3

I'm interested in launching a window in a temporary session, like how UAC prompts appear. There's been some interest in this concept from a few people, so I figured I'd ask here. Essentially what we're going for is an elevated window like the UAC "are you sure you want to <...>" prompts, but with an arbitrary window. The end goal is to prevent window event hooks and all sorts of other issues that might occur during password entry.

I've had a quick look at the UAC APIs and a few other places, but there's nothing particularly useful out there. Obviously the UAC prompts get elevated to their own desktop session somehow, so there must be a way to create windows in such a way.

Polynomial
  • 27,674
  • 12
  • 80
  • 107
  • I don't think you understand the complexity of this... Microsoft made the UAC prompt such that it would be very difficult to recreate. What is the underlying problem here? Maybe someone can suggest something better than recreating the UAC prompt. – qJake Oct 18 '11 at 13:19
  • As far as I'm aware, they designed it so that other applications couldn't interfere with the UAC prompt itself. Showing your own prompt in a similar fashion (i.e. on a temporary desktop session) isn't what they were trying to prevent. – Polynomial Oct 18 '11 at 13:21
  • Creating a new *desktop session* on top of the existing one is incredibly complicated, and probably not something suited for C# (think Win32/C++). Instead, why not just show a fullscreen, borderless, transparent form that is topmost, and then show another window/prompt above that? – qJake Oct 18 '11 at 13:24
  • Because that doesn't solve the problem of usermode keyboard hooks. And creating a second desktop session isn't difficult or obtuse, it's a documentated Windows API. The `desktops` tool from sysinternals does it fine. Granted I'm going for a slightly different result, but still... – Polynomial Oct 18 '11 at 13:24
  • So... what is it that you're worried about, exactly? Keyloggers? You're still skimping on details. Why not just use a different form of authentication (like Windows/AD Auth) instead of trying to secure a single window (when I'm sure **far** more sensitive data isn't secured in this fashion). It just seems like overkill. – qJake Oct 18 '11 at 13:30
  • It's just an idea a few people were playing with on IRC, which I figured I'd post here to get more ideas about. I'm not looking for practical reasons why it shouldn't be used, I'm just interested as to how it could be achieved. Obviously the UAC prompts do get elevated somehow. Maybe I should close this question and re-ask it in a more hypothetical sense, to avoid the "don't do that, do this" responses. – Polynomial Oct 18 '11 at 13:33
  • That would probably be advised. Unless it's explicitly stated, I always assume someone is actually working on an application. ;) And more power to you, I love hypothetical questions like this, I just assumed you were working at a software company or something and needed to "secure" your application somehow. But yeah, it is most likely possible, just really really difficult. I would also re-tag the question as Win32/C++ because I don't think it's possible with managed code (C#). I could be wrong though. – qJake Oct 18 '11 at 13:36
  • 2
    Done. Here's the new question: http://stackoverflow.com/questions/7808237/uac-prompt-elevation-how-does-it-work – Polynomial Oct 18 '11 at 13:48
  • Just as an aside, it is quite possible to interact with the UAC dialog. You have to get a process running in the secure desktop and from there it can install a hook that watches for various events (e.g. UAC prompt creation). I made a proof of concept that automatically clicked the "OK" button. Of course you need admin privileges to get your process running in the first place. – Luke Oct 18 '11 at 16:19
  • Got any sample code? It's obviously rather redundant due to the whole "need admin to get admin" catch 22, but it's interesting. – Polynomial Oct 18 '11 at 16:20
  • I'm not sure if I still have code but basically what you do is create a service that runs as LocalSystem (this is the only step requiring elevation), from there launch a process on the Winlogon desktop, then from there you can use the standard Windows APIs (FindWindowEx, SetWindowsHookEx, etc) to interact with the UAC dialog or do whatever else you want. – Luke Oct 18 '11 at 18:35

1 Answers1

6

You can create a desktop using CreateDesktop. You can use SwitchDesktop to switch to the new desktop. Then you can call SetThreadDesktop on your main thread and draw your window. To get back get the handle of the default desktop by calling OpenDesktop with "Default" as lpszDesktop and use SwitchDesktop with this handle. You can also run Processes on a certain desktop. In order to do this you have to set lpDesktop member of the STARTUPINFO structure to the name of the desktop the process should be run on. Close the handles to the desktops after using them (CloseDesktop).

You can show your own window on an own desktop in this way.

The secure desktop used by UAC and by the Logon UI is called "Winlogon". In order to access it you need system rights. Luke provided an example in one of his answers.

Brian R. Bondy wrote a blog entry on desktops and window stations which is worth reading.

ventiseis
  • 3,029
  • 11
  • 32
  • 49
Norbert Willhelm
  • 2,579
  • 1
  • 23
  • 33