diff --git a/driver/SCHEMA_VERSION b/driver/SCHEMA_VERSION
index 3b1fc7950f..7524906967 100644
--- a/driver/SCHEMA_VERSION
+++ b/driver/SCHEMA_VERSION
@@ -1 +1 @@
-2.15.1
+2.16.0
diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h
index e611ecaf4e..17c7ae7081 100644
--- a/driver/bpf/fillers.h
+++ b/driver/bpf/fillers.h
@@ -7319,4 +7319,75 @@ FILLER(sys_newfstatat_x, true)
 	uint32_t flags = bpf_syscall_get_argument(data, 3);
 	return bpf_push_u32_to_ring(data, newfstatat_flags_to_scap(flags));
 }
+
+
+FILLER(sys_process_vm_readv_x, true)
+{
+	const struct iovec __user *iov;
+	unsigned long iovcnt;
+
+	/* Parameter 1: ret (type: PT_INT64) */
+	long retval = bpf_syscall_get_retval(data->ctx);
+	int res = bpf_push_s64_to_ring(data, (int32_t)retval);
+	CHECK_RES(res);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	pid_t pid = (int32_t)bpf_syscall_get_argument(data, 0);
+	res = bpf_push_s64_to_ring(data, (int64_t)pid);
+	CHECK_RES(res);
+
+	/* Parameter 3: data (type: PT_BYTEBUF) */
+	if (retval > 0)
+	{
+		iov = (const struct iovec __user *)bpf_syscall_get_argument(data, 1);
+		iovcnt = bpf_syscall_get_argument(data, 2);
+
+		res = bpf_parse_readv_writev_bufs(data,
+						iov,
+						iovcnt,
+						retval,
+						PRB_FLAG_PUSH_DATA);
+	}
+	else
+	{
+		res = bpf_push_empty_param(data);
+	}
+
+	return res;
+}
+
+FILLER(sys_process_vm_writev_x, true)
+{
+	const struct iovec __user *iov;
+	unsigned long iovcnt;
+
+	/* Parameter 1: ret (type: PT_INT64) */
+	long retval = bpf_syscall_get_retval(data->ctx);
+	int res = bpf_push_s64_to_ring(data, (int32_t)retval);
+	CHECK_RES(res);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	pid_t pid = (int32_t)bpf_syscall_get_argument(data, 0);
+	res = bpf_push_s64_to_ring(data, (int64_t)pid);
+	CHECK_RES(res);
+
+	/* Parameter 3: data (type: PT_BYTEBUF) */
+	if (retval > 0)
+	{
+		iov = (const struct iovec __user *)bpf_syscall_get_argument(data, 1);
+		iovcnt = bpf_syscall_get_argument(data, 2);
+
+		res = bpf_parse_readv_writev_bufs(data,
+						iov,
+						iovcnt,
+						retval,
+						PRB_FLAG_PUSH_DATA);
+	}
+	else
+	{
+		res = bpf_push_empty_param(data);
+	}
+
+	return res;
+}
 #endif
diff --git a/driver/event_stats.h b/driver/event_stats.h
index bbb9b3afa5..122019c282 100644
--- a/driver/event_stats.h
+++ b/driver/event_stats.h
@@ -10,7 +10,7 @@ or GPL2.txt for full copies of the license.
 #pragma once
 
 /* These numbers must be updated when we add new events in the event table */
-#define SYSCALL_EVENTS_NUM 372
+#define SYSCALL_EVENTS_NUM 376
 #define TRACEPOINT_EVENTS_NUM 6
 #define METAEVENTS_NUM 20
 #define PLUGIN_EVENTS_NUM 1
diff --git a/driver/event_table.c b/driver/event_table.c
index 38e645b7d4..72aeac7dd5 100644
--- a/driver/event_table.c
+++ b/driver/event_table.c
@@ -472,6 +472,10 @@ const struct ppm_event_info g_event_info[] = {
 	[PPME_SYSCALL_MKNODAT_X] = {"mknodat", EC_OTHER | EC_SYSCALL, EF_USES_FD, 5, {{"res", PT_ERRNO, PF_DEC}, {"dirfd", PT_FD, PF_DEC}, {"path", PT_FSRELPATH, PF_NA, DIRFD_PARAM(1)},{"mode", PT_MODE, PF_OCT, mknod_mode},{"dev", PT_UINT32, PF_DEC}}},
 	[PPME_SYSCALL_NEWFSTATAT_E] = {"newfstatat", EC_FILE | EC_SYSCALL, EF_NONE, 0},
 	[PPME_SYSCALL_NEWFSTATAT_X] = {"newfstatat", EC_FILE | EC_SYSCALL, EF_USES_FD, 4, {{"res", PT_ERRNO, PF_DEC}, {"dirfd", PT_FD, PF_DEC}, {"path", PT_FSRELPATH, PF_NA, DIRFD_PARAM(1)}, {"flags", PT_FLAGS32, PF_HEX, newfstatat_flags}}},
+	[PPME_SYSCALL_PROCESS_VM_READV_E] = {"process_vm_readv", EC_SYSCALL | EC_IPC, EF_NONE, 0},
+	[PPME_SYSCALL_PROCESS_VM_READV_X] = {"process_vm_readv", EC_SYSCALL | EC_IPC, EF_NONE, 3, {{"res", PT_INT64, PF_DEC}, {"pid", PT_PID, PF_DEC}, {"data", PT_BYTEBUF, PF_NA}}},
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_E] = {"process_vm_writev", EC_SYSCALL | EC_IPC, EF_NONE, 0},
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_X] = {"process_vm_writev", EC_SYSCALL | EC_IPC, EF_NONE, 3, {{"res", PT_INT64, PF_DEC}, {"pid", PT_PID, PF_DEC}, {"data", PT_BYTEBUF, PF_NA}}},
 };
 #pragma GCC diagnostic pop
 
diff --git a/driver/fillers_table.c b/driver/fillers_table.c
index 07a9fd945f..af080e0f09 100644
--- a/driver/fillers_table.c
+++ b/driver/fillers_table.c
@@ -356,6 +356,10 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = {
 	[PPME_SYSCALL_MKNODAT_E] = {FILLER_REF(sys_empty)},
 	[PPME_SYSCALL_MKNODAT_X] = {FILLER_REF(sys_mknodat_x)},
 	[PPME_SYSCALL_NEWFSTATAT_E] = {FILLER_REF(sys_empty)},
-	[PPME_SYSCALL_NEWFSTATAT_X] = {FILLER_REF(sys_newfstatat_x)}
+	[PPME_SYSCALL_NEWFSTATAT_X] = {FILLER_REF(sys_newfstatat_x)},
+	[PPME_SYSCALL_PROCESS_VM_READV_E] = {FILLER_REF(sys_empty)},
+	[PPME_SYSCALL_PROCESS_VM_READV_X] = {FILLER_REF(sys_process_vm_readv_x)},
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_E] = {FILLER_REF(sys_empty)},
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_X] = {FILLER_REF(sys_process_vm_writev_x)}
 };
 #pragma GCC diagnostic pop
diff --git a/driver/modern_bpf/definitions/events_dimensions.h b/driver/modern_bpf/definitions/events_dimensions.h
index 9ca5df8cb4..24bbbb9a2f 100644
--- a/driver/modern_bpf/definitions/events_dimensions.h
+++ b/driver/modern_bpf/definitions/events_dimensions.h
@@ -247,6 +247,8 @@
 #define MKNOD_E_SIZE HEADER_LEN
 #define MKNODAT_E_SIZE HEADER_LEN
 #define NEWFSTATAT_E_SIZE HEADER_LEN
+#define PROCESS_VM_READV_E_SIZE HEADER_LEN
+#define PROCESS_VM_WRITEV_E_SIZE HEADER_LEN
 
 /* Generic tracepoints events. */
 #define SCHED_SWITCH_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + sizeof(uint32_t) * 3 + PARAM_LEN * 6
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/process_vm_readv.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/process_vm_readv.bpf.c
new file mode 100644
index 0000000000..1d092ef2e1
--- /dev/null
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/process_vm_readv.bpf.c
@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: GPL-2.0-only OR MIT
+/*
+ * Copyright (C) 2024 The Falco Authors.
