You Require Permissions From TrustedInstaller

  Hey Lancelot;
for %%x in (C D E F .....) do fltmc.exe attach AccessGainDriver %%x:>nul
where would I put this command line in win8.1SE build?

Hey Mark,

download Access Gain from Gena,
 (or use Gena\Utils\Share Scripts -----> Share with Win8.1SE  )

above works out of box as default 

Hi Chris

on FAQ http://theoven.org/index.php?topic=834
I just added
Q: I don't have permission to access files ?

 

 :w00t:Lancelot;
download Access Gain from Gena, (or use Gena\Utils\Share Scripts -----> Share with Win8.1SE  )

I hit the Download, put check mark by Gena.  I then went to Gena\Utils|Share Scripts and check only that box ( nothing else checked).  It downloaded the script but after going
into the program I didn't see anything new?  I then went back to same location and the Gena\Utils\Share Scripts was still there.  I thought that everything that is downloaded
didn't show up in the download area?  Is there something I missed?

Hi Mark,

not that way 

Trick is:
You can download all projects around the oven side by side,
 than you can use "share xxx" way

With your above usage,
 If you Download Gena side by side with Win81SE
  you can use share way to gather all things from Gena to Win81SE easly.
   ex: when updated on Gena, after you get update it is also on Win81SE

If you don't have bandwidth problem,
 easiest way is to download all projects side by side (Gena + WinXX + YomiXX) hence when one plugin updated you get at all 


Other way is manual way, download Access Gain from Gena manually or with download button and copy it into a Win81SE sub-folder.

 

For x64, we need to disable the driver signature. I tried with:

Code: [Select]

bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit /set testsigning ON

The DD was an older trick that no longer works.
The problem is winload.exe, it scans for DISABLE_INTEGRITY_CHECKS string and replaces it with spaces.

So to get it work, the string in winload.exe needs to be changed to something else.
Than the PE Header checksum needs to be corrected wit PEChecksum.exe.

To get bootmgr accepts the invalid certificate of the new winload.exe this is needed.

Code: [Select]

bcdedit -store bcd /set {default} NoIntegrityChecks 1
And finally we can disable the checks

Code: [Select]

bcdedit -store bcd /set {default} loadoptions DISABLE_INTEGRITY_CHECKS

PS: there are two winload.exe one in system32 and one in system32\boot

psexec not distributable. ..
i remember jfx provided alternate tools elsewhere but i can not remember now (hard to find on mobile browse...)
i guess jfx or galapo already had done this with au3.

I think you mean Galapo's  Runlimited.au3 in Vmware script.
Maybe I can create a simple app that runs with system rights, just needs to check if it works in WinPE.
This PaExec is quite disappointing and only gives errors here.

I think you mean Galapo's  Runlimited.au3 in Vmware script.

Maybe I can create a simple app that runs with system rights, just needs to check if it works in WinPE.

Hi

What about using Nircmd which is Redistributable ?.

For example ,

nircmd.exe elevatecmd runassystem X:\windows\regedit.exe

nircmd.exe elevatecmd runassystem X:\Programs\qdir\qdir.exe

Your right anshad, nircmd does the job just fine and is redistributable

Thanks anshad 

only could not figure out how to start cmd.exe as SYSTEM with nircmd ?

ps: I tested these, which seems not working !!?? :

Code: [Select]

cmd.exe /c "nircmd.exe elevatecmd runassystem %systemroot%\cmd.exe"

Code: [Select]

Start "nircmd.exe elevatecmd runassystem %systemroot%\cmd.exe"

Code: [Select]

cmd.exe /K nircmd.exe elevatecmd runassystem %systemroot%\cmd.exe"

Should work, maybe you use an older version or NT5 system?

EDIT: Seems it doesn't like the %systemroot%

I figured out

nircmd.exe elevatecmd runassystem %systemroot%\System32\cmd.exe

works 

ps: "Administrator" title stays at top, besides it is system when checked from taskmanager or procexp


edit:
it seems cmd.exe under windows do not want to start that way ;) , both does not work:
nircmd.exe elevatecmd runassystem %systemroot%\cmd.exe
nircmd.exe elevatecmd runassystem C:\Windows\cmd.exe
hehe, there is no cmd.exe under windows 

ps: I use Win81x64 for a while now 

Well all solved 

Thanks Anshad for reminding the very good NirCmd 

For DISABLE_INTEGRITY_CHECKS, I tried this morning but without success, maybe I missed something.
I guess that it is the same for winload.efi. here is my code box.

