Warning Fake website http s://ultrasvnc.com/ is hosting a Trojan embedded alongside our UltraVNC software.

CAD solution with UAC off

ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

CAD solution with UAC off

Post by ColtB45 »

This will check to see if UAC is on. If UAC is on it will use the normal method of invoking the Secure Attention Sequence(Ctrl+Alt+Delete). If UAC is disabled it will create a CAD service that can send the SAS and then start that service.

You can download the patch here.
You can download the recompiled winvnc.exe binary (Based on Rev. 495) here.

To use this:
  • 1.) Install UltraVNC 1.0.8.2.
    2.) Replace the winvnc.exe executable with the one you downloaded (or built with the supplied patch).
    3.) Run gpedit.msc
    4.) Computer Configuration > Administrative Templates > Windows Logon Options
    5.) Double-click on the "Disable or enable software Secure Attention Sequence".
    6.) Check "Enable", then select "Services and Ease of Access applications" in the combobox and Apply the modification.
    • It should not be necessary to reboot the computer, this modification is considered "on the fly".
    5.) Test it out!
[syntax="c"]Index: UltraVNC Project Root/UltraVNC/winvnc/winvnc/vistahook.cpp
===================================================================
--- UltraVNC Project Root/UltraVNC/winvnc/winvnc/vistahook.cpp (revision 495)
+++ UltraVNC Project Root/UltraVNC/winvnc/winvnc/vistahook.cpp (working copy)
@@ -214,27 +214,105 @@
strcat(mycommand,"\\");
strcat(mycommand,"cad.exe");

- int nr=(int)ShellExecute(GetDesktopWindow(), "open", mycommand, "", 0, SW_SHOWNORMAL);
- if (nr<=32)
- {
- //error
- //
- if ( nr==SE_ERR_ACCESSDENIED )
- vncTimedMsgBox::Do(
+ HKEY hKey;
+
+ if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, TEXT("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"), 0, KEY_READ, &hKey) == ERROR_SUCCESS)
+ {
+ DWORD LUAbufSize = 4, isLUAon = 0;
+ RegQueryValueEx(hKey, TEXT("EnableLUA"), NULL, NULL, (LPBYTE)&isLUAon, &LUAbufSize);
+ RegCloseKey(hKey);
+ if (isLUAon == 1)
+ {
+ int nr=(int)ShellExecute(GetDesktopWindow(), "open", mycommand, "", 0, SW_SHOWNORMAL);
+ if (nr<=32)
+ {
+ //error
+ //
+ if ( nr==SE_ERR_ACCESSDENIED )
+ vncTimedMsgBox::Do(
sz_ID_CADPERMISSION,
sz_ID_ULTRAVNC_WARNING,
MB_ICONINFORMATION | MB_OK
);

- if ( nr==ERROR_PATH_NOT_FOUND || nr==ERROR_FILE_NOT_FOUND)
- vncTimedMsgBox::Do(
+ if ( nr==ERROR_PATH_NOT_FOUND || nr==ERROR_FILE_NOT_FOUND)
+ vncTimedMsgBox::Do(
sz_ID_CADERRORFILE,
sz_ID_ULTRAVNC_WARNING,
MB_ICONINFORMATION | MB_OK
);
+ }
+ }
+ else
+ {
+ SC_HANDLE schSCManager;
+ SC_HANDLE schService;
+
+ // Get a handle to the SCM database.

- }
+ schSCManager = OpenSCManager(
+ NULL, // local computer
+ NULL, // ServicesActive database
+ SC_MANAGER_ALL_ACCESS); // full access rights

