3

I'm working on a COM server DLL to override the "Run as Administrator" in Windows 10. I'm doing this by setting the DLL GUID as DelegateExecute on the Computer\HKEY_CLASSES_ROOT\exefile\shell\runas\command registry key. I have the CLSID entries for both 32 and 64 bit versions created (as InprocServer32).

This is working fine for the most part. Right clicking exe files in explorer and running as administrator is delegated to the DLL, if an installer tries to launch with elevated privileges it gets delegated to the DLL, right clicking on start menu items is delegated, and so on.

The only problem is that when using the start menu search and hitting an item that is listed as "Run command" (search for "wusa" for example) then clicking "run as administrator" in the right side of the search (or by right clicking the result) does nothing.

Using Process Monitor from sysinternals I can see that RuntimeBroker.exe correctly reads through the registry and detects that my DLL is the one need to be called but then it stops right after getting the filename and instead looks at a registry key called ...\AppActivationErrorHandlers\80270301 and then stops. 0x80270301 is the value of a symbol called E_SHELL_EXTENSION_BLOCKED so I'm assuming it's related. But I can find no information about why it is getting blocked.

Can anyone help point me the right direction?

Lasse Hassing
  • 91
  • 3
  • Did you register yourself in the approved key for shell extensions? This policy enforcement is usually not active though (but is has existed since NT4). Might also be because it is not signed (or not signed by Microsoft). Processes can opt in to this signing requirement. – Anders Jan 17 '19 at 02:13
  • Thanks for the suggestion but it doesn't seem to make any difference. – Lasse Hassing Jan 17 '19 at 13:59

1 Answers1

0

I solved the problem by switching from an InprocServer (DLL) to a LocalServer (EXE). Presumably because the security requirements is lower for an out-of-proc exe is lower than the DLL.

Lasse Hassing
  • 91
  • 3
  • Tried the same with LocalServer, stumbled upon 2 problems: right-click run as administrator gets delegated, double clicking an exe with the shield icon will not get delegated. The second problem is that the delegation does not receive the consent.exe parameters, receive "-Embedding" as an argument. Did you stumble on those issues? – Darksody Jun 12 '23 at 07:26
  • The -Embedding argument is how COM servers are started. You instead need to implement support for IExecuteCommand, IInitializeCommand, and IObjectWithSelection to catch the various data and events. Unfortunately, there is some data that consent.exe gets but a COM server doesn't (the parent ID of the requested elevation). Overriding the run-as delegate also breaks a lot of software and installers that use ShellExecuteEx because when the call goes through the COM server the SHELLEXECUTEINFO.hProcess handle is always set to null. – Lasse Hassing Jun 13 '23 at 08:52
  • Found it, thank you very much. For who else will need the info, Microsoft has it on github: https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/Win7Samples/winui/shell/appshellintegration/ExecuteCommandVerb – Darksody Jun 29 '23 at 07:13