Comments on: Playing with utilman.exe http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/ (blog 'DidierStevens) Wed, 08 Feb 2012 19:23:01 +0000 hourly 1 http://wordpress.com/ By: dooshy http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-46806 Tue, 25 Oct 2011 22:29:02 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-46806 This is very interesting, I will probably use this to run some nifty shortcuts or make a useless nuke button or maybe even a lockdown……

I made it more stealthy and efficient by adding a command that takes ownership of files along with xcopy, after that it issues the “shutdown -r -f -t 00″ which is very hx0rish…. Slightly dumb and stupid, yes. Cool factor 10. I like the http://www.howtogeek.com/howto/windows-vista/change-your-forgotten-windows-password-with-the-linux-system-rescue-cd/ article to make a guest account admin privileges…..

Sad part is if you have Heirens boot cd on a usb than you just boot click create admin and restart….

]]> By: Anonymous http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-43589 Sat, 11 Jun 2011 14:57:54 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-43589 nice idea

]]> By: qwertyoruiop http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-39112 Fri, 16 Jul 2010 13:40:26 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-39112 I know this post is outdated, but a way to hack WFP is:

type hack.exe > utilman.exe
:D

]]> By: Didier Stevens http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-38971 Mon, 21 Jun 2010 16:26:00 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-38971 @prashant Interesting, but note that your simple solution must work on XP. Doing this on Vista or Win 7 is trivial.

]]> By: prashant http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-38969 Mon, 21 Jun 2010 05:34:41 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-38969 guys i can provide u much more simple way to replace utilman.exe as well as get entry into windows..

which is quite easy ..

jus wait for my next post.. i ll provide u link of my blog..

]]> By: Didier Stevens http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-38120 Mon, 05 Apr 2010 07:37:21 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-38120 @Aman Khan http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/

]]> By: Aman Khan http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-38119 Mon, 05 Apr 2010 05:07:42 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-38119 When I used Windows Logo Key + U utility manager comes. In which
* Magnifier is not running
* Narrator is running
* On screen Keyboard is not running
Options comes.

Please tell me how can I get CMD window.

]]> By: Didier Stevens http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-35875 Tue, 06 Oct 2009 19:06:00 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-35875 And you’ve done the necessary to prevent Windows File Protection from restoring the original utilman.exe?

You can try what’s explained in comment #16 as an alternative to circumventing WFP.

]]> By: MF http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-35869 Tue, 06 Oct 2009 06:13:33 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-35869 Yes, I compiled the third example and replaced the “Default”-Desktop with “Winlogon”.

Still not working…

]]> By: Didier Stevens http://blog.didierstevens.com/2006/08/21/playing-with-utilmanexe/#comment-35865 Mon, 05 Oct 2009 16:28:59 +0000 https://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/#comment-35865 It only works if you compile the program and replace utilman.exe with it.

]]>