PureBasic Forums - English

Posted: **Mon Dec 14, 2020 5:08 pm**

Hello everyone.

How can I launch any process in the Trusted Installer?
Let's take a standard console as an example (as target). I've seen codes on this forum many times to increase/improve the privileges for the current process. To get debugger-level privileges. This runs without error. Good. But what to do next? If I start console now, then cmd-process will not have 'System' specified. Yes, I have admin rights. I also know that this trick can be done using the task scheduler. But maybe someone knows another way? No services or third-party software like psexec, Advanced Run by Nirsoft etc.

Thank you.

Posted: **Wed Nov 23, 2022 3:38 am**

Sorry If I Kept You Waiting... This could be a start for you.
https://github.com/bgeraghty/cwc-TI-Bac ... in/main.pb

Posted: **Thu Nov 24, 2022 7:24 pm**

bgeraghty, thank you very much for your response.

It is interesting. As I expected, this is done using the task scheduler (via ps-script). I'll look at this in more detail a bit later.
Attention! powershell can take a long time to launch. At least when it starts for the first time.

Anyway, thanks again for sharing this.

Posted: **Fri Nov 25, 2022 4:20 pm**

Hi ZX80,

See Windows Services & Other Stuff\Other_Stuff\RunExeAsSYSTEM\REaS.pb.

1. Type cmd in the available field; hit the Enter key or press the Run button.
2. Type whoami /all in the Command Prompt window; hit the Enter key.

NB*: Added the option to include the rights associated with Truster Installer.

Posted: **Fri Nov 25, 2022 5:44 pm**

Until now I was using NSudo

But I will consider using your tool JHPJHP, it worked well

Code: Select all

C:\Windows\system32>whoami
autorite nt\système

Posted: **Fri Nov 25, 2022 6:38 pm**

To distinguish, if you running as Admin, System or TrustedInstaller.

Code: Select all

EnableExplicit

Import "advapi32.lib"
  CheckTokenMembership(a, b, c)
EndImport

Procedure GetAdminLevel()
  
  Protected bIsAdmin.l, bIsToken.l  
  Protected pSidAdministrator, pSidSystem, pSidTrustedInstaller
  Protected NtAuthority.SID_IDENTIFIER_AUTHORITY
  NtAuthority\Value[5]=5 ; SECURITY_NT_AUTHORITY
  
  AllocateAndInitializeSid_(@NtAuthority,
                            2,
                            #SECURITY_BUILTIN_DOMAIN_RID,
                            #DOMAIN_ALIAS_RID_ADMINS,
                            0,
                            0,
                            0,
                            0,
                            0,
                            0,
                            @pSidAdministrator)
    
  AllocateAndInitializeSid_(@NtAuthority,
                            1,
                            #SECURITY_LOCAL_SYSTEM_RID,
                            0,
                            0,
                            0,
                            0,
                            0,
                            0,
                            0,
                            @pSidSystem)
  
  
  #SECURITY_SERVICE_ID_RID_COUNT = 6
  #SECURITY_SERVICE_ID_BASE_RID = $50
  
  #SECURITY_TRUSTED_INSTALLER_RID1 = 956008885
  #SECURITY_TRUSTED_INSTALLER_RID2 = 3418522649
  #SECURITY_TRUSTED_INSTALLER_RID3 = 1831038044
  #SECURITY_TRUSTED_INSTALLER_RID4 = 1853292631
  #SECURITY_TRUSTED_INSTALLER_RID5 = 2271478464
  
  AllocateAndInitializeSid_(@NtAuthority,
                            #SECURITY_SERVICE_ID_RID_COUNT,
                            #SECURITY_SERVICE_ID_BASE_RID,
                            #SECURITY_TRUSTED_INSTALLER_RID1,
                            #SECURITY_TRUSTED_INSTALLER_RID2,
                            #SECURITY_TRUSTED_INSTALLER_RID3,
                            #SECURITY_TRUSTED_INSTALLER_RID4,
                            #SECURITY_TRUSTED_INSTALLER_RID5,
                            0,
                            0,
                            @pSidTrustedInstaller)
  
    
  CheckTokenMembership(#Null, pSidAdministrator, @bIsToken)
  If bIsToken : bIsAdmin = 1 : EndIf
  
  bIsToken = 0
  CheckTokenMembership(#Null, pSidSystem, @bIsToken)
  If bIsToken : bIsAdmin = 2 : EndIf
  
  bIsToken = 0
  CheckTokenMembership(#Null, pSidTrustedInstaller, @bIsToken)
  If bIsToken : bIsAdmin = 3 : EndIf
  
  ProcedureReturn bIsAdmin
    
EndProcedure



CompilerIf #PB_Compiler_IsMainFile
  Debug GetAdminLevel()
CompilerEndIf

Posted: **Fri Nov 25, 2022 8:01 pm**

http://purebasic.mybb.ru/viewtopic.php?id=939

Posted: **Fri Nov 25, 2022 8:29 pm**

fryquez wrote: Fri Nov 25, 2022 6:38 pm To distinguish, if you running as Admin, System or TrustedInstaller.

Thanks fryquez, good addition

It's all good with PB 6.0 C or ASM. Not a concern for me but just to let know, with PB 5.73, there is a Polink error: unresolved external symbol 'CheckTokenMembership'
I Understood with GetAdminLevel, NSudo gives access to TrustedInstaller in addition to System

Thanks AZJIO for the other code to run the application with system rights, to clean the registry or other needs

Posted: **Sat Nov 26, 2022 11:38 am**

Wow

An old theme revived !