+ *
+ * This file is dual licensed under either the MIT or GPL 2. See MIT.txt
+ * or GPL2.txt for full copies of the license.
+ */
+
+#include <helpers/interfaces/fixed_size_event.h>
+#include <helpers/interfaces/variable_size_event.h>
+
+/*=============================== ENTER EVENT ===========================*/
+
+SEC("tp_btf/sys_enter")
+int BPF_PROG(process_vm_readv_e,
+	     struct pt_regs *regs,
+	     long id)
+{
+	struct ringbuf_struct ringbuf;
+	if(!ringbuf__reserve_space(&ringbuf, ctx, PROCESS_VM_READV_E_SIZE, PPME_SYSCALL_PROCESS_VM_READV_E))
+	{
+		return 0;
+	}
+
+	ringbuf__store_event_header(&ringbuf);
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	// Here we have no parameters to collect.
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	ringbuf__submit_event(&ringbuf);
+
+	return 0;
+}
+
+/*=============================== ENTER EVENT ===========================*/
+
+/*=============================== EXIT EVENT ===========================*/
+
+SEC("tp_btf/sys_exit")
+int BPF_PROG(process_vm_readv_x,
+	     struct pt_regs *regs,
+	     long ret)
+{
+	struct auxiliary_map *auxmap = auxmap__get();
+	if(!auxmap)
+	{
+		return 0;
+	}
+
+	auxmap__preload_event_header(auxmap, PPME_SYSCALL_PROCESS_VM_READV_X);
+
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	/* Parameter 1: res (type: PT_INT64) */
+	auxmap__store_s64_param(auxmap, ret);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	int64_t pid = extract__syscall_argument(regs, 0);
+	auxmap__store_s64_param(auxmap, pid);
+
+	if(ret > 0)
+	{
+		/* We read the minimum between `snaplen` and what we really
+		 * have in the buffer.
+		 */
+		uint16_t snaplen = maps__get_snaplen();
+		apply_dynamic_snaplen(regs, &snaplen, true);
+		if(snaplen > ret)
+		{
+			snaplen = ret;
+		}
+
+		unsigned long iov_pointer = extract__syscall_argument(regs, 1);
+		unsigned long iov_cnt = extract__syscall_argument(regs, 2);
+
+		/* Parameter 3: data (type: PT_BYTEBUF) */
+		auxmap__store_iovec_data_param(auxmap, iov_pointer, iov_cnt, snaplen);
+	}
+	else
+	{
+		/* Parameter 3: data (type: PT_BYTEBUF) */
+		auxmap__store_empty_param(auxmap);
+	}
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	auxmap__finalize_event_header(auxmap);
+
+	auxmap__submit_event(auxmap, ctx);
+
+	return 0;
+}
+
+/*=============================== EXIT EVENT ===========================*/
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/process_vm_writev.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/process_vm_writev.bpf.c
new file mode 100644
index 0000000000..87901996a9
--- /dev/null
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/process_vm_writev.bpf.c
@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: GPL-2.0-only OR MIT
+/*
+ * Copyright (C) 2024 The Falco Authors.
+ *
+ * This file is dual licensed under either the MIT or GPL 2. See MIT.txt
+ * or GPL2.txt for full copies of the license.
+ */
+
+#include <helpers/interfaces/fixed_size_event.h>
+#include <helpers/interfaces/variable_size_event.h>
+
+/*=============================== ENTER EVENT ===========================*/
+
+SEC("tp_btf/sys_enter")
+int BPF_PROG(process_vm_writev_e,
+	     struct pt_regs *regs,
+	     long id)
+{
+	struct ringbuf_struct ringbuf;
+	if(!ringbuf__reserve_space(&ringbuf, ctx, PROCESS_VM_WRITEV_E_SIZE, PPME_SYSCALL_PROCESS_VM_WRITEV_E))
+	{
+		return 0;
+	}
+
+	ringbuf__store_event_header(&ringbuf);
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	// Here we have no parameters to collect.
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	ringbuf__submit_event(&ringbuf);
+
+	return 0;
+}
+
+/*=============================== ENTER EVENT ===========================*/
+
+/*=============================== EXIT EVENT ===========================*/
+
+SEC("tp_btf/sys_exit")
+int BPF_PROG(process_vm_writev_x,
+	     struct pt_regs *regs,
+	     long ret)
+{
+	struct auxiliary_map *auxmap = auxmap__get();
+	if(!auxmap)
+	{
+		return 0;
+	}
+
+	auxmap__preload_event_header(auxmap, PPME_SYSCALL_PROCESS_VM_WRITEV_X);
+
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	/* Parameter 1: res (type: PT_INT64) */
+	auxmap__store_s64_param(auxmap, ret);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	int64_t pid = extract__syscall_argument(regs, 0);
+	auxmap__store_s64_param(auxmap, pid);
+
+	if(ret > 0)
+	{
+		/* We read the minimum between `snaplen` and what we really
+		 * have in the buffer.
