Screen capture and event with Vista UAC - windows-vista

I'ved developed a c# application that captures screens using bitblt and sends keyboard and mouse events using calls to keybd_event and mouse_event.
According to Microsoft I needed to modify the app.manifest with:
requestedExecutionLevel level="highestAvailable" uiAccess="true"
Sign the application and place it in a trusted location (program files).
I have done all of these to get the application to run under elevated priviledges under Vista but when UAC dialogs appear it does not capture those screens and the keyboard and mouse events do not reach the UAC dialog.
I am guess that UAC runs in a different desktop?? if so, how would i capture that? and how can i detect when the desktop switches to a UAC dialog in c#? or have i just missed a step?

UAC runs on the secure desktop, only trusted processes running on the system account are allowed to run in that context.
This is to prevent exactly what you are trying to achieve - processes spoofing or capturing user input.

You cannot. The UAC desktop is secure because it doesn't allow anyone to access it.
To detect the desktop switch event, I would try to use SENS or WTSRegisterSessionNotification. But it doesn't look very promising.

Related

Use Desktop Duplication API to capture Logon & Lock Screens

Since Windows 10 doesn't support Mirror drivers, how do I use Desktop Duplication API to capture console at all times i.e. start with logon window, then user's desktop (after the user logs in) and also the lock screen?
Detect desktop Switch event then SetThreadDesktop on the thread that is capturing and make sure you're running as SYSTEM user.

Access OSK(on screen keyboard) handle from desktop app without administrator rights

I have a desktop delphi application that runs without administrator rights on windows 7 and 8. This application, needs to send (SendInput) mouse events(click and move) to another running apps. This app works like a driver for a remote wifi pen, that controls mouse over desktop. When the focus is over OSK(on screen keyboard), the mouse move with left key pressed dont work, the osk windows dont move, all others applications move when receive these mouve events. I cand get handle of OSK.
When I run my app with administrator privileges(UAC) all works fine, OSK move when app send mouve envets.
I think that problem is related to UAC. I found a way to bypass the UAC like this http://www.thewindowsclub.com/create-elevated-shortcut-run-programs-bypass-uac, but is not a good ideia in some enviroments.
There is a way to bypass the UAC without underground ways ? Or how can I force the OSK to respond on all mouse events that I send to him.
Here is a snip of the manifest that is embedded in Osk.exe:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="true"/>
</requestedPrivileges>
</security>
</trustInfo>
Note the level it asks for, asInvoker does not ask for UAC elevation, only requireAdministrator does. In other words, it runs with whatever privileges the starting program has. You can tell, you don't get the consent prompt when you start Osk.exe
What matters here is uiAccess. With it set to true, the program bypasses UIPI. The lesser-known twin of UAC, User Interface Privilege Isolation protects against shatter attacks by disallowing another process to poke keystrokes and mouse clicks into the window owned by an elevated app. Such a process still runs in high integrity mode, that's why you cannot poke into Osk yourself, but doesn't have the privileges enabled that make an UAC elevated app dangerous.
This is not unusual, most any program that uses UI Automation or provides an accessibility feature needs to be able to do this. Like Osk.exe, it needs to be able to poke keystrokes into any app. Clearly what you want to do as well.
Getting uiAccess does not require the user to consent to a prompt like UAC elevation does. The operating system has to "trust" you. Covered well in this MSDN article, "UIAccess for UI automation applications" section. I'll just summarize it here:
Set uiAccess="true" in the application manifest
Your executable must have valid digital certificate, the kind you buy from a vendor like Verisign.
Your executable must be stored in a directory that has write access denied, in a subdirectory of c:\program files or c:\windows.

How to unlock Windows lockscreen?

