Exetools
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   Run as Trusted Installer context menu (https://forum.exetools.com/showthread.php?t=21113)

HarrySpoofer 10-11-2024 00:10
Run as Trusted Installer context menu
 
1 Attachment(s)
This a a context menu extension for MS-Windows which allows you to run any program as the "Trusted Installer" with more privileges than the Administrator or System.
You can use it to run Windows Explorer or `regedit.exe` ...or any other program.

INSTALLATION:
Run the attached install.bat file
... or copy the `RunAsTI.exe` to your `Windows\System32` directory and merge the `RunAsTI.reg` file into the Windows Registry.

BUILD:
Open the `RunAsTI.sln` file in Visual Studio 2019, right-click on the Solution 'RunAsTI' in the Solution Explorer and select "Build Solution".
A new `RunAsTI.exe` will be generated in the `x64\Release\` or `x64\Debug\` directory.

TO USE:
Right-click on any program in Windows Explorer and select "Run as Trusted Installer". You must be the Administrator in order to become the Trusted Installer.
You can see how it looks like on the following screenshot:
https://imgur.com/a/xOOO63t

Full source and the compiled .exe file are attached and at the link below:
https://gofile.io/d/QK20BZ

wx69wx2023 10-11-2024 09:23
thanks for share, the link is down (https://file.io/X2yKt7tgv93x)

sendersu 10-11-2024 15:36
@HarrySpoofer
thanks for nice piece of work!

If you don't mind I"d provide some small feedback:

1) I'd do case insensitive comparison inside the GetProcessIdByName() routine
-> if (pe.szExeFile == processName)

2) compiler is unhappy on setting signed int to unsided dword;
warning C4245: 'initializing': conversion from 'int' to 'DWORD', signed/unsigned mismatch

do you know if Windows has got some define for wrong pid values?
eg smth like INVALID_HANDLE_VALUE

3) be honest, did you leave an Easter Egg in one routine? :)

kudos!

Kerlingen 10-11-2024 16:39
The code is pretty much identical to the https://github.com/lilkui/runasti repository.

The only difference is that somebody refactored everything to camel case (e.g. "get_process_id_by_name(const string process_name)" becomes "GetProcessIdByName(wstring processName)").

The code in the repository already has some of the bugs fixed!

niculaita 10-11-2024 19:38
what about these https://mega.nz/file/S0h30aTa#ca0vJpwlP5qQZmyOcMmhiPrHEkZIpTdrlgmtPpZd4JQ ?

sendersu 10-11-2024 20:35
I"m having "NT AUTHORITY\SYSTEM"
instead of "Trusted Installer"

https://prnt.sc/7fjfqwv-P5GQ

is that expected?

HarrySpoofer 10-12-2024 02:55
Quote:
Originally Posted by sendersu (Post 131926)
@HarrySpoofer
thanks for nice piece of work!

If you don't mind I"d provide some small feedback:

1) I'd do case insensitive comparison inside the GetProcessIdByName() routine
-> if (pe.szExeFile == processName)

2) compiler is unhappy on setting signed int to unsided dword;
warning C4245: 'initializing': conversion from 'int' to 'DWORD', signed/unsigned mismatch

do you know if Windows has got some define for wrong pid values?
eg smth like INVALID_HANDLE_VALUE

3) be honest, did you leave an Easter Egg in one routine? :)

kudos!
Thank for the feedback.
I made the changes you suggested and updated the attachment and the link.

BTW: I did not put an Easter egg in it, I added new icons, though.

HarrySpoofer 10-12-2024 03:01
That is correct.

to verify that you have the `Trusted Installer` privileges, execute this at the command line:
Code:
whoami /groups
...and look for a membership in the `NT SERVICE\TrustedInstaller` group:

