Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AccChecker LOLBIN [AccCheckConsole.exe]
*Purpose
- UI Accessibility Checker
- Verifies UI accessibility requirements
*LOLBIN Functionality/Steps
1) Go to "Custom Verification Routines" link in reference section and copy the sample verification C# code into Visual Studio.
2) Add proper assembly references (e.g. AccCheck.dll)
3) Insert your C# code under a target method such as Execute()
4) Compile to a .NET managed library (DLL)
5) Invoke the code
a) There are several ways to do this. Easiest is to specify a program window name (e.g. you are going to get a handle to this).
For POC, I'd recommend just opening notepad.exe and using the default Window name - "Untitled - Notepad"
b) Run the following command:
AccCheckConsole.exe -window "Untitled - Notepad" C:\path\to\your\lolbas.dll
*LOLBAS Categories
- Other MS Binary
- Execute
- AWL Bypass (AppLocker)
*Location(s)
- From Windows SDK
- C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x86\AccChecker
- C:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\x64\AccChecker
- c:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\arm\AccChecker
- c:\Program Files (x86)\Windows Kits\10\bin\10.0.22000.0\arm64\AccChecker
- (Other locations likely depending on SDK version and architecture)
*Testing
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 11 Enterprise
*Detection/Prevention
- Quick KQL Search: process.name:"AccCheckConsole.exe" and process.command_line: *window* and process.args_count > 3
- WDAC blocks execution of unsigned DLL
*References:
- General: https://docs.microsoft.com/en-us/windows/win32/winauto/ui-accessibility-checker
- AccCheckConsole: https://docs.microsoft.com/en-us/windows/win32/winauto/the-accchecker-console
- Custom Verification Routines: https://docs.microsoft.com/en-us/windows/win32/winauto/custom-verification-routines
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment