Test Case 1: Verify all of the application’s executables contain an embedded manifest that define its execution level (Req:1.1)
This is a basic requirement for an application to run properly in Vista. Vista expects all executables (especially which requires admin right) have a manifest explicitly showing its run level. So an application without such manifest may behave erroneously when accessing protected resources. Applications accessing protected resources without proper manifest may result in virtualization issues.
Question: How we can create embedded manifest?
Answer:
Option #1 – Step-by-step approach
Create a native resource script file (AppName.rc)
#define RT_MANIFEST 24
#define APP_MANIFEST 1
APP_MANIFEST RT_MANIFEST AppName.exe.manifest
Compile the resources using the resource compiler (rc.exe)
rc.exe AppName.rc
Embed the resources to the executable during build process
csc /win32res:AppName.res AppName.cs
vjc /win32res:AppName.res AppName.jsl
vbc /win32resource:AppName.res AppName.vb
Option #2 – Use mt.exe (any language)
mt.exe -manifest AppName.exe.manifest –outputresource:AppName.exe;#1
Option #3 – Specify the manifest file in the Project Properties (C++ only)
Sample manifest:
<?xml version="1.0" encoding="utf-8" ?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="AppName"
type="win32" />
<description>App Description</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
<!-- level=”asInvoker” or level=”requireAdministrator” or level=”highestAvailable”-->
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Question: I have a third party un-manifested file, to which I can't embed. What should I do?
Answer: You can manifest these files externally. For that you need to create a simple text file with the same manifest and name it as <executable name>.exe.manifest and place it in the same folder as that of the exe. You can use/create any such manifest but that should have the following security section to be acceptable.
<trustInfo xmlns="urn:schemas-microsoft.com:asm.v2">
<requestedExecutionLevel level="asInvoker" />
Question: Application fails in Windows XP after a manifest is embedded. How can I rectify?
Answer: <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> should be used instead of .v3
Question: Although, we can get our executable manifested, we're getting an error when signing the exe with the signtool.exe.
Answer: You may try to manifest your file from the build event. You can create a post-build event for the project and apply mt to your output exe.
Here is the post-build event command (of the main application) with hard-coded path we tried. One can also achieve the same by using the pre-build event of the setup project.
"F:\Program Files\Microsoft SDKs\Windows\v6.0\Bin\mt.exe" -manifest "F:\Projects\TestVistaApp\TestVistaApp\TestVistaApp.manifest" -outputresource:"F:\Projects\TestVistaApp\TestVistaApp\obj\Debug\TestVistaApp.exe"
Please note the exe from the obj folder used in the above command. You can however use the VS environment macros for a generic command.
You may use the build event for signing your exe too. You can use the SignTool command with all necessary arguments in the post build event of your project by getting requisite information from some registry location.
Reference:
MSDN Blog: http://blogs.msdn.com/cheller/archive/2006/08/24/how-to-embed-a-manifest-in-an-assembly-let-me-count-the-ways.aspx