Win32 API, C#, MFC, etc. that might be 'UAC' issues.
-
I see most all the guidelines about modifying the application so it is standard user compatible, and conforms to running with the UAC enabled. However, as you might get some notes like don't write to HKEY_LCOAL_MACHINE, how would you go about statically analyzing your entire source code base to identify which API are UAC suspects? It seems the standard user analyzer is a black box tool - if oyu don't hit 100% code coverage, you might miss soemthing. I am looking for the 'sure' answer - statically analyzing the code. And I am looking for soemthing liek we used to have with the old Win32Api.Csv file - a listing of all the suspect API and function calls which could lead to UAC issues. For example, I am already aware to search for LogonUser, RegOpenKey, etc. but what about the file system API? Network API, etc? So, has anyone encountered such a tool or such a list of the functions?