I am surprised no-one has picked this up before, running (using the RUN
command) an installer from within a CW app!

The option "Remove Installer after Successful Installation" is what causes
the crash. Once unchecked, RUN runs just fine!

Sim

Sim,

> I am surprised no-one has picked this up before, running (using the RUN
> command) an installer from within a CW app!

Well, I am not surprised at all <g>.

You 'LOOP NEED END' an up-to-date installation system (and a code-signing
certificate) for modern operating systems. There is absolutely no way
around it. And if you are using an outdated development environment, you
have to replace incompatible commands with equivalents, e.g. RUN() with
ShellExecute(Ex).

And btw, this Clarion RUN() CreateProcess issue has been discussed years
ago! IIRC, in 2007 or 2008.

> The option "Remove Installer after Successful Installation" is what causes
> the crash. Once unchecked, RUN runs just fine!

Because this installer app is *NOT* Windows 7 nor Windows 8, 8.1, Windows
10, etc. compliant. And on top of this, not code-signed. Your old Clarion
environment uses the CreateProcess() Windows API in the RUN action and this
does not work as expected if you try to start an application which requests
administrator execution level privileges from a non-elevated running
application.

It's not the "Remove Installer after Successful Installation" option per-se
that causes it. The combination of RUN() and not-code-signed and the
application self-destruct mechanism brings "explorer.exe" down.

To cut a long story short, using completely outdated development software on
modern operating systems is a very dangerous plan with unknown consequences.

So, for the record, what is described here is only a problem if you are
using an outdated, non-code-signed installer (e.g. SetupBuilder 6 from 2008)
and an old Clarion development environment (where the RUN action makes use
of CreateProcess instead of ShellExecuteEx) on a modern Windows operating
system (e.g. Windows 7 and later).

Friedrich

Hi Friedrich

So C10 RUN() would use ShellExecute - correct?

Cheers
Andre

Hi Andre,

>
> So C10 RUN() would use ShellExecute - correct?
>

Yes, as far as I know, ShellExecuteEx.

Friedrich

Thanks - good to know.

Andre Labuschagne

Hi Friedrich,

See attached image (if appears as 'part1' just Save As
'CreateProcess12104.PNG') nothing in EXE except

run('c:\windows\notepad.exe')

with Clarion 10 latest build all APIs logged using API Monitor -
ShellExecute(Ex) is not listed - but CreateProcessA is used.

Tried with/without manifest requesting Administrator - same result.

Graham

Hi Graham,

> See attached image (if appears as 'part1' just Save As
> 'CreateProcess12104.PNG') nothing in EXE except
>
> run('c:\windows\notepad.exe')
>
> with Clarion 10 latest build all APIs logged using API Monitor -
> ShellExecute(Ex) is not listed - but CreateProcessA is used.
>
> Tried with/without manifest requesting Administrator - same result.

That's interesting. What happens when you RUN() from an "asInvoker"
manifested EXE a "requireAdministrator" manifested EXE? Does it launch or
do you see an Error 740? Do you see the same CreateProcessA API logged
using API Monitor?

Friedrich

Hi Friedrich,

All seems to be the same whatever the .manifest contains, no errors.
I even tried using RUN with an actual CCleaner setup.exe file
It still used CreateProcessA .

Graham

....without a manifest at all, and RUN(ning) CCSetu509.exe it calls
CreateProcessA as usual and then I get the UAC elevation request
because CCleaner setup requires it.

Graham

Hi Graham,

> ....without a manifest at all, and RUN(ning) CCSetu509.exe it calls
> CreateProcessA as usual and then I get the UAC elevation request because
> CCleaner setup requires it.

Yes, but the CreateProcessA API can't start (from an "asInvoker" manifested
and non-elevated running executable) a "requireAdministrator" manifested
EXE. This is impossible. CreateProcessA will always fail with error code
740 or "The requested operation requires elevation" in this case. Only
ShellExecute(Ex) can handle it.

Friedrich

> Yes, but the CreateProcessA API can't start (from an "asInvoker"
> manifested and non-elevated running executable) a "requireAdministrator"
> manifested EXE. This is impossible. CreateProcessA will always fail
> with error code 740 or "The requested operation requires elevation" in
> this case. Only ShellExecute(Ex) can handle it.

CreateProcess() always creates a child process with *same* permissions and
execution level. It can't escalate the privileges to a higher execution
level (e.g. from "non-elevated" to "elevated" is impossible).

Friedrich

Hi Friedrich,

Not sure I understand really?

This is what I have in the external manifest

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" />
</requestedPrivileges>
</security>
</trustInfo>

RUN uses CreateProcessA to try to start the setup.exe, and the setup
exe then requests UAC elevation.
I don't get any errors from the Clarion end at all.
It's definately using the external manifest because I added
'asAdministrator' instead of 'requireAdministrator' at one point by
mistake and got immediate SxS errors.

