Run as admin mode

I was wondering, is it possible to add admin rights to a program?
for example I've made a program that should record video like other screen capture software, but unless I run it with "run as administrator" it doesn't work. also the program was supposed to copy the file created to desktop after it is done, which also doesn't work unless it's run in admin mode. Is there any way to fix that?
Hi,

It is impossible to make it elevate without permission but you can add a Administrator Manifest to the Executable. Or do a Inline Admin Permission Set:

Code:
Determination.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
BOOL IsRunAsAdministrator()
{
    BOOL fIsRunAsAdmin = FALSE;
    DWORD dwError = ERROR_SUCCESS;
    PSID pAdministratorsGroup = NULL;

    SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
    if (!AllocateAndInitializeSid(
        &NtAuthority, 
        2, 
        SECURITY_BUILTIN_DOMAIN_RID, 
        DOMAIN_ALIAS_RID_ADMINS, 
        0, 0, 0, 0, 0, 0, 
        &pAdministratorsGroup))
    {
        dwError = GetLastError();
        goto Cleanup;
    }

    if (!CheckTokenMembership(NULL, pAdministratorsGroup, &fIsRunAsAdmin))
    {
        dwError = GetLastError();
        goto Cleanup;
    }

Cleanup:

    if (pAdministratorsGroup)
    {
        FreeSid(pAdministratorsGroup);
        pAdministratorsGroup = NULL;
    }

    if (ERROR_SUCCESS != dwError)
    {
        throw dwError;
    }

    return fIsRunAsAdmin;
}

Elevation.cpp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#include <Windows.h>

BOOL IsRunAsAdministrator();
void ElevateNow()
{
	BOOL bAlreadyRunningAsAdministrator = FALSE;
	try
	{
		bAlreadyRunningAsAdministrator = IsRunAsAdministrator();
	}
	catch(...)
	{
	_asm nop
	}
	if(!bAlreadyRunningAsAdministrator)
	{
		char szPath[MAX_PATH];
		if (GetModuleFileName(NULL, szPath, ARRAYSIZE(szPath)))
		{
			
		
			SHELLEXECUTEINFO sei = { sizeof(sei) };
			
			sei.lpVerb = "runas";
			sei.lpFile = szPath;
			sei.hwnd = NULL;
			sei.nShow = SW_NORMAL;

			if (!ShellExecuteEx(&sei))
			{
				DWORD dwError = GetLastError();
				if (dwError == ERROR_CANCELLED)
			//Annoys you to Elevate it LOL
			CreateThread(0,0,(LPTHREAD_START_ROUTINE)ElevateNow,0,0,0);
	       	}
				}

			}
			else
			{
			///Code
			}
		}


Main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#include<windows.h>
BOOL IsRunAsAdministrator();
void ElevateNow();
//Beware Scary 
int main()
{
if(IsRunAsAdministrator())
		{
		}
		else
		{
			if(MessageBox(0,"Need To Elevate","Critical Disk Error",MB_SYSTEMMODAL|MB_ICONERROR|MB_YESNO) == IDYES)
			{
			ElevateNow();
			}
			else
			{
		MessageBox(0,"You Better give me Elevation or I will attack u","System Critical Error",MB_SYSTEMMODAL|MB_OK|MB_ICONERROR);
		ElevateNow();
		}
	}
return 0;
}


If you wish to get a Better Example use: http://code.msdn.microsoft.com/windowsdesktop/CppUACSelfElevation-5bfc52dd


If your Programming with\ in Ring0 you can do an self elevation to your Ring3 Appliction using Token Exchange or you can head over to: http://www.exploit-db.com/

Find a Elevation Exploit then use it of course you may need to translate the code to C\ C++. This is a very Crude method to do something as you are exploiting the Windows Kernel & Windows Operating System.

Some of your Anti-Virus may block this website and saying it is a security threat but I promise it is safe. It is only flagged because it is a Security Research Website and where also hackers tend to go.

It is up to you if you trust me or not.

Thanks,
Last edited on
thanks a lot, this realy helps!

oh and the part with assemby can be avoided.
Hi,

I am very happy that you found it useful!

I know that the assembly can avoided this was created for someone else on IRC. There would have been different code in Assembly there but I edited the code to give it to you. I missed few Assembly Codes to remove please forgive me.

Thanks
Topic archived. No new replies allowed.