UIforETW's UI should run as a normal user

[randomascii]

UIforETW needs administrator privileges in order to record ETW traces, but currently this means that lots of other things end up running as administrator. For instance, WPA is launched as administrator, trace compression runs as admin, scripts such as identify chrome processes (auto-run if you have Chrome Developer checked), and any future trace processing that is invoked from UIforETW also runs as admin. This is... not ideal.

A better design would be for UIforETW to run as non-admin but immediately launch an admin-required helper process. UIforETW would talk to the child process through IPC whenever tracing needs to be started or stopped. The IPC mechanism would have to be simple (to avoid bugs) and limited (so that the child process couldn't be used to launch arbitrary commands).

I would like to add more options for trace processing, including using the new C# ETW tracing API (https://blogs.windows.com/windowsdeveloper/2019/05/09/announcing-traceprocessor-preview-0-1-0/) and the more code that can be launched from UIforETW the more important it is for it to run as a normal user.

PRs welcome.

[Trass3r]

Just wondering, wouldn't it be enough to run the xperf commands as elevated processes using ShellExecute: https://stackoverflow.com/a/4893508

[randomascii]

Recording an ETW trace requires running multiple commands elevated. If UIforETW is running non-elevated then each elevated command would require the user to confirm a UAC dialog or type in an admin password. That's not usable.

The idea behind the admin helper process is that it would ask for elevation once and would then run commands on behalf of UIforETW. This could be made secure by ensuring that it only runs commands coming from UIforETW and only running a restricted set of commands.