Bug - Run as Admin freezes explorer.exe?

[mrapxs]

Whenever installing the rootkit and running a file as admin, explorer.exe will freeze completely until restarted, not sure what that's about lmao. Pretty easy to replicate on 24H2, not sure about other versions yet

[bytecode77]

I could reproduce it on Windows 11 24H2, but only after rebooting. On Windows 10, I could not reproduce it.

This is really weird... explorer.exe starts consent.exe, which is the UAC dialog. But the hang occurrs before the UAC dialog appears. I'm gonna look into this. Thank you for testing and reporting back!

[mrapxs]

This is really weird... explorer.exe starts consent.exe, which is the UAC dialog. But the hang occurrs before the UAC dialog appears. I'm gonna look into this. Thank you for testing and reporting back!

Happy to help, and yeah I thought it was weird too. Never noticed it before tbh, so I'm not sure when the bug was introduced

[bytecode77]

Just letting you know, I can easily reproduce it. In HookedNtResumeThread, the WriteFile call hangs indefinitely. At the server side of the named pipe, the call to ConnectNamedPipe never returns. Since no named pipe connection is ever established, the process initialization of the child process never completes and the process ends up in a suspended state.

Now I need to figure out what's wrong with the named pipes...

[mrapxs]

Now I need to figure out what's wrong with the named pipes...

I've noticed some oddities with the named pipes, occasionally not accepting control codes. Honestly figured it was just my own shitty implementations lol

What's strange is at least for me, when explorer is restarted the UAC prompt no longer hangs, even after started as admin multiple times