Jump to content











Submitter

SUPPORT TOPIC File Information

  • Submitted: Sep 13 2012 08:24 PM
  • Last Updated: Oct 03 2012 08:32 AM
  • File Size: 3.05MB
  • Views: 7642
  • Downloads: 5,036

Download RunasSystem and RunFromToken

- - - - -



Screenshots
Here's two simpel and powerful utilities to facilitate running programs extremely elevated. Sometimes your account, whether Administrator or not, just don't have access to perform certain operations on your system. Stuff protected by the Windows Resource Protection (trustedinstaller); http://msdn.microsof...3(v=vs.85).aspx is one good example (many files and registry keys are guarded). Running as local system is good enough for many operation (use RunasSystem), but sometimes you need a different token in your process, like the one from the trustedinstaller (use RunFromToken). There is no need to switch sessions, as you can specify which session to start your process in. This is actually very handy for a power user. You will get access to almost any part of your system accessible from usermode. Kernelmode (ring0) is a different thing, and can't be accessed without a kernel driver. And forget about protected processes; http://msdn.microsof...e/gg463417.aspx

Both tools are with source included and can easily be modified to suite your needs. They are based on user wraithdu's sample at the autoit forums; http://www.autoitscr...system-account/

Short description

RunasSystem
Will launch a process from the local system account. Target process to start can be supplied on commandline as parameter (full path to executable if not in path). If no parameter is given, cmd.exe is started.
Sample command to start regedit:
RunasSystem regedit

RunFromToken
Will start a process with the token of a given process. Obviouly the process that you duplicate the token of, must be running. Preferrably launch this one from RunasSystem

Syntax is:
RunFromToken TargetProcessName SessionId ProgramToStart

Sample command to start cmd.exe in session 1 with the token of the trustedinstaller:
RunasSystem "RunFromToken trustedinstaller.exe 1 cmd"

These tools are meant for nt6.x, and have been tested on Vista x86, Windows 7 x64 and Windows 8 x64. They don't work on nt5.x (XP and 2k3).

Requirements
Administrator privilege. Possibly UAC turned off.

On one of my systems I have this simpel batch on my desktop to get quick access to my special power cmd:
net start trustedinstaller
C:\windows\system32\runassystem_x64 "C:\windows\system32\runfromtoken_x64 trustedinstaller.exe 1 cmd"

With that command shell you have rather extreme control. Now go crazy on your system.




Other files you may be interested in ..





171 user(s) are online (in the past 70 minutes)

1 members, 170 guests, 0 anonymous users


rtwb