Support Always Run As Administrator

Flow.Launcher.Core/Configuration/Portable.cs

@@ -48,7 +48,7 @@
                 API.ShowMsgBox("Flow Launcher needs to restart to finish disabling portable mode, " +
                     "after the restart your portable data profile will be deleted and roaming data profile kept");
 
-                UpdateManager.RestartApp(Constant.ApplicationFileName);
+                API.RestartApp();
             }
             catch (Exception e)
             {
@@ -62,17 +62,17 @@
             {
                 MoveUserDataFolder(DataLocation.RoamingDataPath, DataLocation.PortableDataPath);
 #if !DEBUG
                 // Remove shortcuts and uninstaller are not required in debug mode, 
                 // otherwise will delete the actual installed production version
                 RemoveShortcuts();
                 RemoveUninstallerEntry();
 #endif
                 IndicateDeletion(DataLocation.RoamingDataPath);
 
                 API.ShowMsgBox("Flow Launcher needs to restart to finish enabling portable mode, " +
                     "after the restart your roaming data profile will be deleted and portable data profile kept");
 
-                UpdateManager.RestartApp(Constant.ApplicationFileName);
+                API.RestartApp();
             }
             catch (Exception e)
             {
@@ -88,10 +88,10 @@
             portabilityUpdater.RemoveShortcutsForExecutable(Constant.ApplicationFileName, ShortcutLocation.Startup);
         }
 
         public void RemoveUninstallerEntry()
         {
             using var portabilityUpdater = NewUpdateManager();
             portabilityUpdater.RemoveUninstallerRegistryEntry();
         }
 
         public void MoveUserDataFolder(string fromLocation, string toLocation)

Flow.Launcher.Core/Updater.cs

@@ -1,19 +1,19 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Net.Sockets;
-using System.Linq;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
 using System.Windows;
-using Flow.Launcher.Plugin.SharedCommands;
 using Flow.Launcher.Infrastructure;
 using Flow.Launcher.Infrastructure.Http;
 using Flow.Launcher.Infrastructure.UserSettings;
 using Flow.Launcher.Plugin;
+using Flow.Launcher.Plugin.SharedCommands;
 using JetBrains.Annotations;
 using Squirrel;
 
@@ -89,7 +89,7 @@
 
                 if (_api.ShowMsgBox(newVersionTips, _api.GetTranslation("update_flowlauncher_new_update"), MessageBoxButton.YesNo) == MessageBoxResult.Yes)
                 {
-                    UpdateManager.RestartApp(Constant.ApplicationFileName);
+                    _api.RestartApp();
                 }
             }
             catch (Exception e)
@@ -138,7 +138,7 @@
             var latest = releases.Where(r => !r.Prerelease).OrderByDescending(r => r.PublishedAt).First();
             var latestUrl = latest.HtmlUrl.Replace("/tag/", "/download/");
 
             var client = new WebClient
             {
                 Proxy = Http.WebProxy
             };

Flow.Launcher.Infrastructure/NativeMethods.txt

@@ -66,3 +66,18 @@
 SHParseDisplayName
 SHOpenFolderAndSelectItems
 CoTaskMemFree
+
+OpenProcessToken
+GetCurrentProcess
+LookupPrivilegeValue
+SE_INCREASE_QUOTA_NAME
+CloseHandle
+TOKEN_PRIVILEGES
+AdjustTokenPrivileges
+GetShellWindow
+GetWindowThreadProcessId
+OpenProcess
+GetProcessId
+DuplicateTokenEx
+CreateProcessWithTokenW
+STARTUPINFO

Flow.Launcher.Infrastructure/UserSettings/Settings.cs

@@ -383,6 +383,8 @@ public bool HideNotifyIcon
         public bool LeaveCmdOpen { get; set; }
         public bool HideWhenDeactivated { get; set; } = true;
 
+        public bool AlwaysRunAsAdministrator { get; set; } = false;
+
         private bool _showAtTopmost = true;
         public bool ShowAtTopmost
         {

Flow.Launcher.Infrastructure/Win32Helper.cs

@@ -6,6 +6,7 @@
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
+using System.Security.Principal;
 using System.Threading;
 using System.Threading.Tasks;
 using System.Windows;
@@ -17,6 +18,8 @@
 using Windows.Win32;
 using Windows.Win32.Foundation;
 using Windows.Win32.Graphics.Dwm;
+using Windows.Win32.Security;
+using Windows.Win32.System.Threading;
 using Windows.Win32.UI.Input.KeyboardAndMouse;
 using Windows.Win32.UI.Shell.Common;
 using Windows.Win32.UI.WindowsAndMessaging;
@@ -791,5 +794,155 @@ public static unsafe void OpenFolderAndSelectFile(string filePath)
         }
 
