install pip install -U soda-surun surun-install The installation requires admin priviledges. You need to logout and login after installation. You may need to re-login on browsers for all websites because of credential change. install from source The source code was also released on PYPI. You can also choose to install from source. You need to install VS2022 community/buildtools with C++ workload and ATL&MFC. see dev for more details. To install from source: ...

https://learn.microsoft.com/en-us/cpp/build/reference/vcxproj-file-structure?view=msvc-170 If you intend to maintain your project properties in the IDE, we recommend you only create and modify your .vcxproj projects in the IDE, and avoid manual edits to the files. In most cases, you never need to manually edit the project file. Manual edits may break the project connections required to modify project settings in the Visual Studio property pages, and can cause build errors that are difficult to debug and repair. For more information about using the property pages, see Set C++ compiler and build properties in Visual Studio. ...

reference docs from surun_tools.glob1 import glob_files for i in glob_files("*.manifest"): print(i) C:\src\surun\install_surun\app.manifest C:\src\surun\resources\app.manifest C:\src\surun\surun_com\resources\app.manifest C:\src\surun\tests\TestScreenshot\app.manifest An application manifest (also known as a side-by-side application manifest, or a fusion manifest) is an XML file that describes and identifies the shared and private side-by-side assemblies that an application should bind to at run time. These should be the same assembly versions that were used to test the application. Application manifests might also describe metadata for files that are private to the application. ...

always use debug builds for simplified debugging, and, no create so much intermidiate directories that’s hard to clean. always build a python package around C++ files. that makes you see the structure, and simplify it; that means, you will create directories for scripts, docs, and tests. Do not use cmake. Visual Studio for code editing & language server, VSCode for data analysis, Github Desktop for code commit. Don’t try to fix any of the project build warnings, except for some very basic ones. ...

ToDo: Handle ??\C:\Windows\System32\conhost.exe* make Tray Windows for automagically started apps configurable Hooks must directly write to Service pipe on Win x64 detect x32 Executables on x64 hook (ShellExecute32->WoW->CreateProcess64) On ShellExec/IAT-Hook: Create Process suspended! Hooks must resume process. Create Inline Hook instead of IAT-Hook GUI for SwitchToUser Create a “Default” SuRunner for users that are not in “SuRunners” MAP network drives Checksums for “Always Yes” programs use IContextMenu2/IContextMenu to implement an Icon/Popup menu Console SuRun support LOG-File for SuRun activity To be done in future: Use Radio-Buttons for (normal/elevated) Auto-Magic Hide/Show all context menu entries consistently make all context menu entries dynamically with ShellExt (E.g.: msi with popup-menu) Deferred Whishlist: icons for SuRuns context menu entries Intercept CreateProcessAsUser in services and check for programs started with limited rights that need to be started as admin SuRun Changes: SuRun 1.2.1.6b1 - 2022-10-03 FIX: SuRun needs to borrow the Process Token from LSASS.exe to get the SeCreateTokenPrivilege, this did not work with PPL enabled (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa,RunAsPPL") This has been fixed SuRun 1.2.1.5 - 2021-09-16 FIX: SuRun got a new option to delay the service start. This is a workaround to Stop Windows from deleting saved credentials. SuRun 1.2.1.4 - 2020-09-24 (silent update) FIX: Control Panel As Administrator did not work anymore in Windows 10 2004 SuRun 1.2.1.4 - 2019-09-24 Released 1.2.1.4 SuRun 1.2.1.4b1 - 2019-05-11 FIX: SuRun’s “H.I.P.S. Warning” Window did not show on user’s desktop FIX: GetEffectiveRightsFromAcl BUGs in Windows 10 1809, replaced the function SuRun 1.2.1.3 - 2019-01-28 Released 1.2.1.3 SuRun 1.2.1.3rc1 - 2017-10-23 CHG: Made Hooks Windows 10 1709 compatible. SuRun 1.2.1.3b3 - 2017-08-20 NEW: SuRun detects renamed computer and imports user’s settings FIX: User Bitmaps for Domain Users were not shown SuRun 1.2.1.3b2 - 2017-08-09 NEW: Moderated Restricted Surunners. (“User can only run predefined programs with elevated rights”) If a restricted SuRunner tries to run a non validated Programm with elevated rights, SuRun will now ask for Administrator credentials to launch the program elevated in the user’s context. FIX: Fixed Spanish Resources SuRun 1.2.1.3b1 - 2017-03-11 NEW: SuRun Executables are digitally signed CHG: Changed SuRun’s Context Menu Strings from “<…>” to “SuRun: <…>” FIX: Members of “Power Users” and “Backup Opeators” could not use SuRun FIX: Bug in IAT-Hooks made Internet Explorer Crash on Windows 10 SuRun 1.2.1.2 - 2015-08-09 CHG: Made Hooks Windows X compatible. SuRun 1.2.1.1 - 2015-02-15 NEW: Option to hide SuRun’s “green smiley” tray icon NEW: Support for Windows 8 and Windows 8.1 CHG: Option “remember password” in RunAs-Dialog is grayed out when SuRun always asks for the user’s password CHG: In Windows Vista and later SuRun does not modify registry settings for UAC “Run as administrator”. This enables ++ for pinned programs in Explorer. CHG: The hooks ignore all command lines with “://” before the first " “. So any http://www.yyy.zzz commands are initially ignored. CHG: IAT-Hook intercepts ShellExecute and friends because Windows does not support SEE_MASK_NOCLOSEPROCESS in IShellExecuteHook. CHG: A Bug in Online Armor makes any program crash, that is using the Exit Code (NOT GetCurrentProcessId()), as SuRun did, before this change. FIX: User Bitmap Display on confirmation and runas dialogs did not show FIX: SuRun’s menu item “SuRun: Empty Recycle Bin” was not uninstalled FIX: Long command lines were not displayed ok on confirmation dialogs FIX: /SWITCHTO did not work in Windows XP x32. FIX: Saving Passwords failed in Windows 2000 FIX: When using SuRun /RunAs, if the user name was cleared, SuRun deleted the SuRun settings for all users. This caused any “SuRunners” member to get full access to the system. The Bug appeared with SuRun’s /RunAs support in version 1.2.0.0. FIX: Changed permissions of started Programs for Jumplist compatibility. FIX: SuRun’s hooks were not x86 and x64 “cross compatible”. FIX: SuRun’s 32Bit IAT-Hook caused a General Protection Fault in the 32Bit Office Help viewer on x64 Windows 7. FIX: On all Windows x64 Systems SuRun’s hooks did not return a valid process handle. FIX: If a user started “SuRun.exe /”, did have no extension and one of .[lnk|cmd|bat|com|pif] were present in “[HKCU|HKLM]\Software\Microsoft\Windows\CurrentVersion\App Paths” then SuRun asked for AnyCommand. to be run as Administrator. Example: If you installed Defraggler and then started http://www.piriform.com/Defraggler from Explorer, then SuRun asked if you want to launch C:\Program Files\Defraggler\Defraggler64.exe with elevated rights. FIX: ShellExecuteHook asked to start file.exe when file.exe.ext was run SuRun 1.2.1.1b8 - 2013-09-03 NEW: Option to hide SuRun’s “green smiley” tray icon CHG: command lines with “://” before the first " " are ignored by the hooks CHG: Application Manifest support for Windows 8 and Windows 8.1 FIX: Implemented Q&D fix to hook Windows 8.1 “api-ms-win--l1-” DLLs FIX: Saving Passwords failed in Windows 2000 SuRun 1.2.1.1b7 - 2013-02-24 FIX: SuRun’s 32Bit IAT-Hook GPF’d in 32Bit Office Help viewer on x64 Win7 SuRun 1.2.1.1b6 - 2013-01-05 FIX: SuRun’s menu item “SuRun: Empty Recycle Bin” was not uninstalled FIX: /SWITCHTO did not work in XPx32 CHG: In Windows Vista and later SuRun leaves UAC “Run as administrator” as it is. This enables ++ for pinned programs in Explorer. SuRun 1.2.1.1b5 - 2012-12-12 FIX: If you started “SuRun.exe /AnyCommand”, AnyCommand did have no extension and any of AnyCommand.