Leaderboard

Run as TrustedInstaller using DLL (NSudoDM.dll, NSudoAPI.dll) Is a tool for launching programs with similar privileges to TrustedInstaller. Itself or any other program. Below is an example that reruns itself under TrustedInstaller privileges: #RequireAdmin #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Compile_Both=y #AutoIt3Wrapper_UseX64=y #AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <File.au3> #include <Array.au3> #include <WinAPI.au3> #include <Constants.au3> Global Const $NSudo_Dll_Dir = (FileExists(@ScriptDir & '\NSudoAPI_x86.dll') And FileExists(@ScriptDir & '\NSudoAPI_x64.dll') And FileExists(@ScriptDir & '\NSudoDM_x86.dll') And FileExists(@ScriptDir & '\NSudoDM_x64.dll')) ? @ScriptDir : @TempDir OnAutoItExitRegister("_OnExit_Clean") Global Const $NSudoAPI_Dll_x86 = $NSudo_Dll_Dir & '\NSudoAPI_x86.dll' Global Const $NSudoAPI_Dll_x64 = $NSudo_Dll_Dir & '\NSudoAPI_x64.dll' Global Const $NSudoAPI_Dll = @AutoItX64 ? $NSudoAPI_Dll_x64 : $NSudoAPI_Dll_x86 Global Const $NSudoDM_Dll_x86 = $NSudo_Dll_Dir & '\NSudoDM_x86.dll' Global Const $NSudoDM_Dll_x64 = $NSudo_Dll_Dir & '\NSudoDM_x64.dll' Global Const $NSudoDM_Dll = @AutoItX64 ? $NSudoDM_Dll_x64 : $NSudoDM_Dll_x86 If $NSudo_Dll_Dir<> @ScriptDir Then FileInstall("NSudoDM_x86.dll",$NSudoDM_Dll_x86,1) FileInstall("NSudoDM_x64.dll",$NSudoDM_Dll_x64,1) FileInstall("NSudoAPI_x86.dll",$NSudoAPI_Dll_x86,1) FileInstall("NSudoAPI_x64.dll",$NSudoAPI_Dll_x64,1) EndIf Global Const $NSudoAPI_UserModeType_DEFAULT = 0 ; Run the program with the current user's access token. If User Account Control (UAC) is not disabled, the permissions of this mode are equivalent to those of a standard user Global Const $NSudoAPI_UserModeType_TRUSTED_INSTALLER = 1 ; Run the program with the TrustedInstaller access token Global Const $NSudoAPI_UserModeType_SYSTEM = 2 ; Run the program with the System access token Global Const $NSudoAPI_UserModeType_CURRENT_USER = 3 ; Run the program with the elevated current user's access token. The permissions of this mode are equivalent to those of the elevated user Global Const $NSudoAPI_UserModeType_CURRENT_PROCESS = 4 ; Run the program with the current process's access token. The permissions of this mode are equivalent to those of the elevated user Global Const $NSudoAPI_UserModeType_CURRENT_PROCESS_DROP_RIGHT = 5 ; Run the program with the current process's LUA mode access token. The permissions of this mode are equivalent to those of a standard user and this implementation is consistent with the corresponding implementation in iertutil.dll in Internet Explorer Global Const $NSudoAPI_PrivilegesModeType_DEFAULT = 0 ; default privileges Global Const $NSudoAPI_PrivilegesModeType_ENABLE_ALL_PRIVILEGES = 1 ; enable all privileges Global Const $NSudoAPI_PrivilegesModeType_DISABLE_ALL_PRIVILEGES = 2 ; disable all privileges Global Const $NSudoAPI_MandatoryLabelType_UNTRUSTED = 0 ;Untrusted Global Const $NSudoAPI_MandatoryLabelType_LOW = 1 ;Low Global Const $NSudoAPI_MandatoryLabelType_MEDIUM = 2 ;Medium Global Const $NSudoAPI_MandatoryLabelType_MEDIUM_PLUS = 3 ;Medium-high Global Const $NSudoAPI_MandatoryLabelType_HIGH = 4 ;High Global Const $NSudoAPI_MandatoryLabelType_SYSTEM = 5 ;System Global Const $NSudoAPI_MandatoryLabelType_PROTECTED_PROCESS = 6 ;Protected process Global Const $NSudoAPI_ProcessPriorityClassType_BELOW_NORMAL = 0 ;Below normal Global Const $NSudoAPI_ProcessPriorityClassType_NORMAL = 1 ;Normal Global Const $NSudoAPI_ProcessPriorityClassType_ABOVE_NORMAL = 2 ;Above normal Global Const $NSudoAPI_ProcessPriorityClassType_HIGH = 3 ;High Global Const $NSudoAPI_ProcessPriorityClassType_REALTIME = 4 ;Real time Global Const $NSudoAPI_ShowWindowModeType_DEFAULT = 0 ;Default Global Const $NSudoAPI_ShowWindowModeType_SHOW = 1 ;Show window Global Const $NSudoAPI_ShowWindowModeType_HIDE = 2 ;Hide window Global Const $NSudoAPI_ShowWindowModeType_MAXIMIZE = 3 ;Maximize Global Const $NSudoAPI_ShowWindowModeType_MINIMIZE = 4 ;Minimize Global $NSudoAPI_WaitInterval = 0 ; The time (in milliseconds) to wait for the created process. Global $NSudoAPI_CreateNewConsole = True ; the new process will run in a new console window, otherwise it will run directly in the console window corresponding to the process (default setting). If (@OSArch = "X64") And (@AutoItX64 = 0) Then _WinAPI_Wow64EnableWow64FsRedirection(False) DllCall("kernel32.dll", "boolean", "Wow64DisableWow64FsRedirection", "boolean", 1) ;~ Turns On 64 Bit Redirection EndIf ;The command line to be executed, the maximum length = MAX_PATH, i.e. 260 characters. Global $NSudoAPI_CommandLine = @ScriptFullPath ;Used to specify the current directory of the process. A full path is required. UNC paths can be used. If this parameter is nullptr, the new process will use the current path used by the process that called this function. Global $NSudoAPI_CurrentDirectory = @WorkingDir Global $ProcessOwner = _ProcessGetOwner(@AutoItPID) Global $DllCall_Error_Return = 0, $DllCall_Error_Name = 'unknow', $DllCall_Return = '' _ConsoleWrite("! " & @YEAR & "/" & @MON & "/" & @MDAY & "-" & @HOUR & ":" & @MIN & ":" & @SEC & " !") _ConsoleWrite("! " & @ScriptFullPath & " | User: " & @UserName & " | NSUDO_Dll_Dir: " & $NSudo_Dll_Dir) _ConsoleWrite("! " & "ProcessPID:" & @AutoItPID & " | ProcessOwner: " & $ProcessOwner) Global $NSudoDM_DllCall_Handle = _WinAPI_LoadLibrary($NSudoDM_Dll) If @UserName <> "SYSTEM" And @UserName <> 'LOCAL SERVICE' Then _NSudoAPI_RUN() Else ; TEST 1 ================================================================================================= If FileExists(@WindowsDir & '\System32\sethc_.exe') Then ; Restore FileDelete(@WindowsDir & '\System32\sethc.exe') FileMove(@WindowsDir & '\System32\sethc_.exe', @WindowsDir & '\System32\sethc.exe', 1) If @AutoItX64 Then FileDelete(@WindowsDir & '\SysWOW64\sethc.exe') FileMove(@WindowsDir & '\SysWOW64\sethc_.exe', @WindowsDir & '\SysWOW64\sethc.exe', 1) EndIf Else ; Replace FileMove(@WindowsDir & '\System32\sethc.exe', @WindowsDir & '\System32\sethc_.exe', 1) FileCopy(@WindowsDir & '\System32\cmd.exe', @WindowsDir & '\System32\sethc.exe', 1) If @AutoItX64 Then FileMove(@WindowsDir & '\SysWOW64\sethc.exe', @WindowsDir & '\SysWOW64\sethc_.exe', 1) FileCopy(@WindowsDir & '\SysWOW64\cmd.exe', @WindowsDir & '\SysWOW64\sethc.exe', 1) EndIf Run(@WindowsDir & '\System32\sethc.exe') EndIf ; TEST 2 ======================================================================================================== _ArrayDisplay(_FileListToArray(@HomeDrive & '\System Volume Information'), "ProcessOwner: " & $ProcessOwner) EndIf _WinAPI_FreeLibrary($NSudoDM_DllCall_Handle) Func _NSudoAPI_RUN() _ConsoleWrite("- Call NSudoCreateProcess in Dll: " & $NSudoAPI_Dll) ;~ Local $NSudoAPI_DllCall_Handle = DllOpen($NSudoAPI_Dll) Local $NSudoAPI_DllCall_Result = DllCall($NSudoAPI_Dll, 'int', 'NSudoCreateProcess', _ 'int', $NSudoAPI_UserModeType_TRUSTED_INSTALLER, _ ; NSUDO_USER_MODE_TYPE 'int', $NSudoAPI_PrivilegesModeType_ENABLE_ALL_PRIVILEGES, _ ; NSUDO_PRIVILEGES_MODE_TYPE 'int', $NSudoAPI_MandatoryLabelType_SYSTEM, _ ; NSUDO_MANDATORY_LABEL_TYPE 'int', $NSudoAPI_ProcessPriorityClassType_ABOVE_NORMAL, _ ; NSUDO_PROCESS_PRIORITY_CLASS_TYPE 'int', $NSudoAPI_ShowWindowModeType_SHOW, _ ; NSUDO_SHOW_WINDOW_MODE_TYPE 'dword', $NSudoAPI_WaitInterval, _ ; WaitInterval 'bool', $NSudoAPI_CreateNewConsole, _ ; CreateNewConsole 'wstr', $NSudoAPI_CommandLine, _ ; CommandLine 'wstr', $NSudoAPI_CurrentDirectory) ; CurrentDirectory $DllCall_Error_Return = @error If $DllCall_Error_Return > 0 Then _ConsoleWrite("! DllCall Error num: " & $DllCall_Error_Return) Switch $DllCall_Error_Return Case 1 $DllCall_Error_Name = 'unable to use the DLL file' Case 2 $DllCall_Error_Name = 'unknown "Return type"' Case 3 $DllCall_Error_Name = '"function" not found in the DLL file' Case 4 $DllCall_Error_Name = 'bad number of parameters' Case 5 $DllCall_Error_Name = 'bad parameter' EndSwitch _ConsoleWrite("! DllCall Error Name: " & $DllCall_Error_Name) EndIf If IsArray($NSudoAPI_DllCall_Result) Then For $i = 0 To UBound($NSudoAPI_DllCall_Result) - 1 $DllCall_Return &= $NSudoAPI_DllCall_Result[$i] & @CRLF Next EndIf _ConsoleWrite('- DllCall Return :(IsArray:' & IsArray($NSudoAPI_DllCall_Result) & ') > [[' & $DllCall_Return & ']]' & @CRLF & "- Error: " & $DllCall_Error_Name & @CRLF) EndFunc ;==>_NSudoAPI_RUN Func _ConsoleWrite($sText) ConsoleWrite($sText & @CRLF) FileWriteLine(@ScriptFullPath & ".logs", $sText) EndFunc ;==>_ConsoleWrite Func _ProcessGetOwner($ivPID) $ivPID = ProcessExists($ivPID) If Not $ivPID Then Return (SetError(1, 0, 0)) Local Const $TOKEN_READ = 0x00020000 + 0x0008 ; STANDARD_RIGHTS_READ+TOKEN_QUERY Local $hvProcess = _WinAPI_OpenProcess($PROCESS_QUERY_INFORMATION, False, $ivPID, False) Local $hvToken = _Security__OpenProcessToken($hvProcess, $TOKEN_READ) Local $bvSID = _Security__GetTokenInformation($hvToken, $TOKENOWNER) Local $avRet = DllStructCreate("ulong", DllStructGetPtr($bvSID)) $avRet = _Security__SidToStringSid(DllStructGetData($avRet, 1)) $avRet = _Security__LookupAccountSid($avRet) _WinAPI_CloseHandle($hvProcess) _WinAPI_CloseHandle($hvToken) If Not IsArray($avRet) Then Return (SetError(1, 0, _GetProcessOwner($ivPID))) Return (SetError(0, $avRet[2], $avRet[0])) EndFunc ;==>_ProcessGetOwner Func _GetProcessOwner($PID, $sComputer = ".") Local $objWMI, $colProcs, $sUserName, $sUserDomain $objWMI = ObjGet("winmgmts:\\" & $sComputer & "\root\cimv2") If IsObj($objWMI) Then $colProcs = $objWMI.ExecQuery("Select ProcessId From Win32_Process Where ProcessId=" & $PID) If IsObj($colProcs) Then For $Proc In $colProcs If $Proc.GetOwner($sUserName, $sUserDomain) = 0 Then Return $sUserName Next EndIf EndIf EndFunc ;==>_GetProcessOwner Func _OnExit_Clean() If StringLower($NSudo_Dll_Dir) = StringLower(@ScriptDir) Then Exit FileDelete($NSudoAPI_Dll_x86) FileDelete($NSudoAPI_Dll_x64) FileDelete($NSudoDM_Dll_x86) FileDelete($NSudoDM_Dll_x64) EndFunc ;==>_OnExit_Clean ; Launch processes with TrustedInstaller privilege by Dao Van Trong - TRONG.PRO ; Dll from NSudo: https://github.com/M2TeamArchived/NSudo/releases . Download DLL from HERE: https://github.com/M2TeamArchived/NSudo/releases/download/9.0-Preview1/NSudo_9.0_Preview1_9.0.2676.0.zip Attachments Maximum total size is: 4.26 kB 🤐

