Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
int wmain(int argc, WCHAR* argv[])
{
if (argc < 2)
{
printf("Usage: ImpersonateSHExec filename [sessionid]\n");
return 1;
}
CoInitialize(nullptr);
if (argc > 2)
{
DWORD pid = wcstoul(argv[2], 0, 0);
HANDLE hProcess;
HANDLE hToken;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
if (hProcess == nullptr)
{
printf("Error opening process %d\n", GetLastError());
return 1;
}
if (!OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken))
{
printf("Error getting user token %d\n", GetLastError());
return 1;
}
if(!ImpersonateLoggedOnUser(hToken))
{
printf("Error impersonating user token %d\n", GetLastError());
return 1;
}
}
printf("Return: %d\n", ShellExecuteW(nullptr, L"open", argv[1], L"", nullptr, SW_SHOW));
CoUninitialize();
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.