+		 */
+		uint16_t snaplen = maps__get_snaplen();
+		apply_dynamic_snaplen(regs, &snaplen, true);
+		if(snaplen > ret)
+		{
+			snaplen = ret;
+		}
+
+		unsigned long iov_pointer = extract__syscall_argument(regs, 1);
+		unsigned long iov_cnt = extract__syscall_argument(regs, 2);
+
+		//* Parameter 3: data (type: PT_BYTEBUF) */
+		auxmap__store_iovec_data_param(auxmap, iov_pointer, iov_cnt, snaplen);
+	}
+	else
+	{
+		/* Parameter 3: data (type: PT_BYTEBUF) */
+		auxmap__store_empty_param(auxmap);
+	}
+
+	/*=============================== COLLECT PARAMETERS  ===========================*/
+
+	auxmap__finalize_event_header(auxmap);
+
+	auxmap__submit_event(auxmap, ctx);
+
+	return 0;
+}
+
+/*=============================== EXIT EVENT ===========================*/
diff --git a/driver/ppm_events_public.h b/driver/ppm_events_public.h
index 49d63c2b67..be0c743507 100644
--- a/driver/ppm_events_public.h
+++ b/driver/ppm_events_public.h
@@ -1422,7 +1422,11 @@ typedef enum {
 	PPME_SYSCALL_MKNODAT_X = 417,
 	PPME_SYSCALL_NEWFSTATAT_E = 418,
 	PPME_SYSCALL_NEWFSTATAT_X = 419,
-	PPM_EVENT_MAX = 420
+	PPME_SYSCALL_PROCESS_VM_READV_E = 420,
+	PPME_SYSCALL_PROCESS_VM_READV_X = 421,
+	PPME_SYSCALL_PROCESS_VM_WRITEV_E = 422,
+	PPME_SYSCALL_PROCESS_VM_WRITEV_X = 423,
+	PPM_EVENT_MAX = 424
 } ppm_event_code;
 /*@}*/
 
diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
index 405db71202..7298c543a8 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
@@ -8124,3 +8124,101 @@ int f_sys_newfstatat_x(struct event_filler_arguments *args)
 
 	return add_sentinel(args);
 }
+
+int f_sys_process_vm_readv_x(struct event_filler_arguments *args)
+{
+	unsigned long val;
+	long retval;
+	int res;
+	unsigned long iovcnt;
+	int32_t pid;
+
+	/* Parameter 1: ret (type: PT_INT64) */
+	retval = (int64_t) syscall_get_return_value(current,args->regs);
+	res = val_to_ring(args, (int64_t)retval, 0, false, 0);
+	CHECK_RES(res);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	syscall_get_arguments_deprecated(args, 0, 1, &val);
+	pid = (int32_t)val;
+	res = val_to_ring(args, (int64_t)pid, 0, false, 0);
+	CHECK_RES(res);
+
+
+	if(retval > 0)
+	{
+		/* We only get the local iov */
+		syscall_get_arguments_deprecated(args, 1, 1, &val);
+		syscall_get_arguments_deprecated(args, 2, 1, &iovcnt);
+
+	#ifdef CONFIG_COMPAT
+		if (unlikely(args->compat)) {
+			const struct compat_iovec __user *compat_iov = (const struct compat_iovec __user *)compat_ptr(val);
+			res = compat_parse_readv_writev_bufs(args, compat_iov, iovcnt, retval, PRB_FLAG_PUSH_DATA);
+		} else
+	#endif
+		{
+			const struct iovec __user *iov = (const struct iovec __user *)val;
+			res = parse_readv_writev_bufs(args, iov, iovcnt, retval, PRB_FLAG_PUSH_DATA);
+		}
+
+		CHECK_RES(res);
+	}
+	else
+	{
+		/* pushing empty data */
+		res = push_empty_param(args);
+		CHECK_RES(res);
+	}
+
+	return add_sentinel(args);
+}
+
+int f_sys_process_vm_writev_x(struct event_filler_arguments *args)
+{
+	unsigned long val;
+	long retval;
+	int res;
+	unsigned long iovcnt;
+	int32_t pid;
+
+	/* Parameter 1: ret (type: PT_INT64) */
+	retval = (int64_t) syscall_get_return_value(current,args->regs);
+	res = val_to_ring(args, (int64_t)retval, 0, false, 0);
+	CHECK_RES(res);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	syscall_get_arguments_deprecated(args, 0, 1, &val);
+	pid = (int32_t)val;
+	res = val_to_ring(args, (int64_t)pid, 0, false, 0);
+	CHECK_RES(res);
+
+
+	if(retval > 0)
+	{
+		/* We only get the local iov */
+		syscall_get_arguments_deprecated(args, 1, 1, &val);
+		syscall_get_arguments_deprecated(args, 2, 1, &iovcnt);
+
+	#ifdef CONFIG_COMPAT
+		if (unlikely(args->compat)) {
+			const struct compat_iovec __user *compat_iov = (const struct compat_iovec __user *)compat_ptr(val);
+			res = compat_parse_readv_writev_bufs(args, compat_iov, iovcnt, retval, PRB_FLAG_PUSH_DATA);
+		} else
+	#endif
+		{
+			const struct iovec __user *iov = (const struct iovec __user *)val;
+			res = parse_readv_writev_bufs(args, iov, iovcnt, retval, PRB_FLAG_PUSH_DATA);
+		}
+
+		CHECK_RES(res);
+	}
+	else
+	{
+		/* pushing empty data */
+		res = push_empty_param(args);
+		CHECK_RES(res);
+	}
+
+	return add_sentinel(args);
+}
diff --git a/driver/ppm_fillers.h b/driver/ppm_fillers.h
index 68c431f1d2..9ed8f886ac 100644
--- a/driver/ppm_fillers.h
+++ b/driver/ppm_fillers.h
@@ -188,6 +188,8 @@ or GPL2.txt for full copies of the license.
