ManipUni said:
wastingtimewithforums said:
*snip*

I cannot show you an application that disables UAC instantly.

But what can be done is you can write an application that will monitor process launches within its session, inject code into them, and wait for a user to escalate any one of them. As soon as any process is escalated you've won. Since Win32 let's you alter other processes within the same session it is fairly trivial to do.

Alternatively, and as pointed out above, you could monitor downloaded files and inject code into any *.dll *.exe *.com etc files you run across. Even if it invalidates the signiture most people would assume that something from Microsoft.com for example is safe and launch it.

ManipUni said:
But what can be done is you can write an application that will monitor process launches within its session, inject code into them, and wait for a user to escalate any one of them. As soon as any process is escalated you've won. Since Win32 let's you alter other processes within the same session it is fairly trivial to do.

Nope, you can't do that, once a process is launched its security token can't be changed. You have to elevate it before you launch it and you can't inject code into a process that hasn't started yet. Elevating silently on Vista is hard work, if possible at all. Elevating silently on Windows 7 is trivial.