Allow UIA on Windows to make kanata work in elevated apps

[eugenesvk]

Is your feature request related to a problem? Please describe.

(on Windows) kanata doesn't work in elevated apps, e.g., in Task Manager if you invoke the Run new task command, your input isn't remapped

Describe the solution you'd like.

Kanata works everywhere so no user is surprised that his home row shift stopped working in some text field

Describe alternatives you've considered.

AutoHotkey works by having a special EnableUIAccess.ahk script that creates a local signing certificate and signs a binary with it, allowing that binary (only it's located in Program Files or some other protected folder) to work in elevated contexts.

Additional context

As far as I understand there are 3 steps required to make it work

• kanata.exe needs to embed a Windows manifest (the linked crate should be fine)
• kanata needs to be signed
  • don't know the general requirements since am using ↓
  • self-signing: could check EnableUIAccess.ahk to see how it uses self-signing certificates for that, though this would result in binaries only working on a specific user machine
• kanata needs to be placed in a "secure" folder (program files)

[jtroo]

Interesting!

https://crates.io/crates/embed-resource looks like a popular way to do this

[eugenesvk]

Oh, my edit via a plugin got disappeared by the confusing github multifield feature, so here is the ending: I've actually tried to add a dummy manifest with mt.exe -nologo -manifest ".../kanata.exe.manifest" -outputresource:C:/.../kanata.exe;#1", then I could sign the binary, but then launching this binary OSError: [WinError 740] The requested operation requires elevation.

At this point I'm not sure what's going on, AutoHotkey.exe doesn't require elevation to run, is it because kanata is a cli app, not a gui app?

dummy manifest

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"
 xmlns:asmv1="urn:schemas-microsoft-com:asm.v1"
 xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <assemblyIdentity version="1.0.0.0" name="kanata.exe" />
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
        <application>
        </application>
    </compatibility>
</asmv1:assembly>

also tried with field with various values (e.g., without requireAdministrator)

    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="requireAdministrator"
                 uiAccess="false" />
            </requestedPrivileges>
            <applicationRequestMinimum>
                <defaultAssemblyRequest permissionSetReference="Custom" />
                <PermissionSet class="System.Security.PermissionSet"
                 version="1" ID="Custom" SameSite="site" />
            </applicationRequestMinimum>
        </security>
    </trustInfo>

[eugenesvk]

Oh, it's a method of launching: launching Autohtokey from a terminal results in the same elevation required error, but double-click works, same for kanata!!! No it also accepts input in the Task manager

Not sure if a specific manifest matters here, guess Autohotkey rewrites it anyway

Though would be nice if kanata were capable of signing itself and placing the resulting binary in the Program files on installation, might check the code in EnableUIAccess.ahk to see how to do that