Systems and methods for intercepting computing device system calls for a computing device including a kernel having a system call table. A hypervisor is executed on the computing device, the hypervisor configured to control at least one of the computing device processor registers. At least one modified kernel structure is created, the modified kernel structure including a modified system call table. A memory address of an original system call handler is determined, the original system call handler configured to receive kernel operation commands. A size of a loaded image of the original system call handler is determined. A copy of the original system call handler as a second system call handler is created, and the second system call handler intercepts a computing device system call.