Is It Possible To Modify an EXE to require run as admin?

Question

I need to modify an EXE that my client no longer has access to the source code, he wants the EXE to automatically Run as Administrator when launching (or at least automatically ask it to run).

Is it possible to modify a compiled EXE to require/ask the user to run as admin before launching? Maybe through hex editing or ollydbg? Are there guides on how to do this?

Answer 1

You don't need OllyDbg for that. An application can define in the application manifest whether it requires elevated privileges or not.

You can edit this manifest (or add one if none exists) and edit/add the setting that controls the required privileges.

• Get Resource Hacker and open the EXE file in it.
• Check if there is a "Manifest" resource already.
  • If yes:
    • Check if the XML contains a key assembly>trustInfo>security>requestedPrivileges>requestedExecutionLevel.
      • If yes, change its level attribute to requireAdministrator.
      • If not, add it, according to the script below. Make sure you are not breaking the XML syntax.
  • If not:
    • Click "Action" -> "Add using Script Template".
    • Select type "MANIFEST" and click "Add resource".
    • Replace the contents with the script below.
• Click the big green play button in the toolbar ("Compile Script").
• Save the changes.

"The script below" references this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

Here is an example how it may look at the end:

However, as noted by others already, if you need this only for one user, it will be simpler to just set "Run as administrator" in the file properties dialog under "Compatibility" instead of modifying the file itself.

Answer 2

There's an easy work-around here that may be of use.

1. Right-click the application.
2. Open properties.
3. Go to the compatibility tab.
4. Under settings, check "Run this program as an administrator".

This doesn't modify the application file in any way, it just flags that file so that Windows knows to open it as administrator from now on. This same process will need to be repeated for every separate user account and/or PC that uses the program.

Answer 3

You can attach a manifest file to your exe file

I've written a simple manifest file to get Admin requirements for programs:

Executable: [filename].exe 
Manifest:[filename].manifest

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 
  <assemblyIdentity version="1.0.0.0"
     processorArchitecture="X86"
     name="YOUR PROGRAM NAME"
     type="win32"/> 
  <description>YOUR PROGRAM DESCRIPTION</description> 
  <!-- Identify the application security requirements. -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="requireAdministrator"
          uiAccess="false"/>
        </requestedPrivileges>
       </security>
  </trustInfo>
</assembly>

Edit this code and then save it in .manifest file and then use this command to embed this file in the exe file:

mt.exe -manifest MyApp.exe.manifest -outputresource:MyApp.exe;1

For the mt.exe file, you need to Visual Studio Desktop Development with C++ package