
ToDo
---------------------
* Eclipse (JAVA) and SuRuns IAT Hook conflict
* "*" at the end of a command means "anything from here matches"
* Switchable Easy/Expert Settings
* Configurable "Do not display messages" Option
* "Require user password for SuRun Setings" Option

To be done in future:
---------------------
* make context menu entries dynamically with ShellExt 
  (E.g.: msi with popup-menu)
* use MD5-Hash for "Always Yes" programs

Deferred Whishlist:
---------------------
* White list command line editor in "SuRun settings" with auto quotes
* "Cancel" count down progress bar/static
* Console SuRun support
* Connect Network drives for admin process: 
* Intercept "rundll32.exe newdev.dll,": 
    needs CredUI hack for XP/2k3; ok with 2k and Vista
    use "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File 
    Execution Options\Rundll32.exe",Debugger,C:\Windows\SuRun.exe /AUTORUN

------------------------------------------------------------------------------
SuRun Changes:
------------------------------------------------------------------------------

SuRun 1.1.0.6 refresh - 2008-05-26:
-----------------------------------
* Win64 "SuRun /SYSMEUHOOK" did not start SuRun32.bin (Mutex)
* Dutch language resources, thanks to Stephan Paternotte

SuRun 1.1.0.6 - 2008-04-29:
----------------------------
* SuRun asks, if a user tries to restart the Windows Shell.
* Removed "Administrators see SuRuns Setup Dialog on their desktop" feature for
  two reasons: 
  1. The Settings dialog for normal users sometimes came up behind the blurred 
     background window. 
  2. The settings dialog was not closed when an Administrator did log off.
* IAT-Hook is again off by default because of incompatibilities with self 
  checking software. (E.G. Access 2003 and Outlook 2003)
* Removed Blurred Desktop flicker

SuRun 1.1.0.5 - 2008-04-23:
----------------------------
* Administrators see SuRuns Setup Dialog on their desktop

SuRun 1.1.0.4 - 2008-04-11:
----------------------------
* FIX: (!!!) The "[Meaning: Explorer My Computer\Control Panel]" display
       screwed up the command line causing SuRun to not work in many cases!

SuRun 1.1.0.3 - 2008-04-11:
----------------------------
* NEW: "SuRuns Settings" appears in the control panels category view in
       "Performance and Maintenance"
* NEW: SuRun displays "[Meaning: Explorer My Computer\Control Panel]" for shell 
       names like "Explorer ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\
       ::{21EC2020-3AEA-1069-A2DD-08002B30309D}"
* NEW: SuRun can replace Windows "Run as..." in context menu
* NEW: Option to show a user status icon and balloon tips in the notification 
       area when the current application does not run as the logged on user
* NEW: SuRun warns non restricted SuRunners and Administrators after login if 
       any Administrators have empty passwords
* NEW: Blurred background screen fades in and out
* NEW: User file list rules: "never start automatically"/"never start elevated"
* NEW: User file list "Add" and "Edit" shows the rule flags in a dialog
* NEW: Initialise desktop background before and close it after SwitchDesktop
* NEW: "Apply" Button in SuRun Settings
* CHG: SuRuns IAT-Hook is turned ON by default
* CHG: If Admin credentials are required, SuRun does not include Domain Admin 
       accounts in the drop down list
* CHG: Double click in user list does "Edit" the command line
* FIX: Scenario: Restircted SuRunner, changed password, SuRun asks to autorun 
       a predefined app with elevated rights, User presses 'Cancel'. Then the
       app was flagged "never start automagically".
* FIX: SuRuns "Run as..." and Administrator authentication respect the 
       "Accounts: Limit local account use of blank passwords to console logon 
       only" group policy.
* FIX: When using Sandboxie and the IAT-Hook, starting a sandboxed program 
       took about four minutes. SuRun now sees a blocked communication with 
       the server and exits immediately.
* FIX: "'Explorer here' as admin" did not open the folder, when it had spaces 
       in the name
* FIX: A user who was not allowed to change SuRun settings, could start the
       control panel as admin and then change SuRuns settings.