Graham

Hi Graham,

> Not sure I understand really?
>
> This is what I have in the external manifest
>
> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
> <security>
> <requestedPrivileges>
> <requestedExecutionLevel level="asInvoker" />
> </requestedPrivileges>
> </security>
> </trustInfo>

Yes, the above in the calling application (e.g. PARENT.EXE) that makes use
of RUN() to launch the CHILD.EXE.

And this in the EXE to be called:

> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
> <security>
> <requestedPrivileges>
> <requestedExecutionLevel level="requireAdministrator" />
> </requestedPrivileges>
> </security>
> </trustInfo>

> RUN uses CreateProcessA to try to start the setup.exe, and the setup
> exe then requests UAC elevation.
> I don't get any errors from the Clarion end at all.
> It's definately using the external manifest because I added
> 'asAdministrator' instead of 'requireAdministrator' at one point by
> mistake and got immediate SxS errors.

CreateProcess() creates a child process with same permissions and execution
level. It can't escalate the privileges to a higher execution
level. See this as an example:

http://www.lindersoft.com/projects/CreateProcess740_C6.zip

PARENT.EXE and CHILD.EXE are compiled with C6. PARENT.EXE is "asInvoker"
manifested and RUN() makes use of CreateProcessA. CHILD.EXE (displays a
simple "Hello world") is "requireAdministrator" manifested. PARENT.EXE can
NOT launch CHILD.EXE if it is running non-elevated (results in a Error 740).

Friedrich

Okay, and here the same source code compiled with C10. This works as
expected and does not result in Error 740.

http://www.lindersoft.com/projects/CreateProcess740_C10.zip

Friedrich

Hi Friedrich,

OK, this is what I see...

I copied your EXEs to the desktop and ran Parent.EXE - the API trace
shows that CreateProcessA _is_ called and does result in the error

740 = The requested operation requires elevation

but that error is not displayed instead the exe carries on running...
GetLastError retrieves the ERROR_ELEVATION error and the exe then
converts the command-line to WideChar and calls ShellExecuteW with
success.

So I guess that's the change between earlier versions of Clarion and
the later ones.
The later ones detect the 740 error and try to overcome it by running
ShellExecuteW

Graham

Hi Graham,

> All seems to be the same whatever the .manifest contains, no errors.
> I even tried using RUN with an actual CCleaner setup.exe file
> It still used CreateProcessA .

I think that is correct. It would call CreateProcessA but if it fails
due to UAC (think the error code is like 740 or something like that -
don't remember) it should then call ShellExecuteEx.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Graham,

> See attached image (if appears as 'part1' just Save As
> 'CreateProcess12104.PNG') nothing in EXE except

What software is that (the one in the screenshot, not being tested;)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Arnor,

It's Rohans API Monitor

http://www.rohitab.com/apimonitor

been using it for years now, really useful (if confusing).
It's a bit like ProcMon etc etc - the trick is getting the filters
correct so you're not swampped with info.

Although for something 'simple' like this turning everything on is a
good place to start.

Graham

....and it's free !!!

Graham

I am amazed that I've never heard of it. Sweet.

Jeff Slarve
www.jssoftware.com
Twitter free since Jan 11, 2016
I'll search help files & Google for you.

Grammar troll's, are the worse.

Hi Graham,

> It's Rohans API Monitor
>
> http://www.rohitab.com/apimonitor
>
> been using it for years now, really useful (if confusing).
> It's a bit like ProcMon etc etc - the trick is getting the filters
> correct so you're not swampped with info.
>
> Although for something 'simple' like this turning everything on is a
> good place to start.

Thank you, and Rohan, so much! I will immediately add it to my arsenal!

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Arnor,

>
> Thank you, and Rohan, so much! I will immediately add it to my arsenal!
>

I am using it for years. One of my top favorites and even works on Windows
10.

Friedrich

Hi Graham,

> So I guess that's the change between earlier versions of Clarion and the
> later ones.
> The later ones detect the 740 error and try to overcome it by running
> ShellExecuteW

Yes, in C6.3 RUN() would just fail, don't think it even returned an
error, if you tried to run elevated process from a non-elevated one.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

Hi Graham,

> So I guess that's the change between earlier versions of Clarion and the
> later ones.
> The later ones detect the 740 error and try to overcome it by running
> ShellExecuteW

IIRC, there were numerous modifications to RUN() in C7 and later Clarion
versions. In C10, RUN() seems to call ShellExecute only if CreateProcess
failed (with Error 740).

CreateProcess can't determine whether an application needs to be elevated
via UAC, so SV added some fallback code here (maximum backward compatibility
to older Clarion versions?). The recommended solution would be the switch
to ShellExecute(Ex) only.

Friedrich