Results 1 to 4 of 4

Thread: Running application with admin privileges

  1. #1
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default Running application with admin privileges

    Running into a bit of a problem, if someone can help me out.

    Here is the problem.

    When I run TeamViewer to help a user remotely, it works great aside from 1 thing. It doesn't allow me to run stuff as an admin. After reading support about the product, it's because when the user runs the application remotely, they aren't local admins, so it runs the application in a secured mode so it also prevents the helper to perform administrative tasks and run as admin.

    Solution: Run TeamViewer as admin.
    Problem: How do you let the user do this without giving away the password?

    I created an app that uses lsencrypt.exe to encrypt a password and then uses an app called "lsrunas.exe" to run another application with the run as command and higher privileges. Here is the main section of my code.

    Code:
    #define process "TeamViewer_.exe"
    
    int _tmain(int argc, _TCHAR* argv[])
    {
        //Hide this console window
        //FreeConsole();
    
    
        //Define our variables
        //You can change this as you need
    
    
        //Get Computer Name
        char name[100];
        DWORD length=100;
        GetComputerName((LPSTR)name, &length);
    
    
        char appParm[250];
        char *application = "TeamViewer.exe"; //<--- This is the path to the application you want to run with escalated privelages 
        
        //This is the local admin
        char *user = "admin";
        char *password = "h&gYrvas%uihsqw*S"; //<-- Local admin password encrypted
        char *domain = name; //<-- This is the workstation name
        char *runPath = "C:\\";
        char *pathTolsrunaseFilename = "lsrunase.exe";
    
    
        //*** Don't make changes below this unless you know what you're doing ***
    
    
        //Store our parameter variable
        sprintf_s(appParm, "/User:%s /Password:%s /domain:%s /command:%s /Runpath:%s", user, password, domain, application, runPath);
    
    
        //Run the application we want with escalated privelages
        ShellExecute(NULL, (LPCSTR)"open", TEXT(pathTolsrunaseFilename), appParm, NULL, SW_HIDE);
    
    
        //Wait 3 seconds to make sure the application is launched
        Sleep(3000);
    
    
        //Need to work on this further to get this part working
        /*
        if(!ShellExecute(NULL, (LPCSTR)"open", TEXT(pathTolsrunaseFilename), appParm, NULL, SW_HIDE))
        {
            //If it errors, let us know
            MessageBox(0, "Couldn't run the application.\nMake sure that the path is correct!", "ERROR", MB_ICONWARNING);
        }
        */
    
    
        //Get Parent Handle of Application
        unsigned long dwPID1 = GetProcessId( process );
    
    
        if(setDebug()) 
        {
            HANDLE hProcess = OpenProcess(PROCESS_VM_READ|PROCESS_VM_OPERATION, FALSE, dwPID1);
            if(!hProcess) 
            {
                cout << GetLastError() << endl;
                MessageBox(NULL, "Program Window not found", "error", MB_OK);
                return 0;
            }
    
    
            while(hProcess)
            {
                EnumWindows((WNDENUMPROC)WindowHandle, (LPARAM)dwPID1);
            }
    
    
            CloseHandle(hProcess);
        }
    
    
        system("Pause");
    
    
        return 0;
    }
    The red text is where it goes, and I'm not sure why it's not able to get the process handle. I printed the dwPID1 and process info, and this is all correct. I also tried OpenProcess with Process_All_Access, and it still fails. The error that it returns is 5 which is "ACCESS DENIED".

    I'm not sure why I'm getting this. The application starts teamviewer fine with the shellexecute() function, but then I can't get a handle to it. Any ideas???

    BTW, as far as the code is concerned, I've tried this on another application and it works fine, so I'm not sure if it's just for Teamviewer or what. Any thoughts?

    PS: Both computers run Win 7 Professional x64

  2. #2

    Default

    I don't find ShellExecute reliable. I suggest you to use CreateProcess instead, as it directly returns an handle to the process.