To be honest, I didn't expect to see so many replies here. Thanks everyone.

ChrisR, see if it works for you.

Code: Select all

EnableExplicit

Prototype.i CheckTokenMembership(TokenHandle, pSidToCheck, pIsMember)
Global CheckTokenMembership.CheckTokenMembership

Prototype.i AllocateAndInitializeSid(pIdentifierAuthority, nSubAuthorityCount, dwSubAuthority0, dwSubAuthority1, dwSubAuthority2, dwSubAuthority3, dwSubAuthority4, dwSubAuthority5, dwSubAuthority6, dwSubAuthority7, pSid)
Global AllocateAndInitializeSid.AllocateAndInitializeSid

Prototype.i FreeSid(pSid)
Global FreeSid.FreeSid

Procedure GetAdminLevel()
  Protected dll
  Protected bIsAdmin.l, bIsToken.l
  Protected pSidAdministrator, pSidSystem, pSidTrustedInstaller
  Protected NtAuthority.SID_IDENTIFIER_AUTHORITY
  NtAuthority\Value[5]=5 ; SECURITY_NT_AUTHORITY
  
  dll=OpenLibrary(#PB_Any,"advapi32.dll")
	If dll
	  CheckTokenMembership = GetFunction(dll,"CheckTokenMembership")
	  If CheckTokenMembership
	    AllocateAndInitializeSid = GetFunction(dll, "AllocateAndInitializeSid")
	    If AllocateAndInitializeSid
	      FreeSid = GetFunction(dll, "FreeSid")
        If FreeSid
          AllocateAndInitializeSid(@NtAuthority,
                                   2,
                                   #SECURITY_BUILTIN_DOMAIN_RID,
                                   #DOMAIN_ALIAS_RID_ADMINS,
                                   0,
                                   0,
                                   0,
                                   0,
                                   0,
                                   0,
                                   @pSidAdministrator)
          
          AllocateAndInitializeSid(@NtAuthority,
                                    1,
                                    #SECURITY_LOCAL_SYSTEM_RID,
                                    0,
                                    0,
                                    0,
                                    0,
                                    0,
                                    0,
                                    0,
                                    @pSidSystem)
          
          #SECURITY_SERVICE_ID_RID_COUNT = 6
          #SECURITY_SERVICE_ID_BASE_RID = $50
          
          #SECURITY_TRUSTED_INSTALLER_RID1 = 956008885
          #SECURITY_TRUSTED_INSTALLER_RID2 = 3418522649
          #SECURITY_TRUSTED_INSTALLER_RID3 = 1831038044
          #SECURITY_TRUSTED_INSTALLER_RID4 = 1853292631
          #SECURITY_TRUSTED_INSTALLER_RID5 = 2271478464
          
          AllocateAndInitializeSid(@NtAuthority,
                                    #SECURITY_SERVICE_ID_RID_COUNT,
                                    #SECURITY_SERVICE_ID_BASE_RID,
                                    #SECURITY_TRUSTED_INSTALLER_RID1,
                                    #SECURITY_TRUSTED_INSTALLER_RID2,
                                    #SECURITY_TRUSTED_INSTALLER_RID3,
                                    #SECURITY_TRUSTED_INSTALLER_RID4,
                                    #SECURITY_TRUSTED_INSTALLER_RID5,
                                    0,
                                    0,
                                    @pSidTrustedInstaller)
          

          CheckTokenMembership(#Null, pSidAdministrator, @bIsToken)
          If bIsToken : bIsAdmin = 1 : EndIf
          
          bIsToken = 0
          CheckTokenMembership(#Null, pSidSystem, @bIsToken)
          If bIsToken : bIsAdmin = 2 : EndIf
          
          bIsToken = 0
          CheckTokenMembership(#Null, pSidTrustedInstaller, @bIsToken)
          If bIsToken : bIsAdmin = 3 : EndIf
          
          FreeSid(pSidAdministrator)
          FreeSid(pSidSystem)
          FreeSid(pSidTrustedInstaller)
        EndIf
      EndIf
    EndIf
	  CloseLibrary(dll)
	EndIf

  ProcedureReturn bIsAdmin
    
EndProcedure



CompilerIf #PB_Compiler_IsMainFile
  Debug GetAdminLevel()
CompilerEndIf

AZJIO, thank you.
I have already seen this code.

fryquez, thank you too.
It will be very helpful.

JHPJHP, thank you.
I really appreciate your contribution, but...
I used to be able to look at your work without any problems, including the source codes. But since some time it became impossible. I'm sorry.

P.S. Sorry, this popup is a bit confusing.
Anyway, thanks for not passing by this topic.

Posted: **Sat Nov 26, 2022 7:37 pm**

ZX80 wrote: Sat Nov 26, 2022 11:38 am ChrisR, see if it works for you.

Yes,it works fine with PB 5.73 and with the prototypes and GetFunction addition.
Advapi32.lib has been updated in PB 6.0 and the import is enough.

PureBasic Forums - English

runas...

runas...

Re: runas...

Re: runas...

Re: runas...

Re: runas...

Re: runas...

Re: runas...

Re: runas...

Re: runas...

Re: runas...