diff --git a/physmeme/kernel_ctx/kernel_ctx.h b/physmeme/kernel_ctx/kernel_ctx.h
index 5396459..e88aab2 100644
--- a/physmeme/kernel_ctx/kernel_ctx.h
+++ b/physmeme/kernel_ctx/kernel_ctx.h
@@ -84,7 +84,7 @@ namespace physmeme
 		//
 		// you can edit this how you choose, im hooking NtTraceControl.
 		//
-		const std::pair<std::string_view, std::string_view> syscall_hook = { "NtTraceControl", "ntdll.dll" };
+		const std::pair<std::string_view, std::string_view> syscall_hook = { "NtSystemShutdown", "ntdll.dll" };
 
 		//
 		// offset of function into a physical page