SuRun 1.1.0.2 - 2008-03-19:
----------------------------
* In a domain SuRun could not be used without being logged in to the domain. 

SuRun 1.1.0.1 - 2008-03-11:
----------------------------
* The IShellExecuteHook did not work properly because SuRun did not initialise 
  to zero the static variables it uses.

SuRun 1.1.0.0 - 2008-03-10: (changes to SuRun 1.0.2.9)
----------------------------
* SuRuns start menu entries were removed. 'SuRun Settings' and 'Uninstall 
  SuRun' can be done from the control panel.
* SuRun Installation can be done from "InstallSuRun.exe". InstallSuRun contains
  both, the 32Bit and 64Bit version and automatically installs the correct 
  version for your OS.
  Installation/Update is Dialog based with options:
    * "Do not change SuRuns file associations" on Update
    * Run Setup after Install on first Install
    * Show "Set 'Administrators' instead of 'Object creator' as default owner 
      for objects created by administrators." when this was not set before.
  Uninstallation is Dialog based with options
    * Keep all SuRun Settings
    * Delete "SuRunners"
    * Make SuRunners Admins
* SuRun runs in a domain. It enumerates domain accounts for administrative 
  authorization and uses the local group "SuRunners" for local authorization.
* SuRun can be restricted on a per User basis:
  - Users can be denied to use "SuRun setup".
  - Users can be restricted to specific applications that are allowed to run 
    with elevated rights
  This enables to use SuRun in Parent/Children scenarios or in Companies where 
  real Administrators want to work with lowered rights.
* SuRun can intercept the execution of processes by hooking the Import Address 
  Table of Modules (experimental) and by implementing the IShellExecuteHook
  Interface (recommended).
  Each SuRunner can specify a list of programs that will automagically started
  with elevated rights.
  Additionally SuRun parses processes for Vista Manifests and file names.
  -All files with extension msi and msc and all files with extension exe, cmd, 
   lnk, com, pif, bat and a file name that contains install, setup or update 
   are suspected that they must be run with elevated rights.
  -All files with a Vista RT_MANIFEST resource containing <*trustInfo>->
   <*security>-><*requestedPrivileges>-><*requestedExecutionLevel 
   level="requireAdministrator"> are suspected that they must be run with 
   elevated rights.
  The SuRunner can specify to start a program from the List with elevated 
  rights without being asked. If that happens, SuRun can show a Message window 
  on screen that a program was launched with elevated rights.
* FIX: SuRun could be hooked by IAT-Hookers. CreateProcessWithLogonW could 
  be intercepted by an IAT-Hooker and the Credentials could be used to run an 
  administrative process. Now a clean SuRun is started by the Service with 
  "AppInit_Dlls" disabled to do a clean CreateProcessWithLogonW.
* When User is in SuRunners and Explorer runs as Admin, SuRun urges the user 
  to logoff before SuRun can be used.
* Choosing "Don't ask this question again for this program" and pressing 
  cancel causes SuRun to auto-cancel all future requests to run this program
  with elevated rights.
* Non 'SuRunners' will not see any of SuRuns Execution Hooks, System menu 
  ((Re)Start as Administrator) or shell context menu (Control panel/cmd/
  Explorer as Administrator) entries.
* New self made Control Panel Icon
* SuRun tries to locate the Application to be started. So "surun cmd" will
  make ask SuRun whether "C:\Windows\System32\cmd.exe" is allowed to run.
* SuRuns Shell integration can be customized.
* SuRun waits for max 3 minutes after the Windows start for the Service.
* New command line Option: /QUIET
* New Commands. If the User right-clicks on a folder background, two new Items,
  "'SuRun cmd' here" and "'SuRun Explorer' here" are shown.
* Added Context menu for Folders in Explorer (cmd/Explorer <here> as admin)
* "SuRun *.reg" now starts "%Windir%\Regedit.exe *.reg" as Admin
* Added "Start as Admin" for *.reg files
* SuRun is now hidden from the frequently used program list of the Start menu

SuRun 1.0.2.110 - 2008-03-10: (Beta)
----------------------------
* InstallSuRun was not compatible with older SuRun (<=1.0.3.0) versions
* LogonCurrentUser/CurrUserAck did not display User Picture
* Hooks use >84k less stack space
* Safe Desktop uses less stack and seems to be YZshadow tolerant now
* FireFox Install/Update does work now
* Second try for empty passwords. Logon sometimes fails on first try.

