DevCorner: Debug Applications with uiAccess Set to “True”

Set up the uiAccess flag

In Camtasia Studio, our screen capture application needs to be able to capture some Windows events globally, and this uiAccess flag needs to be “true” so it has the access privilege. This screenshot shows how you may enable this flag in Visual Studio 2010 IDE:

6-29-2014 10-28-38 PM

When the manifest file has the uiAccess flag set to “true” and the level set to “asInvoker” then UAC will not prompt for approval. However, the exe must also be digitally signed or the error message “A referral was returned from the server” is returned which is misleading, to say the least. A final piece of the puzzle is that this exe must also be located in a trusted folder that only Administrators have write access to, such as a subfolder of Program Files. If you run this exe in a regular folder, the uiAccess flag will be ignored and you may not be able to capture certain events. Simply put, if you miss any of the four pieces (uiAccess flag, asInvoker flag, digitally signed and being in a trusted folder), you won’t be able to capture all the global events you want.

Debug the application on a developer’s machine

We usually have the build server to digitally sign the exe for the installer and this brings up one of the challenges when we debug this exe in our local developer machine–how do we run and debug it when it is not digitally signed? One way to somewhat get around this is to run the exe with uiAccess set to “false.” However, like we have mentioned above–it works most of the time, but you won’t be able to capture all the global events with this uiAccess flag being turned off. Another way probably is to disable the UAC (User Account Control). But since this is not what average users would do and we want to debug with an environment that is the closest to what most people would run our software.

After some research (see the Reference links below for details), this is what has worked out for me:

  • Run Visual Studio (I have VS 2010) command prompt as administer
  • Browse to the folder where I have my application installed (eg: under \Program Files (x86)\)
  • Execute commands to create a trusted root certificate

o   makecert -r -pe -n “CN=Test Certificate – For Internal Use Only” -ss PrivateCertStore testcert.cer

o   certmgr.exe -add testcert.cer -s -r localMachine root

  • Execute the command to sign the file

o   SignTool sign /v /s PrivateCertStore /n “Test Certificate – For Internal Use Only” /t CamRecorder.exe

Here is the screenshot of the command prompt window.

6-29-2014 10-43-09 PM

Hope this helps if you have the similar situation. Also I’d like to hear from you if you have any comments or even better solution on this issue.

Reference links:

Kevin Liu

Kevin Liu is a Sr. Software Engineer on Camtasia Studio team. He likes photography in his spare time and also enjoys singing (loudly) in his basement on his karaoke machine when all his neighbors are out on vacations. He lives in Okemos, Michigan with his wife and two daughters.