How will you prevent the UAC from popping up for my app?

Pages: 123
Hi all,
I want to elevate my app without UAC?
I DONT MEAN TO DISABLE IT.
I WANT IT NOT TO SHOW THE
DIALOG FOR MY APP!
I need to somehow inject into 'consent.exe' and tell that the user pressed 'yes'. How will I go about doing that?
Any help appreciated!
closed account (13bSLyTq)
Hi,

The problem here is you are asking "how" to do this blah blah blah....think about it it's the same procedure for injecting normally but export additional functions.
The usual trick that some applications uses is using a windows service or task scheduler. Both methods requires administrative privileges only once.

Adobe products, Google, Mozilla Firefox, etc uses the windows service trick.
@modoran: Thankyou for your reply, but I want to do this in user account...
@OrionMaster: I am asking what should I inject.
How will I do my task?
How will I tell 'consent.exe' that 'yes' is pressed?
Last edited on
closed account (13bSLyTq)
Hi,

You cannot really do that keeping in mind Windows NT kernel will elevate the process and all the injected thread will be removed and application will run from scratch but with elevated privileges.

Recently, in my blog I showed a "sneaky" trick to fake our program as being Trusted even though it is malicious:

http://codeempire.blogspot.co.uk/2013/10/hacking-social-engineering-using-uac.html

Maybe this is what you could use instead of injecting.
Last edited on
Hi,
This is the problem:
My program runs at startup and it self-elevates to administrator. So if everytime the user sees the UAC box on startup he will be very angry. I dont want that! What I want is the UAC should be QUIET for my application.
Hope you understand :D
I understand you for the first time and I already give you the solution, but as always you don't listen.

Your installer program installs the service as Local System once (it requires UAC popup) and the rest of your program.

After that, at each startup, your interactive program communicates to the service through some form of IPC (pipe, shared memory, etc) and the service spawns a new process using elevation by using CreateProcessAsUser and using winlogon.exe token.

No injection or use of undocumented ways is required and no UAC prompt for the user no more. If this is a legit program I don't see any problem with it.
Okay, thankyou modoran for your help!
BUT, check this app:
http://www.winability.com/tweak-uac/
It is called TweakUAC
It puts the UAC to quiet mode.
How does it do that?
Last edited on
closed account (13bSLyTq)
hmmm..aravind I'm sorry but this is basic for any Windows Programmer anyway.

Msconfig can edit UAC control level, it uses Windows Elevated registry places HKEY_lOCAL_MACHINE. This means we need elevated privileges in the first place to actually "tweak" the registry. Those who are not fmailiar with how to do this:
http://i.imgur.com/iT2NERN.png?

Sorry about few distracting elements but, as you may see it says we require elevation. Therefore, we need to either exploit UAC framework (Malware way) or get legitimate access (legal applications way). Then on we can carry on.

Once we gain elevated privileges we may move our file to System32 folder which is elevated folder this means we get administrative access every reboot even with HIGHEST level on UAC. However as you want to "tweak" User Account Control (UAC).

Next, we need to open registry location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Policies\System\EnableUAC

or


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

Then set the values to NULL (0) therefore disabling\suppressing UAC to "quite Mode" additionally, you can optionally set ConsentPromptBehaviorAdmin to NULL (0).

This is one method.

Anyway read this:
https://compilr.com/spyware/uac-bypass/HelloWorld.cpp

This is a exploit of UAC and this does not unlike many do complicated methods using undocument functions but rather using simple and straightforward Windows API functions.

Hope this helps.
Thankyou, very much for the link!
What it does is:
When the user requests any app to run as admin it will run our app, right?
But all I wanted to do was make the user happy...?
I need to tell windows:
"Hey, windows, why you want to show the consent for my app.Im safe!"...
BTW, What are those complicated exploits?
closed account (13bSLyTq)
Hi,

Nope, if you read the actual code properly you'll notice that it simply elevates all processes rather than running only his app.
As for the next statement, it is possible keeping in mind you either need a Device Driver placed and loaded which again requires UAC privileges but you can go the usermode (Ring3) layer trick:

- Get First time elevated privileges using UAC
- Then move the File over to System32 folder which basically starts up all files (executables) which lay in it as administrative privileges without UAC alert\popup.

I prefer the usermode layer trick as it is simpler and more or less has more compatibility rates unlike the device driver idea which requires different drivers for each Operating System you are targeting.

Hope this helps.
YEP!
I can schedule my task to run on
reboot using TaskScheduler Interface...!
And LOL IT RUNS AS SYSTEM!
Thankyou very much!
Last edited on
Can you give me some links?
of such sites?
closed account (13bSLyTq)
Hi,

I am sorry but spoonfeeding is not my method of helping people. My principles are strict:

"Give a man a fish, and you feed him for a day; show him how to catch fish, and you feed him for a lifetime."

I'm sorry, Google is there to help you need to search all the questions in almost all ways before you even think about posting here. Not to mention posting questions which can be easily found floating in internet will reduce your future credibility.
Okay, Im sorry!
Anyways I found out the way as i mentioned in my previous post!
NOW, The next question:
How will I block apps using c++???
I know a registry hack, but thats not reliable.
Because if malware changes its exe name it will run.
How will I block programs from running?
LIKE AV's Do!!! LOL!
closed account (13bSLyTq)
My Anti-Virus uses heuristics (Epsilon) to detect it look it up. It effective when developed correctly but else it is useless.
Okay, OrionMaster, lets get things straight, I need to learn inline hooking thru c++ NO ASSEMBLY, where can I start?
I cant find some reliable, resource.
Help?
closed account (13bSLyTq)
Hi,

To be honest you spend so much time on inline hooking but you do not understand it even a bit next you should adapt to the power (knowledge) not it adapting to your ways.
Thankyou very much!
That was very inspiring,
Merry Christmas, and a Happy New Year!

Please visit my thread in lounge:

http://www.cplusplus.com/forum/lounge/120577/

--- Aravind
Hi OrionMaster,
look at this link:
http://www.sinowal.com/UAC.cpp
It bypasses UAC?
How does, it do that?
Pages: 123