SuRun 1.0.2.109 - 2008-03-02: (Beta)
----------------------------
* New self made Control Panel Icon
* The MIDL compiler sometimes did not work when SuRuns IAT-Hook was enabled.
  Now the Exec-Hooks do not allocate memory (calloc) anymore and MIDL works.
* Installation/Update is Dialog based with options:
  * "Do not change SuRuns file associations" on Update
  * Run Setup after Install on first Install
  * Show "Set 'Administrators' instead of 'Object creator' as default owner 
    for objects created by administrators." when this was not set before.
* Uninstallation is Dialog based with options
  * Keep all SuRun Settings
  * Delete "SuRunners"
  * Make SuRunners Admins
* One Installation Container for all SuRun versions "InstallSuRun.exe"

SuRun 1.0.2.108 - 2008-02-24: (Beta)
----------------------------
* FIX: TrayWindow was not size limited
* FIX: FireFox Update did not work with ShellExec-Hook
* FIX: ResolveCommandLine failed with leading Spaces
* SuRun /SysmenuHook exits immediately if no IAT-Hook and no "(Re)Start as 
    Admin" System Menu hooks are used
* SuRun has no Start Menu entry anymore. 
  You can configure and uninstall SuRun from the Control Panel
* BeOrBecomeSuRunner uses different Strings (User/YOU) for Setup/Run

SuRun 1.0.2.107 - 2008-02-22: (Beta)
----------------------------
* SuRun optionally shows a tray window after elevated AutoRunning a process
* FIX: When uninstalling "Start as admin" for *.msc files was not removed
* Setup Dialog hides autorun icons if hooks are disabled
* Setup Dialog hides restriction icons if user is not restricted
* LoadLibrary("Shell32.dll") in WinMain() caused YZShadow to crash SuRun Setup
  When using YZShadow, you must manually add the following to YzShadow.ini:
    EXCLUSION_LIST_CLASSNAME=ScreenWndClass[TAB]#32770
    EXCLUSION_LIST_EXENAME=C:\WINDOWS\surun.exe[TAB]C:\WINDOWS\surun.exe
    ([TAB] means a TAB character (code 09))
* When restarting the SuRun Service all these Settings where set to defaults:
  * "Control Panel As Admin" on Desktop Menu
  * "Cmd here As Admin" on Folder Menu
  * "Explorer here As Admin" on Folder Menu
  * "Restart As Admin" in System-Menu
  * "Start As Admin" in System-Menu
  * Use IAT-Hook
  * Use Shellexec Hook

SuRun 1.0.2.106 - 2008-02-19: (Beta)
----------------------------
* When User is in SuRunners and Explorer runs as Admin, SuRun urges the user 
  to logoff before SuRun can be used.
* When finally uninstalling SuRun, SuRun asks if the SuRunners group should be 
  removed and if all "SuRunners" should become Administrators
* New Setup Options: 
  -what Hooks SuRun should use (ShellExec, IAT-Hook, none)
  -Admins will/not be asked to become SuRunner
  -No one will/not be asked to become SuRunner
  -New SuRunners can/cannot modify SuRun settings
  -New SuRunners are/not restricted to run predefined programs
* "Run as Admin" context menu for the "Control Panel" on "My Computer"
* When User selects to "Cancel", SuRun will not complain that the program 
  could not be run
* IShellExecute Hook is again implemented in SuRun
* "SuRun Settings" Control panel applet

