问题
Are there any windows events triggered when a UAC elevation prompt is shown? I've looked at SwitchDesktop, but can't see any mention of how to receive notifications.
My direct show app is behaving badly, and I'd like to be able to pause the graph when when the prompt is displayed, resuming when dismissed.
I'm using C++ with MFC, VS2008, targetting XP, Vista and 7.
Many thanks
回答1:
I'm not sure there are any events sent when UAC prompt displays. Basically it makes a screenshot of the desktop, and switches to another session where UAC prompt window is displayed.
回答2:
This was answered in another thread here (superuser), The solution name is: UAC Auditing.
Source: https://superuser.com/questions/273236/reason-for-user-account-control-dialog
Edit for essinital part: (Summary of the URL above)
Uac Auditing is done by changing windows policy (Local\Group). The policy in interest is found at: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy
Audit Privilege Use will give you information about elevated usage using the UAC consent.exe dialog box in the System Event log. The Event IDs created by this: 4648 and 4624.
Audit Process Tracking will give you information about processes and their creation/termination. Event Id created by this: 4688.
Also, look at event id 4696 to see when a new token (user-logon handle) was assigned to process. Using all these events, you can get a clear picture of the timeline for every process that requested an elevated rights with UAC dialog.
Here is a site containig a short summary for every Event ID in the System Event log:
Description of security events in Windows 7 and in Windows Server 2008 R2 http://support.microsoft.com/kb/977519
Edit 2: Not all Windows versions has a Policy editor included (like Windows 7 Home premium). However, Local Audit Policy editor (Not Group Policy) is accesible in Windows 7 Home Premium with Auditpol.exe and on Windows XP SP2 with Auditusr.exe
For more information about using Auditpol.exe see here: http://technet.microsoft.com/en-us/library/a02cfb9d-732f-4e77-aeba-f18265daa3af
回答3:
When the UAC switches desktops, your graph will receive a device-lost event raised by the renderer (EC_DEVICE_LOST or something like that). You can override the default handling for this, but if you don't, the default handling will stop, disconnect and reconnect the renderer (so it can reacquire the device) and then seek to the previous position and restart. You could also put the renderer in a separate graph using a bridge, so that your capture is not interrupted.
G
来源:https://stackoverflow.com/questions/8134195/which-events-are-triggered-on-a-uac-prompt