Does calling ImpersonateSelf() cancel all security token adjustments made to the same thread?

I don't get ImpersonateSelf(). Suppose my code is run in some host process. That host process created a new thread and adjusted the thread security so that the thread has minimal privileges and now that new thr开发者_运维百科ead executes my code.

My code calls

ImpersonateSelf( SecurityImpersonation );

What effect will it have? Will it reset all privileges adjustments done for that thread?

Yes. It duplicates the process token and assigns that to be the impersonation token of the current thread. The privileges from the old token are irrelevant because the thread isn't using that token anymore. If you want to merge the privileges, use GetTokenInformation to get the old privileges and duplicate and assign the impersonation token yourself.

I think the article that's the second link returned by googling for ImpersonateSelf quite useful:

Before AdjustTokenPrivileges can be called, you must obtain a security token that will become the target of manipulation[...] it's not proper to modify the process token, although the Windows® API does allow it.

...

Due to the Windows NT® security architecture, threads normally run without a security token, [...] The right thing to do in order to avoid messing with the process state is to place a copy of the process's security token on the thread, an operation called impersonation.

...

After this step, the thread is impersonating and you can complete the operation by calling the API designed for changing the privileges on a token—AdjustTokenPrivileges.

So it's purpose is to allow a token to be modified (to e.g. enable privileges) without affecting the "global" process token.

As to the scenario you've described, I don't think sandboxing against hostile code is the purpose of the impersonation mechanisms within Windows.