[wix-users] Run Burn Boostrapper or the MBA Elevated

Huy Doan hdoan at vmware.com
Thu Jul 21 16:49:33 PDT 2016


Hi Rob,

Yes, I totally agree with you in this issue. That is why my last item in the list is "Apology to the Burn creators for not building installers using the best practice." This is just an experiment I came up with during my time trying to hack the current implementation of Burn. The reason why I posted this is because there are many people that have tried to find a solution for this issue.

For those who are not concerned about security, you could do this at your own risk. Otherwise, I strongly encourage taking Rob's advice and the Wix team's point of view in security.

Good luck to all.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Rob Mensching
Sent: Thursday, July 21, 2016 4:09 PM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Run Burn Boostrapper or the MBA Elevated

This re-opens you to the security vulnerability we worked so hard to close to WiX v3.10.2. I would never do this in production software.

_____________________________________________________________
 Short replies here. Complete answers over there: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.firegiant.com_&d=CwICAg&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=dIns6fQ--MkFJxuBFYmMeQ&m=30dd3kLYy_Jiuy0n933IH4PtKioK1D4p9TLucthovS0&s=HRkSW3JaPa95gDLX8hfQEpADbuG03f68hm4bw-1v7OI&e= 


-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Huy Doan
Sent: Wednesday, July 20, 2016 10:23 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Run Burn Boostrapper or the MBA Elevated

I found a solution for people who want to run their BAs elevated. I tested it myself and it worked for me. Here it is.

i)	You will need to download the ResourceHacker as others may suggest.
ii) 	In the same folder with the .wixproj, create a manifest file, let's say "setup.manifest."
iii)	Copy and paste this content to the manifest file. Make sure it has neither white spaces nor newline characters
	<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="setup.exe" version="1.0.0.0" processorArchitecture="x86" type="win32"></assemblyIdentity><description>WiX Toolset Bootstrapper</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><su
 pportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
iv)	In the Post-Build Event Command Line, copy this line:
	"C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe" -modify $(TargetPath),$(TargetPath),setup.manifest,24,1,1033
v)	Build it and see the result.
vi)	If you encounter error 9009, check all the file names, paths, etc.
vii)	Apology to the Burn creators for not building installers using the best practice.

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant https://urldefense.proofpoint.com/v2/url?u=http-3A__www.firegiant.com_&d=CwICAg&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=dIns6fQ--MkFJxuBFYmMeQ&m=30dd3kLYy_Jiuy0n933IH4PtKioK1D4p9TLucthovS0&s=HRkSW3JaPa95gDLX8hfQEpADbuG03f68hm4bw-1v7OI&e= 



More information about the wix-users mailing list