 	FN(sys_mknod_x)						\
 	FN(sys_mknodat_x)					\
 	FN(sys_newfstatat_x)					\
+	FN(sys_process_vm_readv_x)					\
+	FN(sys_process_vm_writev_x)					\
 	FN(terminate_filler)
 
 #define FILLER_ENUM_FN(x) PPM_FILLER_##x,
diff --git a/driver/syscall_table.c b/driver/syscall_table.c
index ced1febc27..6d35e2b666 100644
--- a/driver/syscall_table.c
+++ b/driver/syscall_table.c
@@ -424,6 +424,12 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = {
 #endif
 #ifdef __NR_newfstatat
 	[__NR_newfstatat - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_NEWFSTATAT_E, PPME_SYSCALL_NEWFSTATAT_X, PPM_SC_NEWFSTATAT},
+#endif
+#ifdef __NR_process_vm_readv
+	[__NR_process_vm_readv - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_PROCESS_VM_READV_E, PPME_SYSCALL_PROCESS_VM_READV_X, PPM_SC_PROCESS_VM_READV},
+#endif
+#ifdef __NR_process_vm_writev
+	[__NR_process_vm_writev - SYSCALL_TABLE_ID0] = {UF_USED, PPME_SYSCALL_PROCESS_VM_WRITEV_E, PPME_SYSCALL_PROCESS_VM_WRITEV_X, PPM_SC_PROCESS_VM_WRITEV},
 #endif
 	[__NR_restart_syscall - SYSCALL_TABLE_ID0] = { .ppm_sc = PPM_SC_RESTART_SYSCALL },
 	[__NR_exit - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_EXIT},
@@ -847,9 +853,6 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = {
 #ifdef __NR_epoll_ctl
 	[__NR_epoll_ctl - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_EPOLL_CTL},
 #endif
-#ifdef __NR_process_vm_writev
-	[__NR_process_vm_writev - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PROCESS_VM_WRITEV},
-#endif
 #ifdef __NR_sched_getparam
 	[__NR_sched_getparam - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SCHED_GETPARAM},
 #endif
@@ -859,9 +862,6 @@ const struct syscall_evt_pair g_syscall_table[SYSCALL_TABLE_SIZE] = {
 #ifdef __NR_sched_setparam
 	[__NR_sched_setparam - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_SCHED_SETPARAM},
 #endif
-#ifdef __NR_process_vm_readv
-	[__NR_process_vm_readv - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PROCESS_VM_READV},
-#endif
 #ifdef __NR_pause
 	[__NR_pause - SYSCALL_TABLE_ID0] = {.ppm_sc = PPM_SC_PAUSE},
 #endif
diff --git a/test/drivers/test_suites/syscall_exit_suite/process_vm_readv_x.cpp b/test/drivers/test_suites/syscall_exit_suite/process_vm_readv_x.cpp
new file mode 100644
index 0000000000..34eb232f4b
--- /dev/null
+++ b/test/drivers/test_suites/syscall_exit_suite/process_vm_readv_x.cpp
@@ -0,0 +1,136 @@
+#include "../../event_class/event_class.h"
+
+#ifdef __NR_process_vm_readv
+
+TEST(SyscallExit, process_vm_readvX_failure)
+{
+	auto evt_test = get_syscall_event_test(__NR_process_vm_readv, EXIT_EVENT);
+
+	evt_test->enable_capture();
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	char buf[16];
+	iovec iov[] = {{buf, 16}};
+	int32_t iovcnt = 7;
+
+	size_t res = syscall(__NR_process_vm_readv, getpid(), iov, iovcnt, iov, iovcnt, 0);
+	assert_syscall_state(SYSCALL_FAILURE, "process_vm_readv", res, EQUAL, -1);
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	evt_test->disable_capture();
+
+	evt_test->assert_event_presence();
+
+	if(HasFatalFailure())
+	{
+		return;
+	}
+
+	evt_test->parse_event();
+
+	evt_test->assert_header();
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	/* Parameter 1: res (type: PT_INT64) */
+	evt_test->assert_numeric_param(1, (int64_t)-1, LESS_EQUAL);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	evt_test->assert_numeric_param(2, (int64_t)getpid());
+
+	/* Parameter 3: data (type: PT_BYTEBUF)*/
+	evt_test->assert_empty_param(3);
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	evt_test->assert_num_params_pushed(3);
+}
+
+TEST(SyscallExit, process_vm_readvX_success)
+{
+	auto evt_test = get_syscall_event_test(__NR_process_vm_readv, EXIT_EVENT);
+
+	evt_test->enable_capture();
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	int pipe_fd[2];
+
+	ASSERT_GT(pipe(pipe_fd), -1);
+
+	pid_t child_pid = fork();
+
+	if(child_pid == 0)
+	{
+
+		char buf[10] = "QWERTYUIO";
+		struct iovec remote[1];
+		remote[0].iov_base = (void*)buf;
+		remote[0].iov_len = sizeof(buf);
+		void* target = &remote;
+
+		close(pipe_fd[0]);
+
