How to detect if launching through ShellExecuteEx is cancelled by UAC

Question

I launch the exe through ShellExecuteEx:

tstring sPath = _T("C:\\Test\\MyApp.exe");
tstring sArgs = _T("/S");
SHELLEXECUTEINFO lpExecInfo = {0,};
lpExecInfo.cbSize  = sizeof(SHELLEXECUTEINFO);
lpExecInfo.lpFile = sPath.c_str();
lpExecInfo.fMask=SEE_MASK_NOASYNC ;     
lpExecInfo.hwnd = NULL;
lpExecInfo.lpVerb = NULL;
lpExecInfo.lpParameters = sArgs.c_str();
lpExecInfo.lpDirectory = NULL;
lpExecInfo.nShow = SW_SHOWNORMAL;

if (!ShellExecuteEx(&lpExecInfo)) {
    // handle the error
    throw CException("Cannot launch an application");
}

int nRes = (int)lpExecInfo.hInstApp; // nRes = 42
DWORD dwErr = GetLastError(); // dwErr = 0

How can I detect if launching is cancelled by UAC? ShellExecuteEx succeeds in this case (hInstApp = 42, GetLastError returns 0).

Thanks

Answer 1

If ShellExecuteEx() is not returning an error, then there is nothing you can do to detect a UAC cancellation that is occuring outside of ShellExecuteEx's control.

What you should be doing is using CreateProcess() instead. That will return an error if UAC rejécts the new process. Don't use ShellExecuteEx() to launch an .exe file, unless you use the "runas" verb to force a UAC prompt.

Answer 2

Now the problem is that CreateProcess succeeds in both cases, when launching is cancelled and is not cancelled. The question is that how to detect when it is cancelled?

Probably not being able to detect whether elevated launch succeeded or failed is a security feature. Else you could probe the system for installed software you should not know about.

Answer 3

FAR Manager is able to detect the UAC cancellation even when using ShellExecuteEx.

   ╔════════════ Error ═════════════╗
   ║      Operation cancelled       ║
   ║         Cannot execute         ║
   ║ D:\Downloads\fiddler4setup.exe ║
   ║               OK               ║
   ╚════════════════════════════════╝

I've checked what happens under debugger and here's how the struct looks like:

lpVerb = "open";
lpFile = <path to the .exe>;
lpParameters = "";
lpDirectory = <current directory>;
nShow = SW_SHOWNORMAL;
fMask = SEE_MASK_NOCLOSEPROCESS|SEE_MASK_NOASYNC|
   SEE_MASK_FLAG_NO_UI|SEE_MASK_NOZONECHECKS; // 0x800540

You can check the whole magic they do in the source code.