4

Without using windows service? Is it possible?

tactoth
  • 897
  • 1
  • 12
  • 24

2 Answers2

6

It is possible in ways like the following:

1) Use some existing interface to a windows service which run under SYSTEM account to start new process by the service. For example you can use Task Scheduler API.

2) You can install new windows service, start process by the service, stop the service, uninstall the service. It is the way which you PsExec utility from SysInternals.

3) You can enable Debug Privilege and use DLL injection to inject your custom DLL in a process running under SYSTEM account, start new process from the DLL and then unload the injected DLL.

Oleg
  • 220,925
  • 34
  • 403
  • 798
  • PsExec create a windows service to do that. Finally I managed to do this too, with the help of an intermediate and temporary windows service. - when the application is launched under system, i delete that service. – tactoth Mar 17 '11 at 09:28
  • @tactoth: Yes I know this. I though that it is better to see how all work as to write a long description of all. I find the way with the installing of temporary service pretty cool and very flexible way. – Oleg Mar 17 '11 at 09:57
  • Regarding `unload the injected DLL.` is it necessary? because the target process will crash. right ? – RepeatUntil Jun 28 '16 at 20:51
  • @RepeatUntil: **Why** the target process should crash? It could be that it can be the problem in some *specific* DLL, but it's not the common case. In any way I used the scenario in some old programs written many years ago and I had no problem with unloading of previously injected DLL. – Oleg Jun 28 '16 at 21:24
-7

See the windows kernel is a part of windows right... that means YOU CAN'T DO ANYTHING ON WINDOWS WITHOUT USING PART OF WINDOWS (you atleast need the kernel).

Anyways, you may write your own system code.. i.e OS in order to try something big that would obviously take you a year and a half or so atleast, that too if you are a very very good programmer. :D

And yes if interested in spending that year and half, let me know I AM IN, and I mean it.

Kartikya
  • 455
  • 2
  • 9
  • 2
    What? This has nothing to do with the question. `SYSTEM` is an account on the local machine that is used internally by the operating system to run system processes and Windows Services. No one is trying to run Windows without using a part of Windows, much less write an entirely new operating system. – Cody Gray - on strike Feb 16 '11 at 00:06