Open HuntCode opened 10 months ago
robmikh
commented
10 months ago Generally there are a few conditions where CreateFromMonitor can give you an access denied error:
Aside from that, the API works best if used from the same user account as the interactive session. Using the SYSTEM account or calling from a non-interactive session is not supported at this time.
HuntCode
commented
10 months ago Thanks for your answer
In my cases, "If I switch Standard User Logon Windows, app works fine when double click run, but access_denied in CreateForMonitor when run as Administrator"
Using the SYSTEM account or calling from a non-interactive session is not supported at this time.
This is the reason?so even Administrator couldn't capture stantard user's monitor?
case 3) The only clue I guess is the Electron's constraint, but I'm not familiar with it, so I don't kown why when run as admin, CreateFromMonitor return access denied error, LowIL? How to resolve this issue? or I can use DXGI?
robmikh
commented
10 months ago Running elevated as the same user shouldn't impact the capture API, but running as a different user will.
You can give DDA a try, it is allowed as the SYSTEM user (and that will allow you to capture the secure desktop).
What are the steps you take to run the application as administrator that causes it not to work? I can't repro this.
HuntCode
commented
10 months ago Running elevated as the same user shouldn't impact the capture API, but running as a different user will.
| Yes, I think this is the reason for my case 1) and 2),result like the table below: | Windows User | Run as Admin | C# | MFC Demo |
|---|---|---|---|---|
| Administrator | asInvoker(double click run) | work fine | work fine | |
| Administrator | Admin | work fine | work fine | |
| Standard User | asInvoker(double click run) | work fine | work fine | |
| Standard User | Admin | don‘t work | don‘t work |
The dependence is app->A.dll->OBS libs(use IGraphicsCaptureItemInterop::CreateForMonitor)
This is not my key question, I can understand the reason you point out
What are the steps you take to run the application as administrator that causes it not to work? I can't repro this.
Sorry, maybe my description is not clear?
In case 3), I write an Electron app through C++ addons(wrapped with A.dll), the dependence is Electron app->addon.node->A.dll->OBS libs(use IGraphicsCaptureItemInterop::CreateForMonitor)
| Windows User | Powershell | Electron app |
|---|---|---|
| Administrator | click run(non-admin) | work fine |
| Administrator | Run as Admin | don‘t work |
| Windows User | Debug with VS2022 | Electron app | C# | MFC Demo |
|---|---|---|---|---|
| Administrator | non-admin launch VS2022 | work fine | work fine | work fine |
| Administrator | Admin launch VS2022 | don‘t work | work fine | work fine |
Debug Electron app with VS2022(non-admin launch)
The IntegrityLevel is SECURITY_MANDATORY_MEDIUM_RID(8192) and the CreateForMonitor is OK, so can capture the monitor
Debug Electron app with VS2022(admin launch)
The IntegrityLevel is SECURITY_MANDATORY_HIGH_RID(12288) and the CreateForMonitor is access_denied, so can't capture the monitor
So I don't know if the electron has some constraint or something else?
HuntCode
commented
10 months ago Debug MFC app with VS2022(non-admin launch)
The IntegrityLevel is SECURITY_MANDATORY_MEDIUM_RID(8192) and the CreateForMonitor is OK, so can capture the monitor
Debug MFC app with VS2022(admin launch)
The IntegrityLevel is SECURITY_MANDATORY_HIGH_RID(12288) and the CreateForMonitor is OK, so can capture the monitor
GetProcessIL is from Cannot use IGraphicsCaptureItemInterop::CreateForWindow with electron apps #111
Hello, I developed A.dll with OSB libs(use IGraphicsCaptureItemInterop::CreateForMonitor),A.dll used default UAC level like:
Three apps use A.dll : 1) C#(wpf) app doesn't have a UAC shield, when Administrator User Logon Windows, app works fine both when double click run and run as Administrator. I think the process level is right, so app works fine. If I switch Standard User Logon Windows, app works fine when double click run, but access_denied in CreateForMonitor when run as Administrator, in this case I think the process level or token info is not matched. 2)I also write a MFC demo with default UAC level(asInvoker), the running performance is the same as C# app 3)Electron app through C++ addons(wrapped with A.dll), when run use non-admin Powershell, it works fine, but it doesn't work when use admin Powershell(access_denied in CreateForMonitor)
I use VS2022 and log in to Windows as an administrator. I found that when I launch VS2022 and debug with electon app, it works fine, but it doesn't work when I launch VS2022 as an administrator. The running performance is the same as run with Powershell
so I'm confused,is it a program permission problem?
Some similar but unsolved issues: Cannot use IGraphicsCaptureItemInterop::CreateForWindow with electron apps#111 winrt::hresult_access_denied in CreateForWindow in some cases#49