#include <WindowsConstants.au3> #include <WinAPISys.au3> #include <WinAPIConstants.au3> Global $KeyDown = False ; Register a hotkey to exit the program HotKeySet('{ESC}', 'Quit') ; Set a low level keyboard hook ; KeyboardProc it's a callback function that it's called when keyboard events occurs $hKeyboardProc = DllCallbackRegister('KeyboardProc', 'long', 'int;wparam;lparam') $hHook = _WinAPI_SetWindowsHookEx($WH_KEYBOARD_LL, DllCallbackGetPtr($hKeyboardProc), _WinAPI_GetModuleHandle(0)) Do ; We process the messsage here because it's a good practice to return from ; the callback function as soon as possible and without using any blocking functions If $KeyDown Then ConsoleWrite('= was pressed' & @CRLF) Do ConsoleWrite('= is still pressed' & @CRLF) Sleep(10) Until Not $KeyDown ConsoleWrite('= was released' & @CRLF) EndIf Sleep(10) Until $bExit ; Unset the keyboard hook _WinAPI_UnhookWindowsHookEx($hHook) DllCallbackFree($hKeyboardProc) Func KeyboardProc($nCode, $wParam, $lParam) ; If nCode is less than zero just call the next hook procedure in the current hook chain If $nCode < 0 Then Return _WinAPI_CallNextHookEx($hHook, $nCode, $wParam, $lParam) ; Create a structure that will contain info about the keyboard event ; (lParam it's the pointer to the KBDLLHOOKSTRUCT structure) Local $tKEYHOOKS = DllStructCreate('dword vkCode;dword scanCode;dword flags;dword time;ulong_ptr dwExtraInfo', $lParam) ; wParam contains the identifier of the keyboard message Switch $wParam Case $WM_KEYDOWN ; When = key it's pressed ; set $KeyDown to true, so you don't have to process anything else in the callback function If $tKEYHOOKS.vkCode = 0xBB Then $KeyDown = True ; Return nonzero value to prevent the system from passing the ; message to the rest of the hook chain or the target window procedure Return 1 EndIf Case $WM_KEYUP ; When = key it's released ; set $KeyDown to false, so you don't have to process anything else in the callback function If $tKEYHOOKS.vkCode = 0xBB Then $KeyDown = False ; Return nonzero value to prevent the system from passing the ; message to the rest of the hook chain or the target window procedure Return 1 EndIf EndSwitch ; Call the next hook procedure in the current hook chain Return _WinAPI_CallNextHookEx($hHook, $nCode, $wParam, $lParam) EndFunc Func Quit() $bExit = True EndFunc You can read all this stuff in more details here, here and here.

Stabilization ? No more issues ?

That is my whole snippet for provement: #include <StringConstants.au3> Local $sText = 'a@b.cd' ConsoleWrite($sText & ": " & _ProveMailAdress($sText) & @CRLF) Func _ProveMailAdress($sAdress) Local $sPattern = "^[A-Za-z0-9.!#$%&'*+\-\/=?^_`\{\|\}~]+@[a-zA-Z0-9.-]*?\.[a-zA-Z0-9.-]{2,63}$" If StringLeft($sAdress, 1) = "." Then Return 0 ; no dot at start If StringRight($sAdress, 1) = "." Then Return 0 ; no dot at end StringRegExp($sAdress, $sPattern, $STR_REGEXPARRAYMATCH) If @error Then Return 0 Return 1 EndFunc As you can see the local part is allowed to include some more symbols. Conrad