executable with greater privileges than an ordinary user
> application is supposed to have; otherwise, the program will not be started.
There's a word or two gone missing between "granted" and "run"!
cheers,
DaveK