SuRun 1.0.3.0 - 2008-02-15: BackPort Release (changes to SuRun 1.0.2.9)
---------------------------
Because of the vulnerability I ported some features of the current Beta back 
to the release version.
* FIX: SuRun could be hooked by IAT-Hookers. CreateProcessWithLogonW could 
  be intercepted by an IAT-Hooker and the Credentials could be used to run an 
  administrative process. Now a clean SuRun is started by the Service with 
  "AppInit_Dlls" disabled to do a clean CreateProcessWithLogonW.
* SuRun is now hidden from the frequently used program list of the Start menu
* SuRun tries to locate the Application to be started. So "surun cmd" will
  make ask SuRun whether "C:\Windows\System32\cmd.exe" is allowed to run.
* "SuRun *.reg" now starts "%Windir%\Regedit.exe *.reg" as Admin
* Added "Start as Admin" for *.reg files
* Fixed "SuRun %SystemRoot%\System32\control.exe" and
  "SuRun %SystemRoot%\System32\ncpa.cpl"
* fixed command line processing for "SuRun *.msi"

SuRun 1.0.2.105 - 2008-02-15: (Beta)
----------------------------
*FIX: The IAT-Hook could cause circular calls that lead to Stack overflow

SuRun 1.0.2.104 - 2008-02-15: (Beta)
----------------------------
* FIX: Vista does not set a Threads Desktop until it creates a Window.
  This caused a Deadlock because the SuRun client did show a Message Box on 
  the secure Desktop that it does not have access to.
* ShellExecuteHook was replaced by Import Address Table (IAT) Hooking
  WARNING: This is pretty experimental:
  SuRunExt.dll get loaded into all Processes that have a Window or are linked 
  to user32.dll. SuRun intercepts all calls to LoadLibrary, CreateProcess 
  and GetProcAddress. This ables SuRun to run predefined apps with elevated 
  rights and to check for manifests/setup programs more efficiently than with 
  a IShellExecute hook.
* FIX: SuRun could be hooked by IAT-Hookers. CreateProcessWithLogonW could 
  be intercepted by an IAT-Hooker and the Credentials could be used to run an 
  administrative process. Now a clean SuRun is started by the Service with 
  "AppInit_Dlls" disabled to do a clean CreateProcessWithLogonW.
* ShellExtension will be installed/removed with Service Start/Stop

SuRun 1.0.2.103 - 2008-01-21: (Beta)
----------------------------
* ShellExecute Hook and Shell Context menu are now disabled for non "SuRunners"
* The Acronis TrueImage (SwitchDesktop) fix was disabled in SuRun 1.0.2.102

SuRun 1.0.2.102 - 2008-01-20: (Beta)
----------------------------
* ShellExecute Hook and Shell Context menu are now disabled for Administrators
* SuRun now runs in Windows Vista :)) with UAC disabled
* SuRun now Enables/Disables IShellExecHook in Windows Vista
* "SuRun *.reg" now starts "%Windir%\Regedit.exe *.reg" as Admin
* Added "Start as Admin" for *.reg files

SuRun 1.0.2.101 - 2008-01-07: (Beta)
----------------------------
* Fixed "AutoRun" ShellExecuteHook. In an AutoRun.inf in K:\ win an [AutoRun] 
  entry of 'open=setup.exe /autorun' caused the wrong command line 
  'SuRun.exe "setup.exe /autorun" /K:\'
* The english String for <IDS_DELUSER> was missing.

SuRun 1.0.2.100 - 2008-01-07: (Beta)
----------------------------
* Fixed "SuRun %SystemRoot%\System32\control.exe" and
  "SuRun %SystemRoot%\System32\ncpa.cpl"
* Added ShellExecuteHook support for verbs "AutoRun" and "cplopen".
  So SuRun can now automatically start "*.cpl" files and AutoRun.INF entries 
  on removable media with elevated rights
* Choosing "Don't ask this question again for this program" and pressing 
  cancel causes SuRun to auto-cancel all future requests to run this program
  with elevated rights.

SuRun 1.0.2.99 - 2008-01-06: (Beta)
---------------------------
* Removed parsing for Vista Manifests with <*requestedExecutionLevel 
   level="highestAvailable">.

SuRun 1.0.2.98 - 2008-01-05: (Beta)
---------------------------
* SuRun is now hidden from the frequently used program list of the Start menu
* SuRuns file name pattern matching for files with SPACEs did not work.

SuRun 1.0.2.97 - 2008-01-04: (Beta)
---------------------------
* fixed command line processing for "SuRun *.msi"
* changed "'cmd <folder>' as administrator" and "'Explorer <folder>' as 
  administrator" to "'SuRun cmd' here" and "'SuRun Explorer' here"
* Administrators will not see any of SuRuns System menu or shell menu entries
* Added parsing for Vista Manifests and Executable file name pattern matching.
  -All files with extension msi and msc and all files with extension exe, cmd, 
   lnk, com, pif, bat and a file name that contains install, setup or update 
   are suspected that they must be run with elevated rights.
  -All files with a Vista RT_MANIFEST resource containing <*trustInfo>->
   <*security>-><*requestedPrivileges>-><*requestedExecutionLevel 
   level="requireAdministrator|highestAvailable"> are suspected that they must 
   be run with elevated rights.

SuRun 1.0.2.96 - 2007-12-23: (Beta)
---------------------------
* Setup User Interface improvements
* Speedups for Domain computers
* Simplification in the group membership check for SuRunners
* The "Is Client an Admin?" check is now done with the user token of the client 
  process and not with the group membership of the client user name
***Hopefully all speedups and simplifications did not cause security wholes***

SuRun 1.0.2.95 - 2007-12-09: (Beta)
---------------------------
* Acronis TrueImage (SwitchDesktop) caused the users files list control not to 
  be drawn.

SuRun 1.0.2.94 - 2007-12-09: (Beta)
---------------------------
* Context menu for Folders in Explorer (cmd/Explorer <here> as admin)
* When clicking the "Add..." user program button, *.lnk files are resolved to 
  their targets
* File Open/Save Dialogs now show all extensions in SuRun Setup.


SuRun 1.0.2.93 - 2007-12-07: (Beta)
---------------------------
* New Commands. If the User right-clicks on a folder background, two new Items,
  "'cmd <folder>' as administrator" and "'Explorer <folder>' as administrator"
  are shown.
* New command line Option: /QUIET
* New: SuRun runs in a domain. It enumerates domain accounts for administrative 
  authorization and uses the local group "SuRunners" for local authorization.
* SuRun waits for max 3 minutes after the Windows start for the Service.
* SuRun tries to locate the Application to be started. So "surun cmd" will
  make ask SuRun whether "C:\Windows\System32\cmd.exe" is allowed to run.
* Users can make Windows Explorer run specific Applications always with 
  elevated rights. (No "SuRun" command required.)
* SuRun can be restricted on a per User basis:
  - Users can be denied to use "SuRun setup".
  - Users can be restricted to specific applications that are allowed to run 
    with elevated rights
  This enables to use SuRun in Parent/Children scenarios or in Companies where 
  real Administrators want to work with lowered rights.
* SuRuns Shell integration can be customized.

SuRun 1.0.2.9 - 2007-11-17:
---------------------------
* SuRun now sets an ExitCode
* FIX: In Windows XP a domain name can have more than DNLEN(=15) characters.
    This caused GetProcessUsername() to fail and NetLocalGroupAddMembers() 
    to return "1: Invalid Function".
* Fixed a Bug in the LogonDialog that could cause an exception.

SuRun 1.0.2.8 - 2007-10-11:
---------------------------
* Added code to avoid Deadlock with AntiVir's RootKit detector "avipbb.sys" 
  that breaks OpenProcess()
* Added code to recover SuRuns Desktop when user processes call SwitchDesktop()
  "shedhlp.exe", part of Acronis True Image Home 11 calls SwitchDesktop() 
  periodically and so switches from SuRuns Desktop back to the users Desktop.

SuRun 1.0.2.7 - 2007-09-21:
---------------------------
* Fixed a Bug in the Sysmenuhook that caused "start as administrator" to
  fire multiple times.

SuRun 1.0.2.6 - 2007-09-20:
---------------------------
* SuRun - x64 Version added, the version number is the same because SuRun 
  has no new functions or bugfixes

SuRun 1.0.2.6 - 2007-09-14:
---------------------------
* With the Option "Store &Passwords (protected, encrypted)" disabled SuRun 
  did not start any Process...Thanks to A.H.Klein for reporting.

SuRun 1.0.2.5 - 2007-09-05:
---------------------------
* Empty user passwords did not work in an out of the box Windows. Users 
  were forced to use the policy editor to set "Accounts: Limit local 
  account use of blank passwords to console logon only" to "Disabled".
  Now SuRun temporarily sets this policy automatically to "Disabled" and 
  after starting the administrative process SuRun restores the policy.

SuRun 1.0.2.4 - 2007-08-31:
---------------------------
* SuRun has been translated to polish by sarmat, Thanks! :-)
* Microsoft Installer Patch Files (*.msp) can be started with elevated rights

SuRun 1.0.2.3 - 2007-08-18:
---------------------------
* SuRun now works with users that have an empty password

SuRun 1.0.2.2 - 2007-07-30:
---------------------------
* Added SuRun Version display to setup dialog caption

SuRun 1.0.2.1 - 2007-07-24:
---------------------------
* The way that SuRun checks a users group membership was changed
* "surun ncpa.cpl" did not work
* SuRun now reports detailed, why a user could not be added or removed to/from 
  a user group
* SuRun now assures that a "SuRunner" is NOT member of "Administrators"
* SuRun now checks that a user is member of "Administrators" or "SuRunners" 
  before launching setup
* SuRun now starts/resumes the "Secondary Logon" service automatically
* SuRun now complains if the windows shell is running as Administrator

SuRun 1.0.2.0 - 2007-05-29:
---------------------------
* SuRun Setup now contains new options:
   -Allow 'SuRunners' to set (and show) the system time
   -Allow 'SuRunners' to change 'Power Options' and select power schemes
   -Show Windows update notifications to all users
   -No auto-restart for scheduled Automatic Windows Update installations
   -Set 'Administrators' instead of 'Object creator' as default owner for 
    objects created by administrators
  The last option is pretty important!

SuRun 1.0.1.2 - 2007-05-16:
---------------------------
* Sven (http://speedproject.de) found a bug in the context menu extension for 
  the Desktop. The Entries for the sub menu "new" were not displayed when 
  SuRun was active.
* All calls GetWindowsDirectory were replaced with GetSystemWindowsDirectory 
  to make SuRun work with Windows 2003 Terminal Server Edition
* Control Panel and Control Panel Applets were not shown in Win2k, Win2k3.
  SuRun now sets the DWORD value "SeparateProcess" in the registry path
  "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" to 1 to
  let Explorer start a separate Process for the control panel. The main control 
  panel is now started with Explorer using the "Workspace\Control Panel" GUIDs.
  Control Panel Applets are now started with RunDLL32 instead of control.exe.

SuRun 1.0.1.1 - 2007-05-13:
---------------------------
* Sven (http://speedproject.de) fixed some typos and beautified the logon 
  dialogs, Thanks!

SuRun 1.0.1.0 - 2007-05-11:
---------------------------
* Added Whitelist for programs that are always run without asking
* When finally uninstalling SuRun the registry is cleaned
* Logon dialogs are resized only if the command line is too long
* Dialogs have a 40s Timeout to automatic "cancel"
* SuRun retries to open the service pipe for 3 minutes. This is useful, when a 
  user starts multiple apps in short intervals. (e.g. from the StartUp menu)

SuRun 1.0.0.1 - 2007-05-09:
---------------------------
* Fixed possible CreateRemoteThread() attack. Access for current user to 
  processes started by SuRun is now denied.

SuRun 1.0.0.0 - 2007-05-08:
---------------------------
* first public release

==============================================================================
                                 by Kay Bruns (c) 2007,08, http://kay-bruns.de
==============================================================================
