Difference between revisions of "Manifest file"
(→References: Application Manifests) |
(→The trustInfo element: Elaborate) |
||
Line 62: | Line 62: | ||
</security> | </security> | ||
</trustInfo></source> | </trustInfo></source> | ||
The '''level''' can have one of these values: | |||
;asInvoker | |||
:The application runs with the same access token as the parent process. | |||
:Recommended for standard user applications. Do refractoring with internal elevation points, as per the guidance provided earlier in this document. | |||
;highestAvailable | |||
:The application runs with the highest privileges the current user can obtain. | |||
:Recommended for mixed-mode applications. Plan to refractor the application in a future release. | |||
;requireAdministrator | |||
:The application runs only for administrators and requires that the application be launched with the full access token of an administrator. | |||
:Recommended for administrator only applications. Internal elevation points are not needed. The application is already running elevated. | |||
'''Notice''' programs which don't have a manifest with a '''requestedExecutionLevel''' element, will run '''''virtualized''''' on Windows Vista and forward. As an example of what this means: A virtualized program cannot write to the HKEY_LOCAL_MACHINE hive of the registry, instead it writes to a virtual overlay of this hive. However only virtualized programs for the same user see this overlay. So other users cannot see this overlay, and non-virtualized programs does not see it either. | |||
=== The dependency element === | === The dependency element === |
Revision as of 14:06, 24 February 2010
A Visual Prolog project can contain a manifest file. The manifest file is a Microsoft invention to deal with side-by-side installation, a new hell that is supposed to replace the so called DLL hell.
The file is either named <project>.manifest or main.manifest (current standard).
The manifest file is an XML file, and it is linked into EXE/DLL as a resource. Windows automatically look for it there (if not found there it looks for a file called myProgram.exe.manifest in the same directory as myProgram.exe).
Sample manifest file
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity name="MyProgram" version="1.0.0.0" processorArchitecture="X86" type="win32" /> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" type="win32" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
The file contains three major elements:
- The programs own assemblyIdentity
- A trustInfo element
- A dependency, which lists assemblyIdentity's of assemplies that the program depends on.
The assemblyIdentity element
<assemblyIdentity name="MyProgram" version="1.0.0.0" processorArchitecture="X86" type="win32" />
This element list attributes of the program/DLL itself.
The trustInfo element
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo>
The level can have one of these values:
- asInvoker
- The application runs with the same access token as the parent process.
- Recommended for standard user applications. Do refractoring with internal elevation points, as per the guidance provided earlier in this document.
- highestAvailable
- The application runs with the highest privileges the current user can obtain.
- Recommended for mixed-mode applications. Plan to refractor the application in a future release.
- requireAdministrator
- The application runs only for administrators and requires that the application be launched with the full access token of an administrator.
- Recommended for administrator only applications. Internal elevation points are not needed. The application is already running elevated.
Notice programs which don't have a manifest with a requestedExecutionLevel element, will run virtualized on Windows Vista and forward. As an example of what this means: A virtualized program cannot write to the HKEY_LOCAL_MACHINE hive of the registry, instead it writes to a virtual overlay of this hive. However only virtualized programs for the same user see this overlay. So other users cannot see this overlay, and non-virtualized programs does not see it either.
The dependency element
<dependency> <dependentAssembly> <assemblyIdentity name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" type="win32" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency>