Here’s a list of AppIDs used:<\/p>\n
- \n
- Internet Explorer – Microsoft.InternetExplorer.Default<\/li>\n
- Remote Desktop – Microsoft.Windows.RemoteDesktop<\/li>\n
- Sticky Notes – Microsoft.Windows.StickyNotes<\/li>\n
- Notepad – {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\notepad.exe<\/li>\n<\/ul>\n
I pinned all these 4 applications to the Taskbar on Windows 8.1. and then ran my test application, pausing it each time I changed the AppID to take a screenshot I got the result combined on the below picture. Not surprisingly anytime I changed the AppID a different pinned taskbar icon got highlighted (the test application needs to do some GUI operation for it to work; it can simply show a message box).<\/p>\n
![\"appid_rotation\"](\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2014\/02\/appid_rotation.png\")
<\/a><\/p>\nThis is quite a tiny level of impersonation – hard to really come up with some really useful scenarios here – perhaps one could use it to enforce social engineering attempts (e.g. escalation of privileges triggered by malware while pretending to be from some legitimate Windows application, or perhaps AV) ? But aren’t existing GUI manipulation tricks better than that? Oh well, trivial is trivial.<\/p>\n","protected":false},"excerpt":{"rendered":"
I was wondering what would happen if one tried to impersonate the AppID of the common applications i.e. run my own application and change its AppID to that of a well-known application during run-time. Kinda lame, I know. To test … Continue reading