+		ssize_t read = write(pipe_fd[1], &target, sizeof(void*));
+		ASSERT_GT(read, 0);
+
+		close(pipe_fd[1]);
+
+		exit(EXIT_SUCCESS);
+	}
+	else
+	{
+
+		char buffer[10];
+		struct iovec local[1];
+		local[0].iov_base = buffer;
+		local[0].iov_len = sizeof(buffer);
+		void* target;
+
+		close(pipe_fd[1]);
+
+		ssize_t read = syscall(__NR_read, pipe_fd[0], &target, sizeof(void*));
+		ASSERT_GT(read, 0);
+
+		read = syscall(__NR_process_vm_readv, child_pid, local, 1, target, 1, 0);
+		assert_syscall_state(SYSCALL_SUCCESS, "process_vm_readv", read, NOT_EQUAL, 0);
+
+		close(pipe_fd[0]);
+
+		int wstatus;
+		waitpid(child_pid, &wstatus, 0);
+	}
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	evt_test->disable_capture();
+
+	evt_test->assert_event_presence();
+
+	if(HasFatalFailure())
+	{
+		return;
+	}
+
+	evt_test->parse_event();
+
+	evt_test->assert_header();
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	/* Parameter 1: res (type: PT_INT64) */
+	evt_test->assert_numeric_param(1, (int64_t)10);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	evt_test->assert_numeric_param(2, (int64_t)child_pid);
+
+	/* Parameter 3: data (type: PT_BYTEBUF) */
+	evt_test->assert_charbuf_param(3, "QWERTYUIO");
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	evt_test->assert_num_params_pushed(3);
+}
+#endif
diff --git a/test/drivers/test_suites/syscall_exit_suite/process_vm_writev_x.cpp b/test/drivers/test_suites/syscall_exit_suite/process_vm_writev_x.cpp
new file mode 100644
index 0000000000..3c7aa55666
--- /dev/null
+++ b/test/drivers/test_suites/syscall_exit_suite/process_vm_writev_x.cpp
@@ -0,0 +1,134 @@
+#include "../../event_class/event_class.h"
+#include <gtest/gtest.h>
+
+#ifdef __NR_process_vm_writev
+
+TEST(SyscallExit, process_vm_writevX_failure)
+{
+	auto evt_test = get_syscall_event_test(__NR_process_vm_writev, EXIT_EVENT);
+
+	evt_test->enable_capture();
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	size_t res = syscall(__NR_process_vm_writev, getpid(), (void*)(0x41414141), 0, (void*)(0x42424242), 0, 0);
+	assert_syscall_state(SYSCALL_FAILURE, "process_vm_writev", res, EQUAL, 0);
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	evt_test->disable_capture();
+
+	evt_test->assert_event_presence();
+
+	if(HasFatalFailure())
+	{
+		return;
+	}
+
+	evt_test->parse_event();
+
+	evt_test->assert_header();
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	/* Parameter 1: res (type: PT_INT64) */
+	evt_test->assert_numeric_param(1, (int64_t)0);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	evt_test->assert_numeric_param(2, (int64_t)getpid());
+
+	/* Parameter 3: data (type: PT_BYTEBUF)*/
+	evt_test->assert_empty_param(3);
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	evt_test->assert_num_params_pushed(3);
+}
+
+TEST(SyscallExit, process_vm_writevX_success)
+{
+	auto evt_test = get_syscall_event_test(__NR_process_vm_writev, EXIT_EVENT);
+
+	evt_test->enable_capture();
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	int pipe_fd[2];
+
+	ASSERT_GT(pipe(pipe_fd), -1);
+
+	pid_t parent_pid = getpid();
+	pid_t child_pid = fork();
+
+	if(child_pid == 0)
+	{
+
+		char buf[10] = "QWERTYUIO";
+		struct iovec local[1];
+		local[0].iov_base = buf;
+		local[0].iov_len = sizeof(buf);
+		void* target;
+
+		close(pipe_fd[1]);
+
+		ssize_t read = syscall(__NR_read, pipe_fd[0], &target, sizeof(void*));
+		ASSERT_GT(read, 0);
+
+		read = syscall(__NR_process_vm_writev, parent_pid, local, 1, target, 1, 0);
+		assert_syscall_state(SYSCALL_SUCCESS, "process_vm_writev", read, NOT_EQUAL, 0);
+
+		close(pipe_fd[0]);
+
+		exit(EXIT_SUCCESS);
+	}
+	else
+	{
+
+		char buf[10];
+		struct iovec local[1];
+		local[0].iov_base = (void*)buf;
+		local[0].iov_len = sizeof(buf);
+		void* target = &local;
+
+		close(pipe_fd[0]);
+
+		ssize_t res = write(pipe_fd[1], &target, sizeof(void*));
+		ASSERT_GT(res, 0);
+
+		close(pipe_fd[1]);
+
+		int wstatus;
+		waitpid(child_pid, &wstatus, 0);
+	}
+
+	/*=============================== TRIGGER SYSCALL ===========================*/
+
+	evt_test->disable_capture();
+
+	evt_test->assert_event_presence(child_pid);