On my system the output looks like this:
Code:
C:\Profiles\Admin>whoami /groups

GROUP INFORMATION
-----------------

Group Name                            Type            SID                                                            Attributes
====================================== ================ ============================================================== ===============================================================
Mandatory Label\System Mandatory Level Label            S-1-16-16384
Everyone                              Well-known group S-1-1-0                                                        Mandatory group, Enabled by default, Enabled group
BUILTIN\Users                          Alias            S-1-5-32-545                                                  Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\SERVICE                  Well-known group S-1-5-6                                                        Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                          Well-known group S-1-2-1                                                        Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users      Well-known group S-1-5-11                                                      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization        Well-known group S-1-5-15                                                      Mandatory group, Enabled by default, Enabled group
NT SERVICE\TrustedInstaller            Well-known group S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 Enabled by default, Enabled group, Group owner
LOCAL                                  Well-known group S-1-2-0                                                        Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Administrators                Alias            S-1-5-32-544                                                  Mandatory group, Enabled by default, Enabled group
Quote:
Originally Posted by sendersu (Post 131929)
I"m having "NT AUTHORITY\SYSTEM"
instead of "Trusted Installer"

https://prnt.sc/7fjfqwv-P5GQ

is that expected?

sendersu 10-12-2024 03:44
Quote:
Originally Posted by HarrySpoofer (Post 131931)
Thank for the feedback.
I made the changes you suggested and updated the attachment and the link.

BTW: I did not put an Easter egg in it, I added new icons, though.

I was under impression this line is it -

>> wctomb_s(&mbCharLen, &buff[0], 42, wc);

sendersu 10-12-2024 04:09
one more question:
it is really require d to enable this priv lvl?

>EnablePrivilege(SE_DEBUG_NAME);

sendersu 10-12-2024 04:32
one more feedback:

is it OK to delegate memory zero-ing to compiler?

eg instead of calling WinAPI ZeroMemory()

just do

STARTUPINFOW startupInfo = { 0 };

HarrySpoofer 10-12-2024 05:22
Quote:
Originally Posted by sendersu (Post 131933)
I was under impression this line is it -
>> wctomb_s(&mbCharLen, &buff[0], 42, wc);
Well it is the answer to the ultimate question of life, the universe, and everything but I should have put MB_LEN_MAX in there.

Quote:
Originally Posted by sendersu (Post 131935)
one more feedback:
is it OK to delegate memory zero-ing to compiler?
Yes, it is a matter of habit

Quote:
Originally Posted by sendersu (Post 131934)
one more question:
it is really require d to enable this priv lvl?
>EnablePrivilege(SE_DEBUG_NAME);
Yes, this is the reason why you need to be an `Administrator` to become the `Trusted Installer`

sendersu 10-12-2024 17:35
I"ve ran the PVS Tool against the tool,
I"d like to note -very well done!

some minor suggestions: https://prnt.sc/vQpQVeHUiyV0

eg:
DWORD GetProcessIdByName(wstring processName)
->
DWORD GetProcessIdByName(const wstring& processName)

and similar ones

2) there are some potential set of handle leaks (not closed)

3) I've commented out this enablement:
//EnablePrivilege(SE_DEBUG_NAME);
and the tool still works?!

4) imagine that some end user is having localized Windows OS, eg chinese or japanese or some arabic, etc
how about supporting these users as well?

IMHO in this case the routine
std::string GetLastErrorAsString()

need to be unicode (wide string) aware

niculaita 10-13-2024 13:34
Quote:
Originally Posted by sendersu (Post 131937)
I"ve ran the PVS Tool against the tool,
I"d like to note -very well done!

some minor suggestions: https://prnt.sc/vQpQVeHUiyV0

eg:
DWORD GetProcessIdByName(wstring processName)
->
DWORD GetProcessIdByName(const wstring& processName)

and similar ones

2) there are some potential set of handle leaks (not closed)

3) I've commented out this enablement:
//EnablePrivilege(SE_DEBUG_NAME);
and the tool still works?!

4) imagine that some end user is having localized Windows OS, eg chinese or japanese or some arabic, etc
how about supporting these users as well?

IMHO in this case the routine
std::string GetLastErrorAsString()

need to be unicode (wide string) aware
please post upload your compilation cause first one does not work well on my pc with win 11 pro 23h2

sendersu 10-13-2024 19:02
what is the issue you are observing?
I"ve tested the tool on both Win7 & Win11 (24H2), no issues seen so far so good.
https://ibb.co/w6MdnDt

my updates are included over here https://workupload.com/file/dyMPqZYgZqM

fixed handles leak,
introduced one macro that simplifies reading of the code (IMHO) :)

PS the only thing left that I thinking about - support of std::wstring for exceptions throwing, but it turned out std::exception does not like wstring, so not that easy


All times are GMT +8. The time now is 22:42.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX