diff --git a/include/ntapi/nt_token.h b/include/ntapi/nt_token.h
index a0c7c2e..dfb221e 100644
--- a/include/ntapi/nt_token.h
+++ b/include/ntapi/nt_token.h
@@ -201,4 +201,15 @@ typedef int32_t __stdcall ntapi_zw_set_information_token(
 	__in	void *			token_info,
 	__in	size_t			token_info_length);
 
+
+/* extension functions */
+typedef int32_t __stdcall ntapi_tt_enable_token_privilege(
+	__in	void *				htoken,
+	__in	uint32_t			privilege);
+
+
+typedef int32_t __stdcall ntapi_tt_disable_token_privilege(
+	__in	void *				htoken,
+	__in	uint32_t			privilege);
+
 #endif
diff --git a/include/ntapi/ntapi.h b/include/ntapi/ntapi.h
index 054d66a..714abf0 100644
--- a/include/ntapi/ntapi.h
+++ b/include/ntapi/ntapi.h
@@ -447,6 +447,10 @@ typedef struct _ntapi_vtbl {
 	ntapi_tt_exec_map_image_as_data *		tt_exec_map_image_as_data;
 	ntapi_tt_exec_unmap_image *			tt_exec_unmap_image;
 
+	/* nt_token.h */
+	ntapi_tt_enable_token_privilege *		tt_enable_token_privilege;
+	ntapi_tt_disable_token_privilege *		tt_disable_token_privilege;
+
 	/* nt_section.h */
 	ntapi_tt_get_section_name *			tt_get_section_name;
 
diff --git a/project/common.mk b/project/common.mk
index 1f5d599..45951fa 100644
--- a/project/common.mk
+++ b/project/common.mk
@@ -83,6 +83,7 @@ COMMON_SRCS = \
 	src/system/ntapi_tt_get_system_directory.c \
 	src/system/ntapi_tt_get_system_info_snapshot.c \
 	src/thread/ntapi_tt_create_thread.c \
+	src/token/ntapi_tt_token_privilege.c \
 	src/tty/ntapi_tty_client_process_register.c \
 	src/tty/ntapi_tty_client_session_query.c \
 	src/tty/ntapi_tty_client_session_set.c \
diff --git a/project/tree.mk b/project/tree.mk
index fd5144a..ce03c8d 100644
--- a/project/tree.mk
+++ b/project/tree.mk
@@ -19,6 +19,7 @@ tree.tag:
 		mkdir -p src/sync
 		mkdir -p src/system
 		mkdir -p src/thread
+		mkdir -p src/token
 		mkdir -p src/tty
 		mkdir -p src/unicode
 		mkdir -p src/vfd
diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index 0749a97..e67bcf1 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -214,6 +214,10 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
 	__ntapi->tt_exec_map_image_as_data			= __ntapi_tt_exec_map_image_as_data;
 	__ntapi->tt_exec_unmap_image				= __ntapi_tt_exec_unmap_image;
 
+	/* nt_token.h */
+	__ntapi->tt_enable_token_privilege			= __ntapi_tt_enable_token_privilege;
+	__ntapi->tt_disable_token_privilege			= __ntapi_tt_disable_token_privilege;
+
 	/* nt_section.h */
 	__ntapi->tt_get_section_name 				= __ntapi_tt_get_section_name;
 
diff --git a/src/internal/ntapi_fnapi.h b/src/internal/ntapi_fnapi.h
index 396fb59..a7436c5 100644
--- a/src/internal/ntapi_fnapi.h
+++ b/src/internal/ntapi_fnapi.h
@@ -102,6 +102,10 @@ ntapi_tt_update_runtime_data			__ntapi_tt_update_runtime_data;
 ntapi_tt_exec_map_image_as_data			__ntapi_tt_exec_map_image_as_data;
 ntapi_tt_exec_unmap_image			__ntapi_tt_exec_unmap_image;
 
+/* nt_token.h */
+ntapi_tt_enable_token_privilege			__ntapi_tt_enable_token_privilege;
+ntapi_tt_disable_token_privilege		__ntapi_tt_disable_token_privilege;
+
 /* nt_section.h */
 ntapi_tt_get_section_name			__ntapi_tt_get_section_name;
 
diff --git a/src/token/ntapi_tt_token_privilege.c b/src/token/ntapi_tt_token_privilege.c
new file mode 100644
index 0000000..e86b31b
--- /dev/null
+++ b/src/token/ntapi_tt_token_privilege.c
@@ -0,0 +1,65 @@
+/********************************************************/
+/*  ntapi: Native API core library                      */
+/*  Copyright (C) 2013--2016  Z. Gilboa                 */
+/*  Released under GPLv2 and GPLv3; see COPYING.NTAPI.  */
+/********************************************************/
+
+#include <psxtypes/psxtypes.h>
+#include <ntapi/nt_object.h>
+#include <ntapi/nt_token.h>
+#include <ntapi/ntapi.h>
+#include "ntapi_impl.h"
+
+
+static int32_t __stdcall __set_token_privilege(
+	__in	void *		htoken,
+	__in	uint32_t	privilege,
+	__in	int		attribute)
+{
+	uintptr_t		buffer[64];
+	nt_token_privileges *	tokprivs;
+
+	/* reasonable scope */
+	if (privilege > 255)
+		return NT_STATUS_INVALID_PARAMETER;
+
+	/* buffer */
+	__ntapi->tt_aligned_block_memset(
+		buffer,0,sizeof(buffer));
+
+	tokprivs = (nt_token_privileges *)buffer;
+
+	/* token privileges */
+	tokprivs->privilege_count = 1;
+
+	tokprivs->privileges[0].attributes = attribute;
+	tokprivs->privileges[0].luid.low   = privilege;
+	tokprivs->privileges[0].luid.high  = 0;
+
+	/* set */
+	return __ntapi->zw_adjust_privileges_token(
+		htoken,0,
+		tokprivs,sizeof(buffer),
+		0,0);
+}
+
+
+int32_t __stdcall __ntapi_tt_enable_token_privilege(
+	__in	void *		htoken,
+	__in	uint32_t	privilege)
+{
+	return __set_token_privilege(
+		htoken,
+		privilege,
+		NT_SE_ENABLE_PRIVILEGE);
+}
+
+int32_t __stdcall __ntapi_tt_disable_token_privilege(
+	__in	void *		htoken,
+	__in	uint32_t	privilege)
+{
+	return __set_token_privilege(
+		htoken,
+		privilege,
+		NT_SE_DISABLE_PRIVILEGE);
+}