How can I unlock the windows lockscreen with Delphi? I didn't found anything on Google or Stackoverflow. I already tried to enter my password using keybd_event but it seems like the events dont work on the lockscreen.
You cannot unlock the lock screen programmatically from user space. That is by design.
OK, let's clarify that. Using documented APIs, you cannot do this. You need to reverse engineer undocumented APIs as #Remko has done for his SasLibEx product.
Remko Weijnen has very interesting projects in this direction. He has released a command-line tool (Winstation Locker) which is capable to unlock local/remote Windows XP station, without knowing the password of the user who has locked the computer.
For Windows Vista and later he has developed SasLibEx** library which can unlock even specific terminal services sessions, again without username/password.
Both methods require you to have Administrative privileges/account at the destination computer.
PLEASE NOTE, all these tools use nasty hacks that may be considered illegal, inappropriate, intolerant or criminal(?). It should be discussed with your Clients/Employer and should be used with caution!
** SasLibEx is a commercial product
Steamlink (a piece of hardware that allows you to stream your steam games to a big screen) currently has an issue, that if your screen is in a different part of the house, in order to play you need to walk to your PC unlock it and then walk back to your big screen.
In order to make it less painful, people in the community came up with this script:
#powershell -NoProfile -ExecutionPolicy unrestricted -Command "$sessionid=((quser $env:USERNAME | select -Skip 1) -split '\s+')[2]; tscon $sessionid /dest:console" 2> UnlockErrors.log
It can unlock your PC remotely. You can call tscon.exe from Delphi to emulate the same.
This actually can be done using powershell, psexec and windows onscreen keyboard. While a program cannot send input to winlogon, the windows osk can, and sure enough a program can send input to osk.
NOTE: The following is a remote solution.
As far as i know, Keyboard events wont work on lock screen unless you switch from Default Desktop to Winlogon desktop(Desktop referring to a container of all activities)
[Background]
Default desktop is the one you use when reading this post.
Winlogon would be the one that is set as active when you press Ctrl+Alt+Del
[XP]
You would need to Switch from Default to WinLogon Desktop[Check reference] and then you would be able to unlock machine by getting Window handle for Unlock Computer
IntPtr windowHandle = (IntPtr)FindWindow(null, "Unlock Computer");//Getting Window handle
Send username and password to respective edit boxes.
Reference
http://www.codeproject.com/Articles/16197/Remotely-Unlock-a-Windows-Workstation
[Win7]
Run tsdiscon.exe from remote. Not sure how this works; but for me, it unlocks the Locked Screen.

Prevent UAC Dialog

We linked our application with a manifest with requireAdministrator option in c++. This is because the application modifies HKLM registry entries. When we execute the application, Windows displays the following message. Is it possible to make this window do not appear for our application without changing the UAC setting of Windows?
The basic answer is no. UAC is designed to prompt you for just this purpose. If you could bypass the UAC for your good application, the same could be true for the bad applications that are out there. Because you are writing to the registry at HKLM, you have to elevate your access.
You could move the dialog around a bit if you want. For example, you could create an application icon that would immediately prompt the user with the UAC when they started the application but that isn't a great idea since the point of UAC is to run without permissions until they are needed.
Here is a link to more information about the UAC and how to work with it:
http://msdn.microsoft.com/en-us/magazine/cc163486.aspx

How to use SetWindowsHookEx in Vista and hook Admin apps with UAC?

I'm trying to figure out if there's a way to use SetWindowsHookEx and be able to affect apps that are run with Admin rights on Vista, with UAC enabled. This is an app that will need to add a small button to the caption bar of other windows to enable some multi-monitor-aware handling. I would have thought this couldn't be done, but I've seen one app that appears to do this. As far as I can tell, this other apps is not being run with Admin rights, and yet it can affect all apps in the system, including those with Admin privilege.
It would seem that there's a way to do this, then, but I'm at a loss on how. My app only needs to be able to draw on window title bars and be able to affect their movement and size. I don't need to do anything else.
You can't, as administrative processes are isolated from non-administrative processes running on the same user desktop. You can't even drag and drop between admin and non-admin processes.
This is an in-dept analysis: http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx
About the application you are referencing, it probably uses some administrative code running in background (usually as a service) so it can interact with administrative processes.

Resources