1.2.2.1 "-connect HOST" does not work

1.2.2.1 "-connect HOST" does not work

Postby ReD » 2018-07-12 13:48

I use the following to initiate the connection from remote hosts and it's not working anymore.
Code: Select all
"C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe" -connect dave.idp.it

At the same time, the "add new client" function in the menus works as usual.
ReD
 
Posts: 3
Joined: 2018-07-12 12:47

Re: 1.2.2.1 "-connect HOST" does not work

Postby Thomas Levering » 2018-07-12 20:31

I use this Parameter with Repeater -> working (Application Mode)
Code: Select all
-connect myrepeater.com:5500 -autoreconnect -id:1234 -run
Thomas Levering
8
8
 
Posts: 22
Joined: 2015-01-23 06:45

Re: 1.2.2.1 "-connect HOST" does not work

Postby Thomas Levering » 2018-07-13 07:08

I can Confirm, add Client to Service with cmd is not working (UAC?)

this works:
winvnc.exe -startservicehelper

Code: Select all
UltraVNC.ini
[admin]
...
service_commandline=-connect dave.idp.it
...



This is not working, Port+Autoreconnect+Id are ignored (Application Mode)
Code: Select all
winvnc.exe -run
winvnc.exe -connect myrepeater.com:5500 -autoreconnect -id:1234


This is not working, no Client added (Application Mode and Running Service Ignored)
Code: Select all
winvnc.exe -connect myrepeater.com:5500 -autoreconnect -id:1234 -multi -run
Thomas Levering
8
8
 
Posts: 22
Joined: 2015-01-23 06:45

Re: 1.2.2.1 "-connect HOST" does not work

Postby Rudi De Vos » 2018-07-13 08:40

winvnc.exe -connect host : inject a connection in a running winvnc
winvnc.exe -connect host -run: start a winvnc, and connect to

Without the -run, the command try to send a message to the running winvnc. With the latest OS's and there security settings,
the message can be blocked.

The problem is also a security issue. Do you allow a normal program winvnc.exe started from commandline without any security level to control a service running at the higher security leven !!!

with -multi you can run 2 winvnc simultanious. But they must use seperated ports.
if service use port 5900, the manual start winvnc with -Multi must use another port the 5900 ( sample 5901)
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5898
Joined: 2004-04-23 10:21

Re: 1.2.2.1 "-connect HOST" does not work

Postby Thomas Levering » 2018-07-13 13:10

with this small Patch I can make a Repeater Connection in Application Mode and Ignore a Running Service
The Parameter "-multi" must be the first with this Patch


Multi PostMessageToThis and not to other Instance
Code: Select all
vncservice.cpp

extern BOOL SPECIAL_SC_EXIT;
extern BOOL SPECIAL_SC_PROMPT;
extern BOOL multi;
in6_addr G_LPARAM_IN6;

........

PostToWinVNC(UINT message, WPARAM wParam, LPARAM lParam)
{
   // Locate the hidden WinVNC menu window
   // adzm 2010-02-10 - If we are in SC mode, then we know we want to only post messages to our own instance. This prevents
   // conflicts if the user already has another copy of a WinVNC-derived application running.
   if (multi || SPECIAL_SC_EXIT || SPECIAL_SC_PROMPT) {
      return PostToThisWinVNC(message, wParam, lParam);
   }

   //adzm 2010-02-10 - Finds the appropriate VNC window
   HWND hservwnd = FindWinVNCWindow(false);
   if (hservwnd == NULL)
      return FALSE;

   // Post the message to WinVNC
   PostMessage(hservwnd, message, wParam, lParam);
   return TRUE;
}


1.2.2.1
Code: Select all
vncservice.cpp

extern BOOL SPECIAL_SC_EXIT;
extern BOOL SPECIAL_SC_PROMPT;
in6_addr G_LPARAM_IN6;

.........

PostToWinVNC(UINT message, WPARAM wParam, LPARAM lParam)
{
   // Locate the hidden WinVNC menu window
   // adzm 2010-02-10 - If we are in SC mode, then we know we want to only post messages to our own instance. This prevents
   // conflicts if the user already has another copy of a WinVNC-derived application running.
   if (SPECIAL_SC_EXIT || SPECIAL_SC_PROMPT) {
      return PostToThisWinVNC(message, wParam, lParam);
   }

   //adzm 2010-02-10 - Finds the appropriate VNC window
   HWND hservwnd = FindWinVNCWindow(false);
   if (hservwnd == NULL)
      return FALSE;

   // Post the message to WinVNC
   PostMessage(hservwnd, message, wParam, lParam);
   return TRUE;
}
Thomas Levering
8
8
 
Posts: 22
Joined: 2015-01-23 06:45

Re: 1.2.2.1 "-connect HOST" does not work

Postby ReD » 2018-07-24 07:31

Rudi De Vos wrote:The problem is also a security issue. Do you allow a normal program winvnc.exe started from commandline without any security level to control a service running at the higher security leven !!!


