Process Hacker and Windows discussion

 
User avatar
dmex
Admin
Posts: 1477
Location: Australia

TrustedInstaller

12 Aug 2016, 16:55

This plugin allows you to create processes with TrustedInstaller privileges.

32bit plugin download:
TrustedInstallerPlugin_x32.zip
(38.71 KiB) Downloaded 2852 times
64bit plugin download:
TrustedInstallerPlugin_x64.zip
(43.88 KiB) Downloaded 6513 times

Installation instructions:
#1: Copy the plugin from the zip into your "\Process Hacker 2\plugins\" directory.
#2: Restart Process Hacker.

How to run processes with TrustedInstaller privileges:
#1: Open the Hacker menu and select the "Run as trusted installer..." menu:

Image

You can also manually create processes with TrustedInstaller privileges without installing this plugin:
#1: Select the Services tab and start the TrustedInstaller service.
#2: Go back to the Processes tab and right-click TrustedInstaller.exe
#3: In the context menu, select the Miscellaneous > "Run as this user..." menu item.
 
qwerty12
Member
Posts: 14
OS: Windows 10 64-bit

Re: TrustedInstaller

12 Aug 2016, 18:13

Thank you!
 
User avatar
MagicAndre1981
Member
Posts: 230
OS: Windows 8Pro(x64) with Win7 UI

Re: TrustedInstaller

13 Aug 2016, 19:09

works fine, but the URL is missing in the plugins list of process hacker
 
User avatar
dmex
Admin
Posts: 1477
Location: Australia

Re: TrustedInstaller

19 Aug 2016, 07:07

MagicAndre1981 wrote:
works fine, but the URL is missing in the plugins list of process hacker
Fixed.
 
Zorkov Igor
Member
Posts: 112
OS: Windows 7, 10
Location: Великая Русь
Contact:

Re: TrustedInstaller

02 Oct 2016, 14:07

Is there source code for TrustedInstallerPlugin?
 
User avatar
dmex
Admin
Posts: 1477
Location: Australia

Re: TrustedInstaller

02 Oct 2016, 17:40

Zorkov Igor wrote:
Is there source code for TrustedInstallerPlugin?
https://github.com/processhacker2/plugi ... llerPlugin
 
Zorkov Igor
Member
Posts: 112
OS: Windows 7, 10
Location: Великая Русь
Contact:

Re: TrustedInstaller

02 Oct 2016, 18:31

Thanks
 
GuDule-StAr

Re: TrustedInstaller

07 Dec 2018, 15:22

Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.
 
Joe123

Re: TrustedInstaller

21 Jan 2019, 20:25

Does not work. I'm trying to delete a system file which only TrustedInstaller has permissions for, SYSTEM has Read permissions, owner is TI as well. I started cmd.exe, ran del command to delete the file, and got access denied. Also confirmed by whoami returning nt authority\system instead of nt service\trustedinstaller. Windons 10 Pro v1803 17134.523
 
User avatar
dmex
Admin
Posts: 1477
Location: Australia

Re: TrustedInstaller

21 Jan 2019, 20:39

Joe123 wrote:
21 Jan 2019, 20:25
whoami returning nt authority\system instead of nt service\trustedinstaller
TrustedInstaller is a token group:

Image
 
TITry2

Re: TrustedInstaller

11 Mar 2019, 11:37

Not working. I tried to execute this command : cp "D:\Secure.txt" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\Bundle"

But I could not find the file "D:\Secure.txt" in the folder

Who is online

Users browsing this forum: No registered users and 0 guests