+ // Create the service
+
+ schService = CreateService(
+ schSCManager, // SCM database
+ "CAD", // name of service
+ "Ctrl+Alt+Delete for VNC", // service name to display
+ SERVICE_ALL_ACCESS, // desired access
+ SERVICE_WIN32_OWN_PROCESS, // service type
+ SERVICE_DEMAND_START, // start type
+ SERVICE_ERROR_NORMAL, // error control type
+ mycommand, // path to service's binary
+ NULL, // no load ordering group
+ NULL, // no tag identifier
+ NULL, // no dependencies
+ NULL, // LocalSystem account
+ NULL); // no password
+
+ // Get a handle to the service.
+
+ schService = OpenService(
+ schSCManager, // SCM database
+ "CAD", // name of service
+ SERVICE_ALL_ACCESS); // full access
+
+ // Attempt to start the service.
+
+ StartService(
+ schService, // handle to service
+ 0, // number of arguments
+ NULL); // no arguments
+
+ CloseServiceHandle(schService);
+ CloseServiceHandle(schSCManager);
+ }
+ }
+ else
+ {
+ int nr=(int)ShellExecute(GetDesktopWindow(), "open", mycommand, "", 0, SW_SHOWNORMAL);
+ if (nr<=32)
+ {
+ //error
+ //
+ if ( nr==SE_ERR_ACCESSDENIED )
+ vncTimedMsgBox::Do(
+ sz_ID_CADPERMISSION,
+ sz_ID_ULTRAVNC_WARNING,
+ MB_ICONINFORMATION | MB_OK
+ );
+
+ if ( nr==ERROR_PATH_NOT_FOUND || nr==ERROR_FILE_NOT_FOUND)
+ vncTimedMsgBox::Do(
+ sz_ID_CADERRORFILE,
+ sz_ID_ULTRAVNC_WARNING,
+ MB_ICONINFORMATION | MB_OK
+ );
+ }
+ }
+
SetThreadDesktop(old_desktop);
CloseDesktop(desktop);
return 0;
[/syntax]
Last edited by ColtB45 on 2010-05-02 17:06, edited 7 times in total.
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: Possible CAD solution with UAC off

Post by ColtB45 »

Moved to first post.
Last edited by ColtB45 on 2010-04-28 16:36, edited 2 times in total.
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: Possible CAD solution with UAC off

Post by ColtB45 »

Moved to first post.
Last edited by ColtB45 on 2010-04-28 16:35, edited 2 times in total.
User avatar
supercoe
400
400
Posts: 1732
Joined: 2009-07-20 21:27
Location: Walker, MN
Contact:

Re: CAD solution with UAC off

Post by supercoe »

Since no one else has replied I just wanted to thank you for the patch and I hope you decide to stick around to help the other developers! :D
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: CAD solution with UAC off

Post by ColtB45 »

Thanks, I intend to stick around.:-D

I think this patch should be implemented with a UAC check:
  • If UAC is on, call CAD.exe with ShellExecute.
    If UAC is off, call CAD.exe as a service.
I'll go ahead and get that done and then submit the changes.
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: CAD solution with UAC off

Post by ColtB45 »

Updated first post.
jreed4
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Post by jreed4 »

Hello, I'm new to the forum

How would I go about of Recompileing UltraVNC with the supplied patch of ColtB45 at first post ?

Thanks

[mod=494,1270250141]removed full quote and added ColtB45 at first post[/mod]
Last edited by jreed4 on 2010-04-02 23:15, edited 1 time in total.
AndreL
8
8
Posts: 19
Joined: 2007-06-07 14:29
Location: Brussels

Re: CAD solution with UAC off

Post by AndreL »

Is it possible to have a executable version with this patch (for a windows 7 32bits)?
Thanks any way for your job.
longman
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Post by longman »

Can this new code be included in the next version of ultravnc?
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: CAD solution with UAC off

Post by ColtB45 »

AndreL wrote:Is it possible to have a executable version with this patch (for a windows 7 32bits)?
Thanks any way for your job.
I just included it. See the first post.
It works on 32 and 64 bit versions of windows.
Last edited by ColtB45 on 2010-04-20 15:34, edited 1 time in total.
longman
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Post by longman »

That's good work ColtB45! Thanks!
jreed4
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Post by jreed4 »

I'm assuming that we need to replace the old winvnc.exe file with this new winvnc.exe file in the C:\Program Files\UltraVNC folder. If this is correct I have done so and I am running into a problem. My viewer can see the server, it promps me for a user name and password, but I do not get a image/view window. Any ideas, or am I going about this the wrong way?
longman
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Post by longman »

Did you stop the vnc service, replace the file, and then restart the service?
longman
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Post by longman »

Also don't forget that you have to make a local or gpo policy change for sas.

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Logon Options

Services and Ease of Access applications
jreed4
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Post by jreed4 »

Yes I have changed the GPO policy
and the way I replaced the .exe file is by booting in safe mode because when I try to stop the server the "stop service" option is grayed out. And when I try to do so under task manager it tells me that access is denied.

There is something new that I have noticed. When I try to connect with the view, on the server machine a Warning window comes up saying "You selected ms-logon, but the auth.dll was not found. Check you installation."

any ideas?
longman
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Post by longman »

I would review the settings for the vnc server on the computer you are trying to remote to - did you configure it to require ms logon? I am not using that way.
jreed4
Posts: 4
Joined: 2010-03-30 15:35

Re: CAD solution with UAC off

Post by jreed4 »

Yes, we have our servers setup with ms logon so not any jo-smo can remote into our machines. This prevents students from trying to logon to computer and causing problems with the instructor while they are teaching the class.
longman
Posts: 7
Joined: 2010-04-15 18:51

Re: CAD solution with UAC off

Post by longman »

I would change one to test if it works without the ms authentication and then go from there.
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: CAD solution with UAC off

Post by ColtB45 »

jreed4 wrote:Yes I have changed the GPO policy
and the way I replaced the .exe file is by booting in safe mode because when I try to stop the server the "stop service" option is grayed out. And when I try to do so under task manager it tells me that access is denied.

There is something new that I have noticed. When I try to connect with the view, on the server machine a Warning window comes up saying "You selected ms-logon, but the auth.dll was not found. Check you installation."

any ideas?
It sounds as if the rest of your installation is not 1.0.8.2. My modification was to 1.0.8.2. You need to have all of the other files from that version for this to work correctly. My recommendation would be to install 1.0.8.2 and then replace winvnc.exe.
Last edited by ColtB45 on 2010-04-28 16:23, edited 1 time in total.
Kirck
20
20
Posts: 54
Joined: 2005-06-16 08:41

Re: CAD solution with UAC off

Post by Kirck »

Thanks ColtB45, works perfect!
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Post by B »

ColtB45 I think I love you. :) Okay no, but I'm grateful. This worked great! I only recently understood that CAD counterintuitively requires UAC be turned ON, and I just couldn't bring myself to do that to myself. Then I rediscovered this thread pretty much by accident.

Tried it, followed your instructions, and it just works! No reboots, no nothing. I dropped it into an existing ChunkVNC service setup (restarted the service), and CAD's fine through a repeater, whether the station is logged in or locked.

Now the only thing is that 1.0.8.2 has a repeater issue (there are a couple of threads about it). So your server will probably lock up on me. Any chance you could look into the repeater problem ( [topic=18016][/topic] and elsewhere ) or possibly patch your changes into 1.0.8.0, which doesn't have the repeater issue?

Edit: Locked already. :( Got in again a minute or two later. (It gets worse over the course of a few hours.)

In any case, THANKS. Great job.

Very minor nit FYI: On my Vista box it's actually
"Computer Configuration > Administrative Templates > <b>Windows Components ></b> Windows Logon Options
Last edited by B on 2010-05-18 21:55, edited 2 times in total.
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: CAD solution with UAC off

Post by ColtB45 »

B wrote:...Any chance you could look into the repeater problem ( [topic=18016][/topic] and elsewhere ) or possibly patch your changes into 1.0.8.0, which doesn't have the repeater issue?
I don't want to get in the habit of recompiling this fix for everyone who wants a particular version. BUT, since you asked so nicely :-D here is winvnc.exe 1.0.8.0 (Rev. 472) recompiled with my fix.

Download it here.

The same instructions apply as before except make sure that 1.0.8.0 is installed instead of 1.0.8.2.
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Post by B »

Thank you SO much. It's up and running to the repeater, my first test connected OK, monitor support working better (as it does in 1.0.8.0), and now for the "leave it alone a few hours" test to confirm things are well. (That's when the 1.0.8.2 repeater issue arises.)

This is just great, and very helpful to me.

Next would be a way to script the SAS changes you documented with gpedit. Do you know if this is the <b>only</b> key involved?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration

(after your gpedit recipe, mine is currently set to "1")

Maybe it's as simple as merging that key in?

In any case, I really appreciate the innovation and the recompile. This should definitely be considered for inclusion in new builds of the main UVNC codebase.
ColtB45
8
8
Posts: 19
Joined: 2010-02-24 21:00
Location: Searcy, Arkansas
Contact:

Re: CAD solution with UAC off

Post by ColtB45 »

You're very welcome.

As for the registry key I believe that is correct but I haven't investigated it. In my environment we just made a group policy that controls that setting.
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Post by B »

Only a couple of hours later but I re-tried, and still GOOD; connected right away. (I stopped waiting early because I want to switch repeaters and start again.)

I'm also going to add a second station (winvnc server) so I can test the registry merge hack further.

FYI to anyone interested, it does seem that the above mentioned key is the vital one -- there's one other instance of SoftwareSASGeneration on my Vista registry, in the Group Policy Objects hive, but I'm not sure whether it's directly relevant, yet.

Toggling the above mentioned key among 1, 2, and 3 changes the behavior, even while already connected in VNC. 2 is the only one that disables the SAS via software. 3 apparently is a "logical OR" that includes 1.
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=dword:00000001
I'll see how this works as a merge. I hope I don't have to include the much longer (and possibly unique) Group Policy Object key too.
B
800
800
Posts: 2338
Joined: 2009-09-09 14:05

Re: CAD solution with UAC off

Post by B »

Everything's working nicely for me, remotely, to two stations redirected to a more local repeater. (I did things a bit manually, copying directories and mucking with UltraVNC.ini, but I still had ChunkVNC install itself as a service with custom repeater IDs for each station.)

Not the best test of SAS/CAD, because the second station is XP and already had a 1 for SoftwareSASGeneration for some reason. In any case, CAD works to both machines, and so far so good!

I still need to test additional Win7/Vista stations, but I'm fairly confident based on a little more research that the one registry key should be sufficient.

This is firming up nicely, and thanks again to Colt, supercoe, JDaus, and of course Rudi and his team. The only significant remaining thing on my wish list (besides repeater ID management that I believe is forthcoming) is increased and more flexible security. Oh, and some Mac testing on my part. (Er, and screen scaling could improve too.) :)

Edit: Weird, when turning on "lock workstation" on exit on the XP machine, I get an error similar to that discussed at [post=61700][/post] for ultravnc.ini, and the change never takes place.... More importantly, scaling stopped working again, to the Vista box. Looked perfect for a short while there, in full screen, via Connection Options.
Last edited by B on 2010-05-24 03:40, edited 1 time in total.
LouiseBest
Posts: 1
Joined: 2010-06-07 21:24

Re: CAD solution with UAC off

Post by LouiseBest »

This works well as long as MS Logon is turned off (otherwise it does nothing after the credentials are entered). Any chance this could be enabled? It would certainly make it much more secure.

Thank you for your consideration.
reifler
Posts: 1
Joined: 2010-06-10 21:36
Contact:

Re: CAD solution with UAC off

Post by reifler »

All this being taken care of in the 1.0.9.x release?
urgif69
Posts: 1
Joined: 2010-07-08 08:35

Re: CAD solution with UAC off

Post by urgif69 »

Thanks for the post, but where can I can download the patch and download the recompiled winvnc.exe binary (Based on Rev. 495) ?
The website is dead ...
Thank
Cedric
Janus67
Posts: 2
Joined: 2010-07-12 16:51
Location: OSU

Re: CAD solution with UAC off

Post by Janus67 »

A quick +1/Bump to see if anyone can re-host the winvnc file. Colt's server/dns link appears to be dead/down and I was hoping to get some PCs tested on and rolled out today with the fix installed.

I tested it and know that it works, unfortunately I have since imaged over that test PC that it was downloaded to.
Post Reply