But it has always worked and changing behaviour out of the blue breaks any use case for this function.
For example I use a service script which tries to reconnect to my machine every few minutes in order to maintain remote access across reboots (that is, on customer's computers with no publicly accessible addresses/ports).
At the moment this is utterly broken - and the alternatives are way more involved (eg. exposing a port + dyndns, vpn, repeater, etc).

BTW, I'm actually using -connect from an elevated prompt (ie "run as administrator") and from a script launched as a service, but it still does not work.
ReD
 
Posts: 3
Joined: 2018-07-12 12:47

Re: 1.2.2.1 "-connect HOST" does not work

Postby Rudi De Vos » 2018-07-24 10:33

MS blocked the connection from normal apps to services. This is a change in the OS not a vnc change.
This is a OS options UAC... that protect possible unwated application todo nasty things. It's not recommended to disable it.

Ultravnc has already for a long time the option todo an invers connection from service. This way the service restart the outgoing connection on timeout or reboot.

service_commandline=
This is used to instruct the service to start winvnc (in service mode) with a specific command line. This is the same syntax as the commandline except
you don't put -run at the end.
sample: service_commandline=-autoreconnect -connect 192.168.1.30
This tell the service to make an invers connection to 192.168.1.30 and retry when it fail.

If you add this to the ultravnc.ini you can start/stop the service
net start uvnc_service
net stop uvnc_service

perhaps this help
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5898
Joined: 2004-04-23 10:21

Re: 1.2.2.1 "-connect HOST" does not work

Postby CidiRome » 2018-08-16 21:40

Hi.

I stopped updating UltraVNC since UltraVNC_1_2_16_X64_Setup.exe because of this problem.

MS blocked the connection from normal apps to services. This is a change in the OS not a vnc change.
This is a OS options UAC... that protect possible unwated application todo nasty things. It's not recommended to disable it.

If this is a change in the OS why does it work correctly with previous versions and not with with recent ones?

Please note that in most of the tests I've made it was with updated Windows 10, I always tried the lasted version of Ultra VNC when there is one before reverting back to to 1.2.16.

Cheers.
CidiRome
 
Posts: 2
Joined: 2018-08-16 21:20

Re: 1.2.2.1 "-connect HOST" does not work

Postby Rudi De Vos » 2018-08-17 09:23

2 different version of vnc and the same OS and one works then it isn't the OS.

What does -connect HOST do ?
This start winvnc.exe and send a message to the running winvnc.exe version.
You can only send message to apps of the same elevation level or >, the level depend on how an app is started.
( internet = low, normal, high =start with runas admin or service)

There is a way that you can overwrite this in code, just accept messages from all.
Then theoretical someone could use the browser to send a message to winvnc and instruct them to make a connection.
It could be that we got a warning from CERN and needed to modify our code, I need to look back in the archieve.

some people do
This start an invers connection by the service and reconnect when broken
cmd
net stop uvnc service
ultravnc.ini change servicecommandline = -autoreconnect -connect a.b.c.d
net start uvnc_service
And after remove the servicecommandline
ultravnc.ini is in program files and only an admin can change, this is 100% secure.

Theoretical, you can run winvnc from a "all alowed" folder, then even a guest can change the ini.
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5898
Joined: 2004-04-23 10:21

Re: 1.2.2.1 "-connect HOST" does not work

Postby CidiRome » 2018-08-18 19:26

Hi.

Generally I use a shortcut with
Code: Select all
"C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe" -connect myaddress.com::5999

that I leave to my customers to use so they can initiate a remote control to me.
I have previously installed UltraVNC as a service on their computers.

With the later versions the command seems to be incompletely ignore as nothing happens.

Cheers.
CidiRome
 
Posts: 2
Joined: 2018-08-16 21:20

Re: 1.2.2.1 "-connect HOST" does not work

Postby Flogau » 2018-12-05 18:56

Hi,

I am using reverse connection for my users (so no need to know their computers name or IP).

In service mode, command line "winvnc.exe -connect myaddress.com" no longer working, but it keep working from the taskbar icon (ie "Add New Client"), or in user mode (winvnc.exe -run), but I rather using service mode.

I confirm that the issue appear since v1.2.1.7.

It is very annoying because v1.2.2.3 work fine with 2 screens (VGA + Display port, HDMI + Display port, etc...).

Please, help !
Flogau
 
Posts: 1
Joined: 2018-12-05 18:35

Re: 1.2.2.1 "-connect HOST" does not work

Postby CPC » 2019-02-21 02:27

Same issue here. Confirmed it is not Windows 10 version causing it. Running Windows 10 1809 here.

I have a program I compile and give to the people that need my support and have be doing so for many years. With 1 click it does a secure reverse connection to me in service mode, with file transfer and chat enabled. This makes it very easy to support IT challenged individuals as there are no installs or firewalls to deal with and the program is only 1Mb in size.

My program is a wrapper for uvnc and like others is ran similarly..... "ran as an admin" uses a similar run command within it. ... RUN....winvnc.exe" -connect myaddress.com::5500

If I compile the program with winvnc.exe version 1.2.1.7 and have someone run it on windows 10 1809...it installs winvnc service and then it makes the reverse connection to me in service mode... works perfect.

If I compile the program with newer version of winvnc.exe including the 1.2.2.4, then when its is ran on the same Windows 10 1809... it installs winvnc service like it should but it will not start the reverse connection.... does not work.

No changes at all are made to the way they are compiled... 1.2.1.7 works and newer versions only start the service but will not pass the reverse connection info / request.
Other unsuccessful attemtps in changing the code run line.. Another example of tested syntax
start winvnc.exe -install -connect myip::port -run <--- runs in service mode but wont start reverse connection

As a temporary work around I still use 1.2.1.7 as my go to for "challenged" clients.

Alternatively... If they put an ultravnc.ini file in the same folder as my compiled 1.2.2.4 exe it will work and make the connection..
Doing so the "service_commandline= -connect myipaddress::5500" passes the reverse connection info to the server and it works.
Using 1.2.17 the ultravnc.ini file with "service_commandline= " is not needed.

edit:: Looking around I don't have 1.2.2.0 to test, but I just test 1.2.2.2 to confirm it has the issue.

I spent some time this week trying to figure out a new command ..winvnc.exe" -connect myaddress.com::5500 that will pass the reverse request connection through. If we have the permission to load winvnc as a service (which it does successfully), then telling it to then start the remote connection should be the easier part??? It just refuses to pass that reverse connect info/request along.

I'd like to get this working and compile a newer exe with 1.2.2.4 or newer and not have the need for it to read the "service_commandline= " from an ini file.

Thanks in advance to anyone who has a command line that works and/ or future fixes.
:thumbs: CPC

*Update... I sent Rudi a PM regarding security concern on this issue
Last edited by CPC on 2019-02-21 16:43, edited 2 times in total.
CPC
8
8
 
Posts: 25
Joined: 2010-10-08 15:31

Re: 1.2.2.1 "-connect HOST" does not work

Postby AnotherUVNCuser » 2019-02-21 12:45

Wow, i can also confirm this. This issue literally kept me busy for a VERY long time :surprise:
Up to now i couldn't get my head around it why it suddenly stopped working, but thanks to you brainiacs (CPC in specific) i finally know that it's not something that is located between the ears...

Hopefully things get sorted soon(er than later). The current situation is somewhat unconvenient and i can't really affort to downgrade all clients to then update them all again :(

edit: @CPC: i also prefer the clean looking command line solution than relying on external config files i.e. ultravnc.ini based workaround

Thanks!
AnotherUVNCuser
20
20
 
Posts: 62
Joined: 2017-09-13 00:40

Re: 1.2.2.1 "-connect HOST" does not work

Postby Rudi De Vos » 2019-02-21 19:44

Reason: It is disabled
Code: Select all
pfnFilter =(CHANGEWINDOWMESSAGEFILTER)GetProcAddress(hUser32,"ChangeWindowMessageFilter");
   if (pfnFilter)
      {   //pfnFilter(MENU_ADD_CLIENT_MSG, MSGFLT_ADD);
//pfnFilter(MENU_ADD_CLIENT_MSG_INIT, MSGFLT_ADD);


UIPI is a security feature that prevents messages from being received from a lower integrity level sender. All such messages with a value above WM_USER are blocked by default. The filter, somewhat contrary to intuition, is a list of messages that are allowed through. Therefore, adding a message to the filter allows that message to be received from a lower integrity sender

If you remove the comment everybody can initiate an outgoing connection.
But read this first
https://en.wikipedia.org/wiki/User_Inte ... _Isolation
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5898
Joined: 2004-04-23 10:21

Re: 1.2.2.1 "-connect HOST" does not work

Postby CPC » 2019-02-22 21:04

Thanks Rudi

I read the website you referenced... Can you clarify for us with how this regards to an "outgoing connection in "service mode with admin rights".???

Rudi said: "If you remove the comment everybody can initiate an outgoing connection." <-- Does that truly mean absolutely "everyone" can initiate an outgoing connection in "service mode" (accidentally giving admin rights) or does it mean "everyone with admin rights" can initiate an outgoing connection in "service mode"

Is the goal that a person with Admin rights can install a winvnc as a service? Yes... and it does correctly in 1.2.1.7 and up to including 1.2.2.4
Shouldn't the same person with admin rights already be able to start the reverse connection in service mode?... Like it did in 1.2.1.7?

1.2.2.1 - 1.2.2.4 already allows an admin to install winvnc in service mode... They also allow this admin to start the service.. But this admin is blocked from telling the service to make the reverse connection.
This admin has all that power... but can't make it to the final step. The workaround is the admin then calls upon another process and adds another file and uses "service_commandline= -connect myipaddress::5500"
If this same admin has the power to run the other processes and include the "service_commandline=" why bother making him do the extra steps?

It just seems like you are just blocking an admin feature and providing a detour around it ... to get to the very same place with the same power. (I must be missing something :stupid: )

***Yes... "If you remove the comment everybody can initiate an outgoing connection." Yes...It is easy for a user to remove the comment in the source code with just a couple clicks. However, for many of us, its a huge project to then compile it.

If there is a "real" security issue that was found in 1.2.1.7 related to UIPI (that I am too dense to comprehend) we don't need to post it here as a roadmap to exploit it. Feel free to PM me.
Users who provide single click reverse connections would like to use 1.2.2.4 or newer along with its other improvements, but as it is we would need to change our software to do so.
We find ourselves trying to decide if its simpler to stay with 1.2.1.7 or re write programs to work with 1.2.2.1 and newer.

Sorry to make this long... but just want to be crystal clear on the issue and options. Don't mean to be a pain. Just wondering if we have a security issue and how much work we need to do upgrade. I'd love to upgrade to a potential 1.2.2.5

Thanks for all you do. Very much appreciated.
CPC

Note.. I found a link to donate on SourceForge site https://sourceforge.net/projects/ultravnc/ It might be easier for some to find if its on the normal UltraVNC homepage as well. https://www.uvnc.com/.
Last edited by CPC on 2019-02-28 21:33, edited 1 time in total.
CPC
8
8
 
Posts: 25
Joined: 2010-10-08 15:31

Re: 1.2.2.1 "-connect HOST" does not work

Postby Rudi De Vos » 2019-02-25 09:30

Added allowinjection, see ini in zip
Change the uninstall service so that the connections is closed first, still can't repeat the crash

testfile
http://www.uvnc.eu/download/1224/winvnc_inj.zip
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5898
Joined: 2004-04-23 10:21

Re: 1.2.2.1 "-connect HOST" does not work

Postby CPC » 2019-02-25 15:55

Hello

[Admin]
AllowInjection=1

As shown in the zipped ini.... along with the version of winvnc.exe in the zip... has been tested and solved the issue I was having.

I do need to include the ini with the AllowInjection=1. However all the other info like ipaddress, port, password and encryption type are all "injected" from my custom VNC wrapper program.
This works well for my particular scenario and does not require a re-write of my old software to establish the SC reverse connection.

-connect Host is now working again w/1.2.2.4 when used with the AllowInjection=1
*note... For this to work, you must use the winvnc.exe in the zip which seems to be a newer 1.2.2.4 compiled yesterday. It does not work with the older 1.2.2.4 in my case.

Hopefully this method works for others who had a similar issue.


Thank you for your awesomeness Rudi.
:D
CPC
CPC
8
8
 
Posts: 25
Joined: 2010-10-08 15:31


Return to 1.2.2.x

Who is online

Users browsing this forum: No registered users and 1 guest

cron