    PHP Code:
    STARTUPINFO si;
    PROCESS_INFORMATION pi;

    memset(&si0sizeof(si));
    memset(&pi0sizeof(pi));

    si.cb sizeof(si);

    CreateProcess(NULL,
    process,
    NULL,
    NULL,
    FALSE,
    0,
    NULL,
    NULL,
    &
    si,
    &
    pi);

    // Then the handle is stored inside pi.hProcess ;) 

  3. #3
    Browse MOHAA Servers Post GameSpy Era

    VISIT MOHREBORN.COM FOR LATEST INFORMATION



    Medal of Honor: Game Server Browser Fixer - Patches your MOHAA, MOHSH, and MOHBT game binaries to allow you to retrieve a list of game servers within the multi-player menu in-game even after GameSpy ceases operation!

    Medal of Honor: Query Launcher - Find, browse, organize, join, get your ping, and get more information regarding all Medal of Honor (AA, SH, & BT) servers from your PC at any time!
    Medal of Honor: Web Server Master List - Find and browse all Medal of Honor servers online using your browser!
    Add your Medal of Honor Server to the Master List
    YouTube Video for Medal of Honor: Query Launcher and MOHAASERVERS.TK!



    MOHAA Mods and Utilities
    OwN-3m-All's Mods
    Make Me Stock - A program that allows you to easily move-in and move-out non-stock mods and other files at the click of a button. Automates adding / removing mods without having to copy / move files manually.



    Quality Game Servers

    Rent dedicated Dallas Texas, Kansas City, Las Vegas Nevada, Chicago, Pennsylvania, and Sofia Bulgaria MOHAA and other game servers from We Be HostiN starting at $10 a month.


  4. #4
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    @Leyok, that was helpful and it worked, but I'm stuck now again. Everything is automated up to the EULA screen, but somehow when I automate the EULA by using bm_setcheck to select the agree, it doesn't activate the next button to continue. It only works if I physically click it. WTF?? lol..

    @own3mall, thank you I will give that a shot, I just enjoy trying things out for myself (learning experience you know. :-P)

    Here is my source code

    Code:
    //These includes are for the main application
    #include "stdafx.h"
    #include <windows.h>
    
    
    //These includes are for the automation of the TeamViewer Window used to automate all clicks
    #include <stdio.h>
    #include <stdlib.h>
    #include <commctrl.h>
    #include <iostream>
    #include <tlhelp32.h>
    
    
    //Global variables for the Automation
    #define process "TeamViewer.exe"
    #define runButton "Run"
    #define nextButton "&Next >"
    #define eula "I &accept the terms of the License Agreement"
    
    
    #define MAXTEXTLEN 100
    
    
    using namespace std;
    
    
    bool runChecked = false;
    
    
    TCHAR winname1[MAX_PATH];
    TCHAR winname2[MAX_PATH];
    
    
    //----------------------------------------------------------------------------------------
    
    
    unsigned long GetProcessId( char* pszProcessName )
    {
        unsigned long dwResult = 0;
    
    
        HANDLE hSnapshot = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, 0 );
        if ( hSnapshot )
        {
            PROCESSENTRY32 processEntry = { sizeof( PROCESSENTRY32 ) };
            if ( Process32First( hSnapshot, &processEntry ) )
            {
                do
                {
                    if ( strcmp( processEntry.szExeFile, pszProcessName ) == 0 ) 
                    {
                        dwResult = processEntry.th32ProcessID;
                        break;
                    }
                }
                while ( Process32Next( hSnapshot, &processEntry ) );
            }
    
    
            if ( hSnapshot )
            {
                CloseHandle( hSnapshot );
                hSnapshot = NULL;
            }
        }
    
    
        return dwResult;
    }
    
    
    BOOL CALLBACK EnumChildProc(HWND hwnd, LPARAM lParam) 
    {
    	char szBuff[512];
    	HWND ret = GetAncestor(hwnd, GA_ROOTOWNER);
    
    
    	//SendMessage(hwnd, WM_GETTEXT, sizeof(winname1), (LPARAM)winname1);
    	//This gets the Window Name
    	SendMessage(ret, WM_GETTEXT, sizeof(winname2), (LPARAM)winname2);
    
    
    	if(strcmp(winname2, _T("TeamViewer 8 Setup")) == 0)//procWindow
    	{	
    		SendMessage(hwnd, WM_GETTEXT, sizeof(winname1), (LPARAM)winname1);
    
    
    		//cout << "Window Name: " << hwnd << " " << winname1 << "\n" << endl;
    		if(strcmp(winname1, _T(runButton)) == 0)
    		{
    			SendMessage(hwnd, BM_SETCHECK, 1, 0);
    			runChecked = true;
    		}
    
    
    		if(strcmp(winname1, _T(eula)) == 0)
    		{
    			SendMessage(hwnd, BM_SETCHECK, 1, 0);
    			Sleep(500);
    		}
    
    
    		if((strcmp(winname1, _T(nextButton)) == 0) && runChecked == true)
    		{
    			SendMessage(hwnd, BM_CLICK, 1, 0);
    			Sleep(500);
    		}
    	}
    
    
    	// must return TRUE; If return is FALSE it stops the recursion
    	return TRUE;
    	Sleep(1000);
    }
    
    
    BOOL CALLBACK WindowHandle(HWND hwnd, LPARAM lParam)
    {
    	char String[255];
    	DWORD dwID;
    
    
    	GetWindowThreadProcessId(hwnd, &dwID);
    	SendMessage(hwnd, WM_GETTEXT, sizeof(String), (LPARAM)String);
    	EnumChildWindows(hwnd, &EnumChildProc, NULL);
    
    
    	return TRUE ;
    }
    
    
    bool setDebug() 
    {
        HANDLE hToken;
    
    
        if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) 
        {
            TOKEN_PRIVILEGES tp;
            LUID luid;
            TOKEN_PRIVILEGES tpPrevious;
            DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
            
            if(LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) 
            {
                tp.PrivilegeCount = 1;
                tp.Privileges[0].Luid = luid;
                tp.Privileges[0].Attributes = 0;
                
                if(AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &tpPrevious, &cbPrevious)) 
                {
                    tpPrevious.PrivilegeCount = 1;
                    tpPrevious.Privileges[0].Luid = luid;
                    tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
                    
                    if(AdjustTokenPrivileges( hToken, FALSE, &tpPrevious, cbPrevious, NULL, NULL )) 
                    {
                        CloseHandle(hToken);
                        return true;
                    }
                }
            }
        }
        CloseHandle(hToken);
        return false;
    }
    
    
    int _tmain(int argc, _TCHAR* argv[])
    {
    	STARTUPINFO si;
    	PROCESS_INFORMATION pi;
    
    
    	memset(&si, 0, sizeof(si));
    	memset(&pi, 0, sizeof(pi));
    
    
    	si.cb = sizeof(si);
    
    
    	//Hide this console window
    	//FreeConsole();
    
    
    	//Get Computer Name
    	char name[100];
        DWORD length=100;
        GetComputerName((LPSTR)name, &length);
    
    
    	char appParm[250];
    	char *application = "TeamViewer.exe"; //<--- This is the path to the application you want to run with escalated privelages 
    	
    	//This is the local admin
    	char *user = "admin";
    	char *password = "h&gYrvas%uihsqw*S"; //<-- Local admin password encrypted
    	char *domain = name; //<-- This is the workstation name, or you can set it as hospice
    	char *runPath = "C:\\";
    	char *pathTolsrunaseFilename = "lsrunase.exe";
    
    
    	//*** Don't make changes below this unless you know what you're doing ***
    
    
    	//Store our parameter variable
    	sprintf_s(appParm, "/User:%s /Password:%s /domain:%s /command:%s /Runpath:%s", user, password, domain, application, runPath);
    
    
    	//Run the application we want with escalated privelages
    	CreateProcess(NULL, process, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
    
    
    	//Wait 3 seconds to make sure the application is launched
        Sleep(3000);
    
    
    	//Get Parent Handle of Application
    	unsigned long dwPID1 = GetProcessId( process );
    
    
    	if(setDebug()) 
        {
    		if(!pi.hProcess) 
    		{
    			cout << GetLastError() << endl;
    			MessageBox(NULL, "Program Window not found", "error", MB_OK);
    			return 0;
    		}
    
    
    		while(pi.hProcess)
    		{
    			EnumWindows((WNDENUMPROC)WindowHandle, (LPARAM)dwPID1);
    		}
    	}
    
    
    	system("Pause");
    
    
    	return 0;
    }

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •