3

I am new here, please let me know if I made an error in my posting.

I'm trying to launch an exe that has a GUI, without needing to log in to Windows 7. I have tried: Windows Task Scheduler, NSSM, SC command, Batch file in startup folder, executable in startup folder,

Also, the SC command has been tried with many different arguments and options. I have tried NSSM, Windows Task Scheduler, and SC command, with the option of using a specific account (not sure about the details), by providing local username and password. All of these have been tried with both batch files and executables. The only purpose of the batch file was to start the executable. I thought maybe this indirect approach would help to an extent, but no there was no difference in trying to launch a program before login.

The key is the GUI, because, for example, I was able to launch a batch file that created a blank text file before logging in (verified by time), using Windows task scheduler, NSSM, and the SC command.

However, if I try to launch, say notepad.exe (start notepad.exe), it won't work. Notepad will not appear as a task, will not have a window, and will not appear as a process. I have tried putting the txt file creation command after the start command in the batch file, and the file is created (so the batch file isn't hanging on the start), but notepad has no trace whatsoever. Some of my peers have also suggested it is a result of the GUI and how it has to have a desktop session.

What has WORKED: 1. Allowing login on bootup without needing password. 2. Executing batch file that would launch program, and then lock the computer. 3. The desktop would flash for only about 1 second.

Problem: This isn't good enough since it is a vulnerability, even if it is only for a split-second.

Found someone who had a similar issue as me, and incorporated it as his solution, but he admits, that it isn't a secure approach. https://serverfault.com/questions/583517/start-program-on-computer-startup-when-nobody-is-logged-on-and-show-the-window-w

There is another avenue that I don't quite understand, that I think could possibly work. Its in regards to the functions LogonUser(), ImpersonateLoggedOnUser(), CreateProcessAsUser(), CreateProcessWithLogonW(). I would be hoping to run it as a service that would be able to "login" and start the program.

Code for creating session: 

bool startProcess(string path) {

    _STARTUPINFOA info; 

    info.cb = sizeof(info);
    info.lpReserved = NULL; 

    //The name of the desktop to which we want to connect. 
    info.lpDesktop = NULL; 

    //The title assigned to the GUI window. 
    info.lpTitle = NULL;

    //Offset of the window from top left corner
    info.dwX = 0;
    info.dwY = 0;

    //Size of the GUI window that is created. 
    info.dwXSize = 1000;
    info.dwYSize = 900;

    //Specifies the nunmber of columns of a console (if applicable) of characters. 
    info.dwXCountChars = 30;

    //Specifris the number of rows of characters of a console window
    info.dwYCountChars = 0;

    //Specifies the color when opening the new GUI
    info.dwFillAttribute = 0;

    //Specifies different visual attributes, such as for the cursor. 
    info.dwFlags = 0; 

    //This must be zero. 
    info.cbReserved2 = 0; 
    //This must be NULL. 
    info.lpReserved2 = NULL; 


    info.dwFlags = 0; 

    //This is NULL because of the value of dwFlags. 
    info.hStdInput = NULL;

    //This is ignored because of dwFlahs. 
    info.wShowWindow = 0; 

    //This is NULL because of the dwFlags. 
    info.hStdOutput = NULL; 

    //This is NULL because of the value of dwFlags. 
    info.hStdError = NULL; 



    PROCESS_INFORMATION ThreadInfo; 
    bool success = CreateProcessAsUserA(theHandle, path.c_str(), NULL, NULL, NULL, false, CREATE_BREAKAWAY_FROM_JOB, NULL, NULL, &info, &ThreadInfo);
    //lpStartupInfo might be useful in the situation that a display window is not being shown. 
    threadHandle = ThreadInfo.hThread;
    if (!success) {
        return false;
    }
    else {
        return true;
    }
}

Something that I don't think is as significant, and isn't encountered in most cases, but appears when I'm hacking around:

error encountered : Error 1053 : The service did not respond to the start of control request in a timely fashion

Tried: Cleaning registry Downloading framework NET 4.5.

Nerdzilla
  • 31
  • 1
  • 3
  • You can't run a GUI app without a user being logged in. There is no desktop for the app to display in until the point a user logs in and a desktop is created. IOW, you can't display a user interface (graphic or otherwise) without a user to see it. It is, after all, a *user interface*. – Ken White Jun 25 '19 at 23:03
  • Thank you for your response. After researching it more yesterday, I realized exactly what you had said. Apparently there is some functionality, for the purpose of backwards compatibility that would allow it, technically, but is very difficult and relatively broken since they are slowly phasing it out. Now I am trying to research the LogonUser(), ImpersonateLoggedOnUser(), CreateProcessAsUser(), etc. that hopefully would allow me to create a service that would login on startup. Still researching, so not sure how it would be done. If you or anyone else has an idea, that would be great.Thanks – Nerdzilla Jun 26 '19 at 14:01
  • Found this: https://www.codeproject.com/Articles/21050/Security-User-Impersonation . Similar to what I am doing, but now would need to configure it at startup of windows – Nerdzilla Jun 26 '19 at 14:48
  • Could you clarify the following for me: Do you want to launch a program that happens to have a ui but will work without user input without login aka start the program but never ever use the gui? Or do you want the program to be started but later when someone logs in the gui should be visible for him? Because the first thing just starting the program with the gui being invisible because outside of all console sessions should be absolutely possible with a scheduled task. – Syberdoor Jun 27 '19 at 10:57
  • Exactly, so I want the program to be started automatically whenever the computer boots up, and when someone logs in, the gui would be visible and accessible by that specific user account. Because of how this program is, the GUI must start in order for the program to start, so unfortunately, it cannot be a service, which is something I have already tried and didn't work. In windows, there is something called a session associated with a logged in user, and doesn't exist if someone doesn't log in. That's why, I was thinking that with the LogonUser() and related code, I could impersonate the user – Nerdzilla Jun 28 '19 at 14:03
  • A session (logged in user) must exist in order for a desktop session to exist, to which the GUI of the program is posted. Technically, there is a session 0 which is the session for services and when I ran it as a service, it likely appeared there. But session 0, at least at this point in time after microsoft updates, is inaccessible for all practical purpose. I just need to login as the user progrommatically and start the process that way. Once I am logged in as that user in my program, I would CreateProcessAsUser(), start the program, and then 'lock' the user account. – Nerdzilla Jun 28 '19 at 14:05
  • Without a session or generally, a logged in user, it is completely and literally impossible through practical means and legal means, to start a gui – Nerdzilla Jun 28 '19 at 14:09
  • So far, I have been able to used the following two functions within my Logon function: LogonUser() and ImpersonateLoggedOnUser(). Both of their return values indicate that they succeeded. However, when I try CreateProcessAsUser(), it fails. See above, I have posted my code for that function – Nerdzilla Jun 28 '19 at 14:40
  • On a side note, I also tried to use CreateDirectory() function in place of the createProcessAsUser(), and I tried giving a path, on two difference occasions, to a location on the account I am trying to log into, AND the account I am currently logged in to and creating the program. Both times, it failed. – Nerdzilla Jun 28 '19 at 15:03

0 Answers0