Recently, someone asked me this question in e-mail -- “How do I get my application to run elevated when someone launches it?” Instinctively, I responded with a “You need to manifest it.” I got a nice long e-mail in return. ;-) I quickly realized that application manifests appear simple but are quite confusing. Manifests are becoming very relevant as they control much more application behavior in Windows 7 and future OS’s. Any application that targets Vista or greater, should contain an application manifest.
You might be wondering if your exe’s have embedded manifest and what they look like. My favorite tool to dump a manifest is sigcheck. Use the –m switch to dump the manifest. E.g. sigcheck.exe –m myapp.exe
This executable is a native C++ program.
D:\dev\legacyUAC\Debug>sigcheck.exe -m legacyUAC.exe
sigcheck v1.60 - sigcheck Copyright (C) 2004-2009 Mark Russinovich Sysinternals - www.sysinternals.com
D:\dev\legacyUAC\Debug\legacyUAC.exe: Verified: Unsigned File date: 7:43 PM 10/26/2009 Strong Name: Unsigned Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a Manifest: ∩╗┐<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.VC90.DebugCRT" version="9.0 .21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> </dependentAssembly> </dependency> </assembly>
This executable is a .NET C# program.
D:\dev\legacyDPI\legacyDPI\bin\Debug>sigcheck.exe -m legacyDPI.exe
D:\dev\legacyDPI\legacyDPI\bin\Debug\legacyDPI.exe: Verified: Unsigned File date: 3:06 PM 11/12/2009 Strong Name: Unsigned Publisher: Microsoft Description: legacyDPI Product: legacyDPI Version: 220.127.116.11 File version: 18.104.22.168 Manifest: ∩╗┐<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="22.214.171.124" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
If you are wondering what those three weird characters at the beginning of the manifest are, it is the byte order mark. I talk about it in this post.
An external manifest is a text file that contains the manifest XML. The file must exist in the same directory as the executable and have the same name with a “.manifest” extension. For example, if the name of your executable is MyApp.exe, your manifest file would be named “MyApp.exe.manifest”.
Remember, in Vista and beyond, embedded manifests have priority over external manifests. Therefore, if the executable already has an embedded manifest, the external manifest will be ignored.
There are two ways you can embed a manifest. You can have the compiler embed it or you can embed it with the manifest tool (mt.exe) included in the Platform SDK.
Visual Studio 2008 has functionality to embed manifest for native and managed projects.
For Visual Studio 2005, Catherine Heller has a great post on how to embed manifests in your build process.
The manifest tool is a command line tool that lets you add or merge manifests to an executable. For usage, check the MSDN article for the Manifest Tool. Here’s an example for adding a manifest to an executable:
mt.exe -manifest MyApp.exe.manifest -outputresource:MyApp.exe;#1
You will be modifying the binary when you embed the manifest. If your exe was signed, this will invalidate the signature and it will need to be re-signed.
Windows 7 introduced “switchback” into the manifest by adding a <compatibility> section to the manifest. This allows you to state what OS you support. So, if you insert the tag that you support Windows 7, you will get a handful of new behaviors. Otherwise, your app will “switchback” to the Vista behavior. The plan is to use this section to make better choices for compatibility behaviors in future OS’s. When adding manifests to applications, consider adding the supportedOS tag.