NtImpersonateThread - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Impersonates a client thread.
 *
 * @param ServerThreadHandle A handle to the server thread.
 * @param ClientThreadHandle A handle to the client thread.
 * @param SecurityQos A pointer to a SECURITY_QUALITY_OF_SERVICE structure that specifies the impersonation level and context tracking mode.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtImpersonateThread(
    _In_ HANDLE ServerThreadHandle,
    _In_ HANDLE ClientThreadHandle,
    _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwImpersonateThread(
    _In_ HANDLE ServerThreadHandle,
    _In_ HANDLE ClientThreadHandle,
    _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQos
    );

#endif

View code on GitHub

Copies an effective token of one thread onto another.

Parameters

Notable return values

Remarks

Note that if the server process does not have SeImpersonatePrivilege enabled, the system might silently downgrade the token to the identification level of impersonation.

To reset impersonation, use NtSetInformationThread with ThreadImpersonationToken info class and a NULL token handle.

See also