Code: [Select]

[Process]
If,%SourceArch%,Equal,x64,Begin
  ShellExecute,Hide,%Tools%\gsar.exe,"-o -s:x44:x49:x53:x41:x42:x4C:x45:x5F:x49:x4E:x54:x45:x47:x52:x49:x54:x59:x5F:x43:x48:x45:x43:x4B:x53 -r:x58:x49:x53:x41:x42:x4C:x45:x5F:x49:x4E:x54:x45:x47:x52:x49:x54:x59:x5F:x43:x48:x45:x43:x4B:x53 #$q%Target_Sys%\winload.exe#$q"
  ShellExecute,Hide,%Tools%\PEChecksum.exe,"#$q%Target_Sys%\winload.exe#$q"
  If,Not,%ExitCode%,Equal,0,Echo,"updates the checksum failed, exit code : %ExitCode%"
  Filecopy,%Target_Sys%\winload.exe,%Target_Sys%\Boot\winload.exe,NoWarn
End
//-
If,Not,ExistFile,%Tools%\%SourceArch%\bcdedit.exe,FileCopy,%InstallSRC%\Windows\System32\bcdedit.exe,%Tools%\%SourceArch%
Set,%BcdEditExe%,%Tools%\%OSArch%\bcdedit.exe
If,Not,ExistFile,%BcdEditExe%,Set,%BcdEditExe%,%Tools%\x86\bcdedit.exe
//-
If,%SourceArch%,Equal,x64,Begin
  ShellExecute,Hide,%BcdEditExe%,"/store #$q%TargetDir%\Boot\bcd#$q /set {default} NoIntegrityChecks 1",%Tools%\%OSArch%\
  ShellExecute,Hide,%BcdEditExe%,"/store #$q%TargetDir%\Boot\bcd#$q /set {default} loadoptions DISABLE_INTEGRITY_CHECKS",%Tools%\%OSArch%\
End

With x86 AccessGain, perhaps Take OwnerShip in addition for x64, and with NirCmd Run As System, it seems to me that we have the tools to answer the question 

The string to replace should be unicode not ascii.
Well im not so sure about winload.efi, it properly don't work with secure boot.

Thanks 
I do not know if gsar in Tools folder can do it. Do you have a small program or tool to do it or I have to use au3 with StringToBinary("string",2), StringReplace.

Hmm, a tool to replace unicode strings would be much better, but gsar.exe can do it:

Code: [Select]

gsar.exe -o -s:x44:x00:x49:x00:x53:x00:x41:x00:x42:x00:x4C:x00:x45:x00:x5F:x00:x49:x00:x4E:x00:x54:x00:x45:x00:x47:x00:x52:x00:x49:x00:x54:x00:x59:x00:x5F:x00:x43:x00:x48:x00:x45:x00:x43:x00:x4B:x00:x53:x00 -r:x58:x00:x49:x00:x53:x00:x41:x00:x42:x00:x4C:x00:x45:x00:x5F:x00:x49:x00:x4E:x00:x54:x00:x45:x00:x47:x00:x52:x00:x49:x00:x54:x00:x59:x00:x5F:x00:x43:x00:x48:x00:x45:x00:x43:x00:x4B:x00:x53:x00 winload.exe

But actually I don't like AccessGain, people should lern to understand how to deal with user rights instead of bypassing them.

It works wonderfully    awesome

AccessGain works after, but as you say, it is less well for learning how to manage user rights.

The patch to bypass the driver signature for Win8.x is written now
AccessGain works perfectly now on NT6 64-bits. It remains good to know how to get around these problems rights, manually.

I also wrote a script to add "Run as System" in context menu, for exe files. It uses the great NirCmd

Thank you All 

And thank YOU! ChrisR! Amazing piece of work, once again...
So if I understand correctly, this driversignature patch allows us to "mess with" (usually: delete, probably) any file on a host HD from within PE? (through AccessGain).
Everybody keeps mentioning running QDir as System, is this a special case, or does it work equally well with other programs? (I use TCCLE and XYPlorer in PE). I don't come across the "You Require Permissions..." problem that often, but of course it will come up when you least expect it... (Murphy...)

Yep, a pleasure this work in common 

I had not seen and not pay attention, before, to this problem of rights on the host system.
This concern does not exist on the other PE that use the system account.

Pending Murphy, "Anything that can go well, will go well"  , there are now several solution, if needed:
The first, Take Ownership and grant full access to files or folders manually, if needed.
Use AccesGain driver to bypass files sytem security. For x64, the driver is loaded thanks to JFX's patch.
Use Run As Sytem context menu entry to load another file explorer, QDIR, Explorer++, XYPlorer, ... with all rights from the system account. 

Run As system may be useful for other applications, eg: regedit to have the full rights on the registry, or other apps if needed.