I made a little DLL that tries to run Regedit.exe. I set the correct size of StartupInfo. When I run cmd.exe or notepad.exe everything is ok. But if I try to run regedit.exe / regedt32.exe -> nothing happens. It is not necessary to be a DLL but I just use its ready structure for a testing. Any idea?

Show your code.

regedit needs elevation?

whats the point of running regedit?
if your aim to read/write or create a reg key, then hook advapi32.dll
bunch of functions related to registry keys, i did it once while ago for test purpose i dont even remember which function i hooked.

but here is the link:
msdn advapi32.dll functions

This is my source code. I don't need to change registry. I just need to understand why can not
run regedit.exe but can run notepad.exe. How to make elevation request? When I run regedit.exe UAC request window is displayed automatically. How can I to make this in createProcess?

; DLL library template
format PE DLL

entry DLL_Main_Proc

include '%finc%/win32/win32a.inc'

section '.code' code readable writeable executable


proc DLL_Main_Proc, .hinstDLL, .fdwReason, .lpvReserved
begin

mov eax,00000001h ;True

return

endp


proc CRun,
begin

mov [sinfo.lpDesktop],desk
mov [sinfo.lpReserved],00000000h
mov [sinfo.cb],sizeof.STARTUPINFO

push pinfo
push sinfo
push 00000000h
push 00000000h
push 00000020h
push 00000000h
push 00000000h
push 00000000h
push Cmd_Test
push 00000000h

call [CreateProcess]

ret

endp

section '.idata' import data readable

library kernel32,"KERNEL32.DLL",\
shell32,"SHELL32.DLL",\
user32,"USER32.DLL"

import kernel32,\
CloseHandle,'CloseHandle',\
CreateProcess,'CreateProcessA',\
WinExec,'WinExec'

import shell32,\
ShellExecute,'ShellExecuteA'

import user32,\
MessageBox,'MessageBoxA'

section '.edata' export data readable

export 'C.DLL',\
CRun,'CRun'

section '.data' data readable writeable

sinfo STARTUPINFO
pinfo PROCESS_INFORMATION

Cmd_Test db 'regedit.exe',00h

section '.reloc' fixups data discardable
; Fixup section. You don't have to
; put anything here manually.

if ~ $-$$

dd 00h,08h

end if

I second sinsi. Run the exe that calls the dll as "Admin".

Found this interesting. I think ShellExecuteEx can require self-elevation, CreateProcess may not be able to?

CreateProcessAsUser and CreateProcessWithLogon
seem like they can logon on with an account with alternate credentials.

Going to look into UAC interactions more soon out of curiosity. Also for CreateProcess: "The new process runs in the security context of the calling process." Would be curious if you could right-click and run your calling process as admin to open regedit.

Use ShellExecute with the "open" verb, that will open the elevated prompt for regedit.