Jump to content


SUPPORT TOPIC File Information

  • Submitted: Sep 13 2012 08:24 PM
  • Last Updated: Oct 03 2012 08:32 AM
  • File Size: 3.05MB
  • Views: 16517
  • Downloads: 12,194

Download RunasSystem and RunFromToken

- - - - -

Here's two simpel and powerful utilities to facilitate running programs extremely elevated. Sometimes your account, whether Administrator or not, just don't have access to perform certain operations on your system. Stuff protected by the Windows Resource Protection (trustedinstaller); http://msdn.microsof...3(v=vs.85).aspx is one good example (many files and registry keys are guarded). Running as local system is good enough for many operation (use RunasSystem), but sometimes you need a different token in your process, like the one from the trustedinstaller (use RunFromToken). There is no need to switch sessions, as you can specify which session to start your process in. This is actually very handy for a power user. You will get access to almost any part of your system accessible from usermode. Kernelmode (ring0) is a different thing, and can't be accessed without a kernel driver. And forget about protected processes; http://msdn.microsof...e/gg463417.aspx

Both tools are with source included and can easily be modified to suite your needs. They are based on user wraithdu's sample at the autoit forums; http://www.autoitscr...system-account/

Short description

Will launch a process from the local system account. Target process to start can be supplied on commandline as parameter (full path to executable if not in path). If no parameter is given, cmd.exe is started.
Sample command to start regedit:
RunasSystem regedit

Will start a process with the token of a given process. Obviouly the process that you duplicate the token of, must be running. Preferrably launch this one from RunasSystem

Syntax is:
RunFromToken TargetProcessName SessionId ProgramToStart

Sample command to start cmd.exe in session 1 with the token of the trustedinstaller:
RunasSystem "RunFromToken trustedinstaller.exe 1 cmd"

These tools are meant for nt6.x, and have been tested on Vista x86, Windows 7 x64 and Windows 8 x64. They don't work on nt5.x (XP and 2k3).

Administrator privilege. Possibly UAC turned off.

On one of my systems I have this simpel batch on my desktop to get quick access to my special power cmd:
net start trustedinstaller
C:\windows\system32\runassystem_x64 "C:\windows\system32\runfromtoken_x64 trustedinstaller.exe 1 cmd"

With that command shell you have rather extreme control. Now go crazy on your system.

Other files you may be interested in ..

  • 363 Total Files
  • 13 Total Categories
  • 89 Total Authors
  • 2,899,248 Total Downloads
  • WinToUSB Latest File
  • easyuefi Latest Submitter

66 user(s) are online (in the past 3000 minutes)

0 members, 63 guests, 0 anonymous users

Yahoo (1), Bing (2)