[lnk|cmd|bat|com|pif] were present in “[HKCU|HKLM]\Software\Microsoft\Windows\CurrentVersion\App Paths” then SuRun asked for AnyCommand. to be run as Administrator. Example: If you installed Defraggler and then started http://www.piriform.com/Defraggler from Explorer, then SuRun asked if you want to launch C:\Program Files\Defraggler\Defraggler64.exe with elevated rights. FIX: In any Windows x64 the 32 Bit Hooks started “SuRun32.bin /TestAA” instead of SuRun.exe. This caused SuRun32.bin to block the hooked program for a while and to not elevate the to be started program. CHG: Fix for Bug in Online Armor. Online Armor makes any program crash, that is using the Exit Code (~GetCurrentProcessId()). CHG: IAT-Hook intercepts ShellExecute and friends because Windows does not support SEE_MASK_NOCLOSEPROCESS in IShellExecuteHook. CHG: Option “remember password” in RunAs-Dialog is grayed out when SuRun always asks for the user’s password SuRun 1.2.1.1b4 - 2012-11-27 FIX: When using SuRun /RunAs, if the user name was cleared, SuRun deleted the HKLM\Security\SuRun Registry key. All SuRun settings in that registry location were lost. This caused “SuRunners” members to get full access to the system. The Bug appeared with SuRun’s /RunAs support in version 1.2.0.0. SuRun 1.2.1.1b3 - 2012-11-19 FIX: On all Windows x64 Systems SuRun’s hooks did not return a valid process handle until now. FIX: SuRun’s hooks were not x86 and x64 “cross compatible”. If an x64 hook catched an x86 call, the hooks could cause a GPF, because SuRun wrote a PROCESS_INFOROMATION structure to the client process and that structure has different sizes on x86 and x64. SuRun 1.2.1.1b2 - 2012-11-12 FIX: Implemented Q&D fix to hook Windows 8 “api-ms-win-*-l1-1-1” DLLs FIX: Changed permissions of started Apps (SetAdminDenyUserAccess) for Windows 7 Jumplist compatibility FIX: ShellExecuteHook asked to start file.exe when file.exe.ext was run FIX: User Bitmap Display on confirmation and runas dialogs did not show FIX: Long command lines were not displayed ok on confirmation dialogs SuRun 1.2.1.0 - 2011-12-30 NEW: French resources by Laurent Hilsz. Thanks! NEW: Portuguese language resources by “the.magic.silver.bullet” Thanks! NEW: Command “SuRun: Empty recycle bin” in Recycle Bin context menu NEW: In Vista and Win7 SuRun’s system menu and context menu entries show a SuRun Shield icon NEW: /USER command line parameter for specifying the RunAs user NEW: /LOW command line parameter to force launching processes non elevated /LOW you can even start programs that UAC would not allow to be run low (E.g. Regedit.exe) NEW: User SYSTEM is supported for /RUNAS, but only when used by a non restricted SuRunner or by a real Administrator NEW: InstallSurun and SuRun set DEP permanently ON NEW: SuRun’s binaries are flagged to use ASLR NEW: SuRun’s /RunAs has a new “Run elevated” Checkbox for non restricted SuRunners and Administrators NEW: The display time for the “program was started automagically message” can be set CHG: Removed dependencies on wtsapi32.h and wtsapi32.lib CHG: added bin\Crypt32x64.Lib and bin\Crypt32x86.Lib because Crypt32.Lib is missing in VS2005. FIX: Two or more spaces after a direct SuRun command line option caused SuRun to just exit. (E.g.: “SuRun /wait cmd”) FIX: Fixed implementation of CreateProcessAsuserA IAT-Hook FIX: Updating SuRun with a different locale failed. An English SuRun could not be updated by a French SuRun because the SuRun service name was localized. FIX: “(Re-)Start as Administrator” did not work with captionless Windows FIX: IAT-Hook prevented SwitchDesktop in AVAST and caused a system deadlock FIX: If SuRun starts %windir%\system32\cmd.exe it inserts a /D option into the command line to avoid cmd from running AutoRuns FIX: IAT-Hooks are directly loaded without a separate thread. If that GPF’s, a thread is created to load the hooks. FIX: Command lines with >4096 characters caused a GPF in the SuRun client and the Hooks FIX: SuRunExt.Dll prevents unloading SuRunExt.Dll dynamically. This effectively eliminated GPFs in SuRunExt.Dll_unloaded on my Win7pro system. SuRun 1.2.1.0 rc6 - 2011-12-29 NEW: The display time for the “program was started automagically message” can be set SuRun 1.2.1.0 rc5 - 2011-12-22 FIX: Command lines with >4096 characters caused a GPF in the SuRun client and the Hooks SuRun 1.2.1.0 rc4 - 2011-12-21 CHG: “Replace RunAs with SuRuns RunAs” now also handles “runasuser” in Vista++, preserves the Menu visibility (“Extended” Value) and replaces Windows UAC entries by SuRun’s “Start as Administrator” SuRun 1.2.1.0 rc3 - 2011-12-18 CHG: SuRun uses a custom Menu icon. SuRun 1.2.1.0 rc2 - 2011-12-16 FIX: Command “SuRun: Empty recycle bin” caused SuRun to sometimes not work (Automagic etc.) NEW: In Vista and Win7 SuRun’s system menu and context entries show the LUA Shield SuRun 1.2.1.0 rc1 - 2011-12-14 NEW: Command “SuRun: Empty recycle bin” in Recycle Bin context menu FIX: Two or more spaces after an SuRun Option in the command line caused SuRun to just exit. (E.g.: “SuRun /wait cmd” SuRun 1.2.1.0 Beta 10 - 2011-10-17 FIX: Fixed implementation of CreateProcessAsuserA IAT-Hook FIX: IAT-Hook sometimes failed with ASLR enabled NEW: PORTUGUESE language resources by “the.magic.silver.bullet” SuRun 1.2.1.0 Beta 9 - 2011-07-06 NEW: User SYSTEM is supported for /RUNAS, but only when used by a non restricted SuRunner or by a real Administrator SuRun 1.2.1.0 Beta 8 - 2011-06-24 NEW: /USER command line parameter for specifying the RunAs user NEW: /LOW command line parameter for launching non elevated processes FIX: “runas” was not handled by ShellExecuteHook of last beta SuRun 1.2.1.0 Beta 7 - 2011-06-02 NEW: French resources by Laurent Hilsz. Thanks! FIX: Updating SuRun with a different locale failed. An English SuRun could not be updated by a French SuRun because the SuRun service name was localized. NEW: Removed dependencies on wtsapi32.h and wtsapi32.lib NEW: added bin\Crypt32x64.Lib and bin\Crypt32x86.Lib because Crypt32.Lib is missing in VS2005. SuRun 1.2.1.0 Beta 6 - 2011-05-03 NEW: partly French resources by Laurent Hilsz. Thanks! FIX: “(Re-)Start as Administrator” did not work with captionless Windows FIX: IAT-Hook prevented SwitchDesktop in AVAST and caused a system deadlock SuRun 1.2.1.0 Beta 5 - 2011-03-18 FIX: Install Hardware automatically as administrator did not work in all 1.2.1.0 Betas. SuRun 1.2.1.0 Beta 4 - 2011-02-24 NEW: InstallSurun and SuRun set DEP permanently ON NEW: All files are compiled DEP compatible and with ASLR ON SuRun 1.2.1.0 Beta 3 - 2011-02-15 NEW: SuRun’s RunAs has a new “Run elevated” Option for non-restricted SuRunners and Administrators SuRun 1.2.1.0 Beta 2 - 2011-02-15 FIX: If SuRun starts %windir%\system32\cmd.exe it inserts a /D option into the command line to avoid cmd from running AutoRuns SuRun 1.2.1.0 Beta 1 - 2011-02-01 IAT-Hooks are directly loaded without a separate thread. When that GPF’s, a thread is created to load the hooks. SuRunExt.Dll uses GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_PIN,…) to prevent unloading the Dll dynamically. This effectively eliminated GPFs in SuRunExt.Dll_unloaded on my Win7pro system. SuRun 1.2.0.9 - 2010-12-23 NEW: In Windows 7 Explorer can be launched with elevated rights. NEW: The local System is allowed as user for Backup/Restore. NEW: If “Start the program automagically with elevated rights.” and “NEVER start this program with elevated rights.” are both checked, SuRun directly starts the program with the rights of the current user. (Automagic starts Application “non elevated” on “AutoExec” and “AutoCancel”) NEW: SuRun’s ShellExecute Hook let’s non-“SuRunners” use SuRun’s “Run as…” NEW: SuRun can be forced to store and use a user’s real password. This hopefully solves problems in domain networks. NEW: Polish resources by Junne. Thanks! NEW: SuRun handles ShellExecute’s “runas” verb “Replace RunAs with SuRuns RunAs” is activated NEW: SuRun remembers the last /RunAs user CHG: In Vista and Windows 7 “Control Panel as Administrator” starts the “Control Panel Main page” CHG: SuRun uses CryptProtectData() for encrypting user passwords. This encryption uses a master key derived from the user’s Windows password. CHG: If the SuRun service fails to start a Program, it tries to start the Program with impersonation. First as local Administrator and then, as the current user. FIX: When using the black high contrast theme, in some of SuRun’s windows no text was visible. FIX: SuRun’s Context Menu Extension adds it’s items only once. When right clicking the folder tree in Windows 7 Explorer calls the extension twice, one time for the folder and one time for the folder background. FIX: SuRun’s Tray symbol is better BlackBox (bBBlean) taskbar compatible FIX: SuRun keeps safe Desktop WatchDog happy when scanning for domain users FIX: With “Require the user’s password” active and timed out in domains for approved programs SuRun GPF’ed silently FIX: Hooks are set in a separate thread to avoid GPFs in “SuRunExt.dll_unloaded”. FIX: Hook initialisation uses an exception filter that restarts Hook initialisation on access violation FIX: InstallSuRun terminated silently on Windows 7 with Aero. SuRun 1.2.0.9 rc - 2010-12-22 CHG: Updated language resources SuRun 1.2.0.9 rc2 - 