diff --git a/src/internal/ntapi.c b/src/internal/ntapi.c
index 07f0da7..0749a97 100644
--- a/src/internal/ntapi.c
+++ b/src/internal/ntapi.c
@@ -387,6 +387,13 @@ static int32_t __fastcall __ntapi_init_once(ntapi_vtbl ** pvtbl)
 		(uintptr_t *)&___ntapi,
 		sizeof(ntapi_vtbl));
 
+	/* process token */
+	 if ((status = __ntapi->zw_open_process_token(
+			NT_CURRENT_PROCESS_HANDLE,
+			NT_TOKEN_ALL_ACCESS,
+			&internals->htoken)))
+		return status;
+
 	/* done */
 	*pvtbl	= &___ntapi_shadow;
 	at_locked_inc(&__ntapi_init_idx);
diff --git a/src/internal/ntapi_impl.h b/src/internal/ntapi_impl.h
index c19648e..9376d24 100644
--- a/src/internal/ntapi_impl.h
+++ b/src/internal/ntapi_impl.h
@@ -72,6 +72,7 @@ typedef struct ___ntapi_img_sec_bss {
 typedef struct __attr_ptr_size_aligned__ _ntapi_internals {
 	nt_runtime_data *				rtdata;
 	nt_port_name *					subsystem;
+	void *						htoken;
 	void *						hport_tty_session;
 	void *						hport_tty_daemon;
 	void *						hport_tty_debug;