From 8153753de6194fdbefbcc3deace430edd1a30b6c Mon Sep 17 00:00:00 2001
From: DavidXanatos <xanatosdavid@gmail.com>
Date: Mon, 17 Jan 2022 16:00:29 +0100
Subject: [PATCH] Update secure.c

---
 Sandboxie/core/dll/secure.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/Sandboxie/core/dll/secure.c b/Sandboxie/core/dll/secure.c
index 90793318..239ce556 100644
--- a/Sandboxie/core/dll/secure.c
+++ b/Sandboxie/core/dll/secure.c
@@ -908,16 +908,19 @@ _FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal, BOOLEAN bImpersonate)
         return;
     // OriginalToken END
 
+    BOOLEAN bDuplicate = FALSE;
     if ((LONG_PTR)token == LDR_TOKEN_PRIMARY) {
         NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), hTokenReal);
+        bDuplicate = TRUE;
     }
     else if ((LONG_PTR)token == LDR_TOKEN_IMPERSONATION) {
-        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), FALSE, hTokenReal);
+        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, FALSE, hTokenReal);
     }
     else if ((LONG_PTR)token <= LDR_TOKEN_EFFECTIVE) {
-        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), FALSE, hTokenReal);
+        NtOpenThreadToken(NtCurrentThread(), TOKEN_QUERY, FALSE, hTokenReal);
         if (*hTokenReal == NULL) {
             NtOpenProcessToken(NtCurrentProcess(), TOKEN_QUERY | (bImpersonate ? TOKEN_DUPLICATE : 0), hTokenReal);
+            bDuplicate = TRUE;
         }
     }
 
@@ -927,7 +930,7 @@ _FX void Ldr_TestToken(HANDLE token, PHANDLE hTokenReal, BOOLEAN bImpersonate)
     // or a pseudo handle, hence we have to convert the token here
     //
 
-    if (bImpersonate && *hTokenReal != NULL) {
+    if (bDuplicate && *hTokenReal != NULL) {
 
         HANDLE hTokenRealImp = NULL;
         OBJECT_ATTRIBUTES objattrs;