         #endregion
+
+        #region Administrator Mode
+
+        public static bool IsAdministrator()
+        {
+            using var identity = WindowsIdentity.GetCurrent();
+            var principal = new WindowsPrincipal(identity);
+            return principal.IsInRole(WindowsBuiltInRole.Administrator);
+        }
+
+        /// <summary>
+        /// Inspired by <see href="https://github.com/jay/RunAsDesktopUser">
+        /// Document: <see href="https://learn.microsoft.com/en-us/archive/blogs/aaron_margosis/faq-how-do-i-start-a-program-as-the-desktop-user-from-an-elevated-app">
+        /// </summary>
+        public static unsafe bool RunAsDesktopUser(string app, string currentDir, string cmdLine, out string errorInfo)
+        {
+            STARTUPINFOW si = new();
+            PROCESS_INFORMATION pi = new();
+            errorInfo = string.Empty;
+            HANDLE hShellProcess = HANDLE.Null, hShellProcessToken = HANDLE.Null, hPrimaryToken = HANDLE.Null;
+            HWND hwnd;
+            uint dwPID;
+
+            // 1. Enable the SeIncreaseQuotaPrivilege in your current token
+            if (!PInvoke.OpenProcessToken(PInvoke.GetCurrentProcess_SafeHandle(), TOKEN_ACCESS_MASK.TOKEN_ADJUST_PRIVILEGES, out var hProcessToken))
+            {
+                errorInfo = $"OpenProcessToken failed: {Marshal.GetLastWin32Error()}";
+                return false;
+            }
+
+            if (!PInvoke.LookupPrivilegeValue(null, PInvoke.SE_INCREASE_QUOTA_NAME, out var luid))
+            {
+                errorInfo = $"LookupPrivilegeValue failed: {Marshal.GetLastWin32Error()}";
+                hProcessToken.Dispose();
+                return false;
+            }
+
+            var tp = new TOKEN_PRIVILEGES
+            {
+                PrivilegeCount = 1,
+                Privileges = new()
+                {
+                    e0 = new LUID_AND_ATTRIBUTES
+                    {
+                        Luid = luid,
+                        Attributes = TOKEN_PRIVILEGES_ATTRIBUTES.SE_PRIVILEGE_ENABLED
+                    }
+                }
+            };
+
+            PInvoke.AdjustTokenPrivileges(hProcessToken, false, &tp, 0, null, null);
+            var lastError = Marshal.GetLastWin32Error();
+            hProcessToken.Dispose();
+
+            if (lastError != 0)
+            {
+                errorInfo = $"AdjustTokenPrivileges failed: {lastError}";
+                return false;
+            }
+
+retry:
+            // 2. Get an HWND representing the desktop shell 
+            hwnd = PInvoke.GetShellWindow();
+            if (hwnd == HWND.Null)
+            {
+                errorInfo = "No desktop shell is present.";
+                return false;
+            }
+
+            // 3. Get the Process ID (PID) of the process associated with that window
+            _ = PInvoke.GetWindowThreadProcessId(hwnd, &dwPID);
+            if (dwPID == 0)
+            {
+                errorInfo = "Unable to get PID of desktop shell.";
+                return false;
+            }
+
+            // 4. Open that process
+            hShellProcess = PInvoke.OpenProcess(PROCESS_ACCESS_RIGHTS.PROCESS_QUERY_INFORMATION, false, dwPID);
+            if (hShellProcess == IntPtr.Zero)
+            {
+                errorInfo = $"Can't open desktop shell process: {Marshal.GetLastWin32Error()}";
+                return false;
+            }
+
+            if (hwnd != PInvoke.GetShellWindow())
+            {
+                PInvoke.CloseHandle(hShellProcess);
+                goto retry;
+            }
+
+            _ = PInvoke.GetWindowThreadProcessId(hwnd, &dwPID);
+            if (dwPID != PInvoke.GetProcessId(hShellProcess))
+            {
+                PInvoke.CloseHandle(hShellProcess);
+                goto retry;
+            }
+
+            // 5. Get the access token from that process
+            if (!PInvoke.OpenProcessToken(hShellProcess, TOKEN_ACCESS_MASK.TOKEN_DUPLICATE, &hShellProcessToken))
+            {
+                errorInfo = $"Can't get process token of desktop shell: {Marshal.GetLastWin32Error()}";
+                goto cleanup;
+            }
+
+            // 6. Make a primary token with that token
+            var tokenRights = TOKEN_ACCESS_MASK.TOKEN_QUERY | TOKEN_ACCESS_MASK.TOKEN_ASSIGN_PRIMARY |
+                TOKEN_ACCESS_MASK.TOKEN_DUPLICATE | TOKEN_ACCESS_MASK.TOKEN_ADJUST_DEFAULT |
+                TOKEN_ACCESS_MASK.TOKEN_ADJUST_SESSIONID;
+            if (!PInvoke.DuplicateTokenEx(hShellProcessToken, tokenRights, null, SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, TOKEN_TYPE.TokenPrimary, &hPrimaryToken))
+            {
+                errorInfo = $"Can't get primary token: {Marshal.GetLastWin32Error()}";
+                goto cleanup;
+            }
+
+            // 7. Start the new process with that primary token
+            fixed (char* appPtr = app)
+            fixed (char* cmdLinePtr = cmdLine)
+            fixed (char* currentDirPtr = currentDir)
+            {
+                if (!PInvoke.CreateProcessWithToken(hPrimaryToken,
+                    0,
+                    appPtr,
+                    cmdLinePtr,
+                    0,
+                    null,
+                    currentDirPtr,
+                    &si,
+                    &pi))
+                {
+                    errorInfo = $"CreateProcessWithTokenW failed: {Marshal.GetLastWin32Error()}";
+                    goto cleanup;
+                }
+            }
+
+            if (pi.hProcess != HANDLE.Null) PInvoke.CloseHandle(pi.hProcess);
+            if (pi.hThread != HANDLE.Null) PInvoke.CloseHandle(pi.hThread);
+            if (hShellProcessToken != HANDLE.Null) PInvoke.CloseHandle(hShellProcessToken);
+            if (hPrimaryToken != HANDLE.Null) PInvoke.CloseHandle(hPrimaryToken);
+            if (hShellProcess != HANDLE.Null) PInvoke.CloseHandle(hShellProcess);
+            return true;
+
+cleanup:
+            if (hShellProcessToken != HANDLE.Null) PInvoke.CloseHandle(hShellProcessToken);
+            if (hPrimaryToken != HANDLE.Null) PInvoke.CloseHandle(hPrimaryToken);
+            if (hShellProcess != HANDLE.Null) PInvoke.CloseHandle(hShellProcess);
+            return false;
+        }
+
+        #endregion
     }
 }

Flow.Launcher.Plugin/Interfaces/IPublicAPI.cs

@@ -580,5 +580,33 @@ public interface IPublicAPI
         /// </summary>
         /// <returns>The time taken to execute the method in milliseconds</returns>
         public Task<long> StopwatchLogInfoAsync(string className, string message, Func<Task> action, [CallerMemberName] string methodName = "");
+
+        /// <summary>
+        /// Start a process with the given file path and arguments
+        /// </summary>
+        /// <remarks>
+        /// It can help to start a deelevated process when Flow is running as administrator.
+        /// </remarks>
+        /// <param name="filePath">Absolute file path. It can be an executable file or a script file</param>
+        /// <param name="workingDirectory">Working directory. If not specified, the current directory will be used</param>
+        /// <param name="arguments">Optional arguments to pass to the process. If not specified, no arguments will be passed</param>
+        /// <param name="runAsAdmin">Whether to run the process as administrator</param>
+        /// <returns>Whether process is started successfully</returns>
+        public bool StartProcess(string filePath, string workingDirectory = "", string arguments = "", bool runAsAdmin = false);
+
+        /// <summary>
+        /// Displays a User Account Control (UAC) dialog to request elevated permissions for the specified application.
+        /// </summary>
+        /// <remarks>
+        /// If Flow is running under administrator mode, executing elevated actions will not trigger UAC dialog.
+        /// So this method is used to manually show the UAC dialog when needed.
+        /// </remarks>
+        /// <param name="iconPath">The file path to the icon that will be displayed in the dialog. Must be a valid path to an image file.</param>
+        /// <param name="appName">The name of the application requesting elevation. This will be displayed in the dialog.</param>
+        /// <param name="fullPath">The full file path of the executable requesting elevation. This is shown to the user for verification.</param>
+        /// <returns>A <see cref="MessageBoxResult"/> indicating the user's response to the dialog. Possible values include
+        /// <see cref="MessageBoxResult.Yes"/> if the user grants permission,
+        /// or <see cref="MessageBoxResult.No"/> if the user denies permission.</returns>
+        public MessageBoxResult ShowUACDialog(string iconPath, string appName, string fullPath);
     }
 }

Flow.Launcher/App.xaml.cs

@@ -1,5 +1,7 @@
 using System;
 using System.Diagnostics;
+using System.IO;
+using System.Reflection;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
@@ -24,6 +26,7 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.VisualStudio.Threading;
+using Squirrel;
 
 namespace Flow.Launcher
 {
@@ -238,12 +241,23 @@ private void AutoStartup()
             {
                 try
                 {
-                    Helper.AutoStartup.CheckIsEnabled(_settings.UseLogonTaskForStartup);
+                    Helper.AutoStartup.CheckIsEnabled(_settings.UseLogonTaskForStartup, _settings.AlwaysRunAsAdministrator);
+                }
+                catch (UnauthorizedAccessException)
+                {
+                    // If it fails for permission, we need to ask the user to restart as administrator
+                    if (API.ShowMsgBox(
+                        API.GetTranslation("runAsAdministratorChangeAndRestart"),
+                        API.GetTranslation("runAsAdministratorChange"),
+                        MessageBoxButton.YesNo) == MessageBoxResult.Yes)
+                    {
+                        RestartAppAsAdministrator();
+                    }
                 }
                 catch (Exception e)
                 {
-                    // but if it fails (permissions, etc) then don't keep retrying
-                    // this also gives the user a visual indication in the Settings widget
+                    // But if it fails for other reasons then do not keep retrying,
+                    // set startup to false to give users a visual indication in the general page
                     _settings.StartFlowLauncherOnSystemStartup = false;
                     API.ShowMsg(API.GetTranslation("setAutoStartFailed"), e.Message);
                 }
@@ -321,6 +335,63 @@ private static void RegisterTaskSchedulerUnhandledException()
 
         #endregion
 
+        #region Restart
+
+        /// <summary>
+        /// Restart the application without changing the user privileges.
+        /// </summary>
+        public static void RestartApp(bool forceAdmin = false)
+        {
+            if (Win32Helper.IsAdministrator() || forceAdmin)
+            {
+                RestartAppAsAdministrator();
+            }
+            else
+            {
+                // Restart requires Squirrel's Update.exe to be present in the parent folder, 
+                // it is only published from the project's release pipeline. When debugging without it,
+                // the project may not restart or just terminates. This is expected.
+                UpdateManager.RestartApp(Constant.ApplicationFileName);
+            }
+        }
+
+        // Since Squirrel does not provide a way to restart the app as administrator,
+        // we need to do it manually by starting the update.exe with the runas verb
+        private static void RestartAppAsAdministrator()
+        {
+            var startInfo = new ProcessStartInfo
+            {
+                FileName = getUpdateExe(),
+                Arguments = $"--processStartAndWait {Constant.ExecutablePath}",
+                UseShellExecute = true,
+                Verb = "runas",
+            };
+            Process.Start(startInfo);
+            Thread.Sleep(500);
+            Environment.Exit(0);
+
+            // Local function
+            static string getUpdateExe()
+            {
+                Assembly entryAssembly = Assembly.GetEntryAssembly();
+                if (entryAssembly != null && Path.GetFileName(entryAssembly.Location).Equals("update.exe", StringComparison.OrdinalIgnoreCase) && entryAssembly.Location.IndexOf("app-", StringComparison.OrdinalIgnoreCase) == -1 && entryAssembly.Location.IndexOf("SquirrelTemp", StringComparison.OrdinalIgnoreCase) == -1)
+                {
+                    return Path.GetFullPath(entryAssembly.Location);
+                }
+
+                entryAssembly = Assembly.GetEntryAssembly() ?? Assembly.GetExecutingAssembly();
+                FileInfo fileInfo = new FileInfo(Path.Combine(Path.GetDirectoryName(entryAssembly.Location), "..\\Update.exe"));
+                if (!fileInfo.Exists)
+                {
+                    throw new Exception("Update.exe not found, not a Squirrel-installed app?");
+                }
+
+                return fileInfo.FullName;
+            }
+        }
+
+        #endregion
+
         #region IDisposable
 
         protected virtual void Dispose(bool disposing)