2010-12-13 NEW: B&W Icon SuRun 1.2.0.9 rc1 - 2010-12-03 CHG: In Vista/Win7 Control Panel as Administrator” starts “Control Panel Main page” SuRun 1.2.0.9 Beta15 - 2010-11-08 CHG: SuRun uses CryptProtectData() for storing user passwords. This encryption uses a master key derived from the user’s Windows password. NEW: SuRun can be forced to store and use a user’s password. This hopefully solves problems with domain networks. NEW: SuRun’s ShellExecute Hook let’s non-SuRunners use SuRun’s “Run as…” FIX: When using the black high contrast theme, in some of SuRun’s windows no text was visible. CHG: ScreenSnap uses CreateDIBSection instead of Get-/SetDIBits SuRun 1.2.0.9 Beta14 - 2010-08-04 If CreateProcessAsUser fails, SuRun’s service impersonates first as Admin and if that fails too, it impersonates as logged on user SuRun 1.2.0.9 Beta13 - 2010-07-21 SuRun’s service tries to impersonate the user on ERROR_INVALID_PASSWORD SuRun 1.2.0.9 Beta12 - 2010-06-30 SuRuns Context Menu Extension add it’s items only once. When righ clicking the folder tree in Win7 Explorer calls the extension twice, one time for the folder and one time for the folder background. IAT-Hook explicitly loads SuRunExt.dll to avoid unloading the Dll too early. In Win7 x64 a call to LoadLibW() in Unloaded_SuRunExt.dll GPFed. SuRun 1.2.0.9 Beta11 - 2010-06-28 Windows 7 Explorer can be launched with admin rights by cheating the registry (AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}",“RunAs”) THANKS to Junne!!! SuRunExtDll export functions wait for Initproc to be done SuRun 1.2.0.9 Beta10 - 2010-01-12 FIX: SuRuns second service instance did not realize if the client process has admin rights and thus it asked the user to become a SuRunners member. SuRun 1.2.0.9 Beta 9 - 2010-01-11 NEW: Local System is accepted as user for Backup/Restore NEW: If “Start the program automagically with elevated rights.” and “NEVER start this program with elevated rights.” are both checked, SuRuns Hooks directly start the program with the rights of the hooked user process. (Automagic starts App “non elevated” on “AutoExec” and “AutoCancel”) CHG: Updated polish language (special characters) FIX: Made SuRuns Tray symbol better BlackBox (bBBlean) taskbar compatible FIX: SuRun keeps WatchDog happy when scanning for domain users FIX: Fixed white backgroud color in SuRun’s dialogs SuRun 1.2.0.9 Beta 8 - 2009-11-23 *NEW: POLISH resources by junne *CHG: Updated Dutch resources by Stephan Paternotte *FIX: Require the user’s password after timeout and in domains for approved programs GFP’ed silently ...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values *Richtlinien f�r Lokaler Computer Computerkonfiguration Windows-Einstellungen Sicherheitseinstellungen Lokale Richtlinien Sicherheitsoptionen Systemobjekte: Standardbesitzer f�r Objekte, die von Mitgliedern der Administratorengruppe erstellt werden ->Administratorengruppe -»in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa nodefaultadminowner,DWORD: 1=Objektersteller; 0=Administratorengruppe; default=1 *Richtlinien f�r Lokaler Computer Computerkonfiguration Windows-Einstellungen Sicherheitseinstellungen Lokale Richtlinien Sicherheitsoptionen Konten: Lokale Kontenverwendung von leeren Kennw�rtern auf Konsolenanmeldung beschr�nken -»in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa limitblankpassworduse,DWORD: 1=leere Kennw�rter nicht zul�ssig; 0=leere Kennw�rter zul�ssig; default=1 *Richtlinien f�r Lokaler Computer Computerkonfiguration Windows-Einstellungen Sicherheitseinstellungen Lokale Richtlinien Zuweisen von Benutzerrechten ...

============================================================================== SuRun… Super User Run by Kay Bruns (c) 2007-19 SuRun? SuRun eases using Windows 2000 to Windows Vista with limited user rights. With SuRun you can start applications with elevated rights without needing administrator credentials. The idea is simple and was taken from SuDown (http://SuDown.sourceforge.net). The user usually works with the pc as standard user with limited rights. If a program needs administrative rights, the user starts “SuRun ”. SuRun then asks the user in a secure desktop if should really be run with administrative rights. If the user acknowledges, SuRun will start AS THE CURRENT USER but WITH ADMINISTRATIVE RIGHTS. ...