diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index 2b4a525..88f3f14 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -93,6 +93,7 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
 	int32_t					status;
 	void * 					hntdll;
 	size_t					block_size;
+	size_t					buf[64];
 	nt_oa					oa;
 	nt_cid					cid;
 	ntapi_zw_allocate_virtual_memory *	pfn_zw_allocate_virtual_memory;
@@ -477,6 +478,20 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
 		internals->htoken,
 		NT_SE_CREATE_SYMBOLIC_LINK_PRIVILEGE);
 
+	/* sid */
+	if ((status = __ntapi->zw_query_information_token(
+			internals->htoken,
+			NT_TOKEN_USER,
+			buf,sizeof(buf),
+			&block_size)))
+		return status;
+
+	internals->sid = (nt_sid *)&internals->sid_buffer;
+
+	__ntapi->tt_sid_copy(
+		internals->sid,
+		((nt_sid_and_attributes *)buf)->sid);
+
 	/* done */
 	*pvtbl	= &___ntapi_shadow;
 	at_locked_inc(&__ntapi_init_idx);
diff --git a/src/internal/ntapi_impl.h b/src/internal/ntapi_impl.h
index 791dbc1..6021a48 100644
--- a/src/internal/ntapi_impl.h
+++ b/src/internal/ntapi_impl.h
@@ -82,6 +82,8 @@ typedef struct __attr_ptr_size_aligned__ _ntapi_internals {
 	nt_port_name *					subsystem;
 	nt_security_descriptor				seq_desc;
 	nt_security_quality_of_service			seq_qos;
+	nt_sid_any					sid_buffer;
+	nt_sid *					sid;
 	void *						hprocess;
 	void *						htoken;
 	void *						hport_tty_session;