+
+	if(HasFatalFailure())
+	{
+		return;
+	}
+
+	evt_test->parse_event();
+
+	evt_test->assert_header();
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	/* Parameter 1: res (type: PT_INT64) */
+	evt_test->assert_numeric_param(1, (int64_t)10);
+
+	/* Parameter 2: pid (type: PT_PID) */
+	evt_test->assert_numeric_param(2, (int64_t)parent_pid);
+
+	/* Parameter 3: data (type: PT_BYTEBUF) */
+	evt_test->assert_charbuf_param(3, "QWERTYUIO");
+
+	/*=============================== ASSERT PARAMETERS  ===========================*/
+
+	evt_test->assert_num_params_pushed(3);
+}
+#endif
diff --git a/userspace/libpman/src/events_prog_names.h b/userspace/libpman/src/events_prog_names.h
index 6f35720f1a..8a10b922be 100644
--- a/userspace/libpman/src/events_prog_names.h
+++ b/userspace/libpman/src/events_prog_names.h
@@ -328,7 +328,11 @@ static const char* event_prog_names[PPM_EVENT_MAX] = {
 	[PPME_SYSCALL_MKNODAT_E] = "mknodat_e",
 	[PPME_SYSCALL_MKNODAT_X] = "mknodat_x",
 	[PPME_SYSCALL_NEWFSTATAT_E] = "newfstatat_e",
-	[PPME_SYSCALL_NEWFSTATAT_X] = "newfstatat_x"
+	[PPME_SYSCALL_NEWFSTATAT_X] = "newfstatat_x",
+	[PPME_SYSCALL_PROCESS_VM_READV_E] = "process_vm_readv_e",
+	[PPME_SYSCALL_PROCESS_VM_READV_X] = "process_vm_readv_x",
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_E] = "process_vm_writev_e",
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_X] = "process_vm_writev_x"
 };
 
 /* Some events can require more than one bpf program to collect all the data. */
diff --git a/userspace/libscap/linux/scap_ppm_sc.c b/userspace/libscap/linux/scap_ppm_sc.c
index 41b5fc6f42..7022e60eda 100644
--- a/userspace/libscap/linux/scap_ppm_sc.c
+++ b/userspace/libscap/linux/scap_ppm_sc.c
@@ -30,8 +30,8 @@ limitations under the License.
  * NOTE: first 2 lines are automatically bumped by syscalls-bumper.
  */
 static const ppm_sc_code *g_events_to_sc_map[] = {
-	[PPME_GENERIC_E] = (ppm_sc_code[]){ PPM_SC_RESTART_SYSCALL, PPM_SC_EXIT, PPM_SC_TIME, PPM_SC_GETPID, PPM_SC_SYNC, PPM_SC_TIMES, PPM_SC_ACCT, PPM_SC_UMASK, PPM_SC_USTAT, PPM_SC_GETPPID, PPM_SC_GETPGRP, PPM_SC_SETHOSTNAME, PPM_SC_GETRUSAGE, PPM_SC_GETTIMEOFDAY, PPM_SC_SETTIMEOFDAY, PPM_SC_READLINK, PPM_SC_SWAPON, PPM_SC_REBOOT, PPM_SC_TRUNCATE, PPM_SC_FTRUNCATE, PPM_SC_GETPRIORITY, PPM_SC_SETPRIORITY, PPM_SC_STATFS, PPM_SC_FSTATFS, PPM_SC_SETITIMER, PPM_SC_GETITIMER, PPM_SC_UNAME, PPM_SC_VHANGUP, PPM_SC_WAIT4, PPM_SC_SWAPOFF, PPM_SC_SYSINFO, PPM_SC_FSYNC, PPM_SC_SETDOMAINNAME, PPM_SC_ADJTIMEX, PPM_SC_DELETE_MODULE, PPM_SC_GETPGID, PPM_SC_SYSFS, PPM_SC_PERSONALITY, PPM_SC_MSYNC, PPM_SC_GETSID, PPM_SC_FDATASYNC, PPM_SC_SCHED_SETSCHEDULER, PPM_SC_SCHED_GETSCHEDULER, PPM_SC_SCHED_YIELD, PPM_SC_SCHED_GET_PRIORITY_MAX, PPM_SC_SCHED_GET_PRIORITY_MIN, PPM_SC_SCHED_RR_GET_INTERVAL, PPM_SC_MREMAP, PPM_SC_ARCH_PRCTL, PPM_SC_RT_SIGACTION, PPM_SC_RT_SIGPROCMASK, PPM_SC_RT_SIGPENDING, PPM_SC_RT_SIGTIMEDWAIT, PPM_SC_RT_SIGQUEUEINFO, PPM_SC_RT_SIGSUSPEND, PPM_SC_CAPGET, PPM_SC_SETREUID, PPM_SC_SETREGID, PPM_SC_GETGROUPS, PPM_SC_SETGROUPS, PPM_SC_SETFSUID, PPM_SC_SETFSGID, PPM_SC_PIVOT_ROOT, PPM_SC_MINCORE, PPM_SC_MADVISE, PPM_SC_GETTID, PPM_SC_SETXATTR, PPM_SC_LSETXATTR, PPM_SC_FSETXATTR, PPM_SC_GETXATTR, PPM_SC_LGETXATTR, PPM_SC_FGETXATTR, PPM_SC_LISTXATTR, PPM_SC_LLISTXATTR, PPM_SC_FLISTXATTR, PPM_SC_REMOVEXATTR, PPM_SC_LREMOVEXATTR, PPM_SC_FREMOVEXATTR,PPM_SC_SCHED_SETAFFINITY, PPM_SC_SCHED_GETAFFINITY, PPM_SC_SET_THREAD_AREA, PPM_SC_GET_THREAD_AREA, PPM_SC_IO_SETUP, PPM_SC_IO_DESTROY, PPM_SC_IO_GETEVENTS, PPM_SC_IO_SUBMIT, PPM_SC_IO_CANCEL, PPM_SC_EXIT_GROUP, PPM_SC_REMAP_FILE_PAGES, PPM_SC_SET_TID_ADDRESS, PPM_SC_TIMER_CREATE, PPM_SC_TIMER_SETTIME, PPM_SC_TIMER_GETTIME, PPM_SC_TIMER_GETOVERRUN, PPM_SC_TIMER_DELETE, PPM_SC_CLOCK_SETTIME, PPM_SC_CLOCK_GETTIME, PPM_SC_CLOCK_GETRES, PPM_SC_CLOCK_NANOSLEEP,PPM_SC_UTIMES, PPM_SC_MQ_OPEN, PPM_SC_MQ_UNLINK, PPM_SC_MQ_TIMEDSEND, PPM_SC_MQ_TIMEDRECEIVE, PPM_SC_MQ_NOTIFY, PPM_SC_MQ_GETSETATTR, PPM_SC_KEXEC_LOAD, PPM_SC_WAITID, PPM_SC_ADD_KEY, PPM_SC_REQUEST_KEY, PPM_SC_KEYCTL, PPM_SC_IOPRIO_SET, PPM_SC_IOPRIO_GET, PPM_SC_INOTIFY_ADD_WATCH, PPM_SC_INOTIFY_RM_WATCH, PPM_SC_FUTIMESAT, PPM_SC_READLINKAT, PPM_SC_FACCESSAT, PPM_SC_SET_ROBUST_LIST, PPM_SC_GET_ROBUST_LIST, PPM_SC_TEE, PPM_SC_VMSPLICE, PPM_SC_GETCPU, PPM_SC_EPOLL_PWAIT, PPM_SC_UTIMENSAT, PPM_SC_TIMERFD_SETTIME, PPM_SC_TIMERFD_GETTIME, PPM_SC_RT_TGSIGQUEUEINFO, PPM_SC_PERF_EVENT_OPEN, PPM_SC_FANOTIFY_INIT, PPM_SC_CLOCK_ADJTIME, PPM_SC_SYNCFS, PPM_SC_MSGSND, PPM_SC_MSGRCV, PPM_SC_MSGGET, PPM_SC_MSGCTL, PPM_SC_SHMDT, PPM_SC_SHMGET, PPM_SC_SHMCTL, PPM_SC_STATFS64, PPM_SC_FSTATFS64, PPM_SC_FSTATAT64, PPM_SC_BDFLUSH, PPM_SC_SIGPROCMASK, PPM_SC_IPC, PPM_SC__NEWSELECT, PPM_SC_SGETMASK, PPM_SC_SSETMASK, PPM_SC_SIGPENDING, PPM_SC_OLDUNAME, PPM_SC_SIGNAL, PPM_SC_NICE, PPM_SC_STIME, PPM_SC_WAITPID, PPM_SC_SHMAT, PPM_SC_RT_SIGRETURN, PPM_SC_FALLOCATE, PPM_SC_SIGALTSTACK, PPM_SC_GETRANDOM, PPM_SC_FADVISE64, PPM_SC_SOCKETCALL, PPM_SC_FSPICK, PPM_SC_FSMOUNT, PPM_SC_FSOPEN, PPM_SC_OPEN_TREE, PPM_SC_MOVE_MOUNT, PPM_SC_MOUNT_SETATTR, PPM_SC_MEMFD_SECRET, PPM_SC_IOPERM, PPM_SC_KEXEC_FILE_LOAD, PPM_SC_PIDFD_SEND_SIGNAL, PPM_SC_PKEY_ALLOC, PPM_SC_PKEY_MPROTECT, PPM_SC_PKEY_FREE, PPM_SC_LANDLOCK_CREATE_RULESET, PPM_SC_QUOTACTL_FD, PPM_SC_LANDLOCK_RESTRICT_SELF, PPM_SC_LANDLOCK_ADD_RULE, PPM_SC_EPOLL_PWAIT2, PPM_SC_MIGRATE_PAGES, PPM_SC_MOVE_PAGES, PPM_SC_PREADV2, PPM_SC_PWRITEV2, PPM_SC_QUERY_MODULE, PPM_SC_STATX, PPM_SC_SET_MEMPOLICY, PPM_SC_FANOTIFY_MARK, PPM_SC_SYNC_FILE_RANGE, PPM_SC_READAHEAD, PPM_SC_PROCESS_MRELEASE, PPM_SC_MBIND, PPM_SC_PROCESS_MADVISE, PPM_SC_MEMBARRIER, PPM_SC_MODIFY_LDT, PPM_SC_SEMTIMEDOP, PPM_SC_NAME_TO_HANDLE_AT, PPM_SC_KCMP, PPM_SC_EPOLL_CTL_OLD, PPM_SC_EPOLL_WAIT_OLD, PPM_SC_FUTEX_WAITV, PPM_SC_CREATE_MODULE, PPM_SC__SYSCTL, PPM_SC_LOOKUP_DCOOKIE, PPM_SC_IOPL, PPM_SC_IO_PGETEVENTS, PPM_SC_GETPMSG, PPM_SC_SCHED_SETATTR, PPM_SC_GET_KERNEL_SYMS, PPM_SC_RSEQ, PPM_SC_CLOSE_RANGE, PPM_SC_GET_MEMPOLICY, PPM_SC_SCHED_GETATTR, PPM_SC_NFSSERVCTL, PPM_SC_SET_MEMPOLICY_HOME_NODE, PPM_SC_FACCESSAT2, PPM_SC_EPOLL_CTL, PPM_SC_PROCESS_VM_WRITEV, PPM_SC_SCHED_GETPARAM, PPM_SC_PSELECT6, PPM_SC_SCHED_SETPARAM, PPM_SC_PROCESS_VM_READV, PPM_SC_PAUSE, PPM_SC_UTIME, PPM_SC_SYSLOG, PPM_SC_USELIB, PPM_SC_ALARM, PPM_SC_SIGSUSPEND, PPM_SC_IDLE, PPM_SC_S390_RUNTIME_INSTR, PPM_SC_SIGRETURN, PPM_SC_S390_GUARDED_STORAGE, PPM_SC_TIMERFD, PPM_SC_S390_PCI_MMIO_READ, PPM_SC_SIGACTION, PPM_SC_S390_PCI_MMIO_WRITE, PPM_SC_READDIR, PPM_SC_S390_STHYI, PPM_SC_CACHESTAT, PPM_SC_FCHMODAT2, PPM_SC_MAP_SHADOW_STACK,  PPM_SC_RISCV_FLUSH_ICACHE, PPM_SC_RISCV_HWPROBE,  PPM_SC_FUTEX_WAKE, PPM_SC_FUTEX_REQUEUE, PPM_SC_FUTEX_WAIT,  PPM_SC_SYNC_FILE_RANGE2, PPM_SC_OLDFSTAT, PPM_SC_SPU_RUN, PPM_SC_SWAPCONTEXT, PPM_SC_OLDLSTAT, PPM_SC_SPU_CREATE, PPM_SC_PCICONFIG_READ, PPM_SC_SYS_DEBUG_SETCONTEXT, PPM_SC_VM86, PPM_SC_PCICONFIG_WRITE, PPM_SC_RTAS, PPM_SC_PCICONFIG_IOBASE, PPM_SC_OLDOLDUNAME, PPM_SC_SUBPAGE_PROT, PPM_SC_MULTIPLEXER, PPM_SC_OLDSTAT, PPM_SC_SWITCH_ENDIAN,  PPM_SC_LISTMOUNT, PPM_SC_STATMOUNT, PPM_SC_LSM_GET_SELF_ATTR, PPM_SC_LSM_SET_SELF_ATTR, PPM_SC_LSM_LIST_MODULES,  -1},
-	[PPME_GENERIC_X] = (ppm_sc_code[]){ PPM_SC_RESTART_SYSCALL, PPM_SC_EXIT, PPM_SC_TIME, PPM_SC_GETPID, PPM_SC_SYNC, PPM_SC_TIMES, PPM_SC_ACCT, PPM_SC_UMASK, PPM_SC_USTAT, PPM_SC_GETPPID, PPM_SC_GETPGRP, PPM_SC_SETHOSTNAME, PPM_SC_GETRUSAGE, PPM_SC_GETTIMEOFDAY, PPM_SC_SETTIMEOFDAY, PPM_SC_READLINK, PPM_SC_SWAPON, PPM_SC_REBOOT, PPM_SC_TRUNCATE, PPM_SC_FTRUNCATE, PPM_SC_GETPRIORITY, PPM_SC_SETPRIORITY, PPM_SC_STATFS, PPM_SC_FSTATFS, PPM_SC_SETITIMER, PPM_SC_GETITIMER, PPM_SC_UNAME, PPM_SC_VHANGUP, PPM_SC_WAIT4, PPM_SC_SWAPOFF, PPM_SC_SYSINFO, PPM_SC_FSYNC, PPM_SC_SETDOMAINNAME, PPM_SC_ADJTIMEX, PPM_SC_DELETE_MODULE, PPM_SC_GETPGID, PPM_SC_SYSFS, PPM_SC_PERSONALITY, PPM_SC_MSYNC, PPM_SC_GETSID, PPM_SC_FDATASYNC, PPM_SC_SCHED_SETSCHEDULER, PPM_SC_SCHED_GETSCHEDULER, PPM_SC_SCHED_YIELD, PPM_SC_SCHED_GET_PRIORITY_MAX, PPM_SC_SCHED_GET_PRIORITY_MIN, PPM_SC_SCHED_RR_GET_INTERVAL, PPM_SC_MREMAP, PPM_SC_ARCH_PRCTL, PPM_SC_RT_SIGACTION, PPM_SC_RT_SIGPROCMASK, PPM_SC_RT_SIGPENDING, PPM_SC_RT_SIGTIMEDWAIT, PPM_SC_RT_SIGQUEUEINFO, PPM_SC_RT_SIGSUSPEND, PPM_SC_CAPGET, PPM_SC_SETREUID, PPM_SC_SETREGID, PPM_SC_GETGROUPS, PPM_SC_SETGROUPS, PPM_SC_SETFSUID, PPM_SC_SETFSGID, PPM_SC_PIVOT_ROOT, PPM_SC_MINCORE, PPM_SC_MADVISE, PPM_SC_GETTID, PPM_SC_SETXATTR, PPM_SC_LSETXATTR, PPM_SC_FSETXATTR, PPM_SC_GETXATTR, PPM_SC_LGETXATTR, PPM_SC_FGETXATTR, PPM_SC_LISTXATTR, PPM_SC_LLISTXATTR, PPM_SC_FLISTXATTR, PPM_SC_REMOVEXATTR, PPM_SC_LREMOVEXATTR, PPM_SC_FREMOVEXATTR,PPM_SC_SCHED_SETAFFINITY, PPM_SC_SCHED_GETAFFINITY, PPM_SC_SET_THREAD_AREA, PPM_SC_GET_THREAD_AREA, PPM_SC_IO_SETUP, PPM_SC_IO_DESTROY, PPM_SC_IO_GETEVENTS, PPM_SC_IO_SUBMIT, PPM_SC_IO_CANCEL, PPM_SC_EXIT_GROUP, PPM_SC_REMAP_FILE_PAGES, PPM_SC_SET_TID_ADDRESS, PPM_SC_TIMER_CREATE, PPM_SC_TIMER_SETTIME, PPM_SC_TIMER_GETTIME, PPM_SC_TIMER_GETOVERRUN, PPM_SC_TIMER_DELETE, PPM_SC_CLOCK_SETTIME, PPM_SC_CLOCK_GETTIME, PPM_SC_CLOCK_GETRES, PPM_SC_CLOCK_NANOSLEEP,PPM_SC_UTIMES, PPM_SC_MQ_OPEN, PPM_SC_MQ_UNLINK, PPM_SC_MQ_TIMEDSEND, PPM_SC_MQ_TIMEDRECEIVE, PPM_SC_MQ_NOTIFY, PPM_SC_MQ_GETSETATTR, PPM_SC_KEXEC_LOAD, PPM_SC_WAITID, PPM_SC_ADD_KEY, PPM_SC_REQUEST_KEY, PPM_SC_KEYCTL, PPM_SC_IOPRIO_SET, PPM_SC_IOPRIO_GET, PPM_SC_INOTIFY_ADD_WATCH, PPM_SC_INOTIFY_RM_WATCH, PPM_SC_FUTIMESAT, PPM_SC_READLINKAT, PPM_SC_FACCESSAT, PPM_SC_SET_ROBUST_LIST, PPM_SC_GET_ROBUST_LIST, PPM_SC_TEE, PPM_SC_VMSPLICE, PPM_SC_GETCPU, PPM_SC_EPOLL_PWAIT, PPM_SC_UTIMENSAT, PPM_SC_TIMERFD_SETTIME, PPM_SC_TIMERFD_GETTIME, PPM_SC_RT_TGSIGQUEUEINFO, PPM_SC_PERF_EVENT_OPEN, PPM_SC_FANOTIFY_INIT, PPM_SC_CLOCK_ADJTIME, PPM_SC_SYNCFS, PPM_SC_MSGSND, PPM_SC_MSGRCV, PPM_SC_MSGGET, PPM_SC_MSGCTL, PPM_SC_SHMDT, PPM_SC_SHMGET, PPM_SC_SHMCTL, PPM_SC_STATFS64, PPM_SC_FSTATFS64, PPM_SC_FSTATAT64, PPM_SC_BDFLUSH, PPM_SC_SIGPROCMASK, PPM_SC_IPC, PPM_SC__NEWSELECT, PPM_SC_SGETMASK, PPM_SC_SSETMASK, PPM_SC_SIGPENDING, PPM_SC_OLDUNAME, PPM_SC_SIGNAL, PPM_SC_NICE, PPM_SC_STIME, PPM_SC_WAITPID, PPM_SC_SHMAT, PPM_SC_RT_SIGRETURN, PPM_SC_FALLOCATE, PPM_SC_SIGALTSTACK, PPM_SC_GETRANDOM, PPM_SC_FADVISE64, PPM_SC_SOCKETCALL, PPM_SC_FSPICK, PPM_SC_FSMOUNT, PPM_SC_FSOPEN, PPM_SC_OPEN_TREE, PPM_SC_MOVE_MOUNT, PPM_SC_MOUNT_SETATTR, PPM_SC_MEMFD_SECRET, PPM_SC_IOPERM, PPM_SC_KEXEC_FILE_LOAD, PPM_SC_PIDFD_SEND_SIGNAL, PPM_SC_PKEY_ALLOC, PPM_SC_PKEY_MPROTECT, PPM_SC_PKEY_FREE, PPM_SC_LANDLOCK_CREATE_RULESET, PPM_SC_QUOTACTL_FD, PPM_SC_LANDLOCK_RESTRICT_SELF, PPM_SC_LANDLOCK_ADD_RULE, PPM_SC_EPOLL_PWAIT2, PPM_SC_MIGRATE_PAGES, PPM_SC_MOVE_PAGES, PPM_SC_PREADV2, PPM_SC_PWRITEV2, PPM_SC_QUERY_MODULE, PPM_SC_STATX, PPM_SC_SET_MEMPOLICY, PPM_SC_FANOTIFY_MARK, PPM_SC_SYNC_FILE_RANGE, PPM_SC_READAHEAD, PPM_SC_PROCESS_MRELEASE, PPM_SC_MBIND, PPM_SC_PROCESS_MADVISE, PPM_SC_MEMBARRIER, PPM_SC_MODIFY_LDT, PPM_SC_SEMTIMEDOP, PPM_SC_NAME_TO_HANDLE_AT, PPM_SC_KCMP, PPM_SC_EPOLL_CTL_OLD, PPM_SC_EPOLL_WAIT_OLD, PPM_SC_FUTEX_WAITV, PPM_SC_CREATE_MODULE, PPM_SC__SYSCTL, PPM_SC_LOOKUP_DCOOKIE, PPM_SC_IOPL, PPM_SC_IO_PGETEVENTS, PPM_SC_GETPMSG, PPM_SC_SCHED_SETATTR, PPM_SC_GET_KERNEL_SYMS, PPM_SC_RSEQ, PPM_SC_CLOSE_RANGE, PPM_SC_GET_MEMPOLICY, PPM_SC_SCHED_GETATTR, PPM_SC_NFSSERVCTL, PPM_SC_SET_MEMPOLICY_HOME_NODE, PPM_SC_FACCESSAT2, PPM_SC_EPOLL_CTL, PPM_SC_PROCESS_VM_WRITEV, PPM_SC_SCHED_GETPARAM, PPM_SC_PSELECT6, PPM_SC_SCHED_SETPARAM, PPM_SC_PROCESS_VM_READV, PPM_SC_PAUSE, PPM_SC_UTIME, PPM_SC_SYSLOG, PPM_SC_USELIB, PPM_SC_ALARM, PPM_SC_TIMERFD, PPM_SC_S390_PCI_MMIO_READ, PPM_SC_SIGACTION, PPM_SC_S390_PCI_MMIO_WRITE, PPM_SC_READDIR, PPM_SC_S390_STHYI, PPM_SC_SIGSUSPEND, PPM_SC_IDLE, PPM_SC_S390_RUNTIME_INSTR, PPM_SC_SIGRETURN, PPM_SC_S390_GUARDED_STORAGE, PPM_SC_CACHESTAT, PPM_SC_FCHMODAT2, PPM_SC_MAP_SHADOW_STACK,  PPM_SC_RISCV_FLUSH_ICACHE, PPM_SC_RISCV_HWPROBE,  PPM_SC_FUTEX_WAKE, PPM_SC_FUTEX_REQUEUE, PPM_SC_FUTEX_WAIT,  PPM_SC_OLDOLDUNAME, PPM_SC_SUBPAGE_PROT, PPM_SC_PCICONFIG_IOBASE, PPM_SC_OLDSTAT, PPM_SC_SWITCH_ENDIAN, PPM_SC_MULTIPLEXER, PPM_SC_OLDLSTAT, PPM_SC_SPU_CREATE, PPM_SC_SYNC_FILE_RANGE2, PPM_SC_OLDFSTAT, PPM_SC_SPU_RUN, PPM_SC_SWAPCONTEXT, PPM_SC_PCICONFIG_WRITE, PPM_SC_RTAS, PPM_SC_PCICONFIG_READ, PPM_SC_SYS_DEBUG_SETCONTEXT, PPM_SC_VM86,  PPM_SC_LSM_SET_SELF_ATTR, PPM_SC_LSM_LIST_MODULES, PPM_SC_LISTMOUNT, PPM_SC_STATMOUNT, PPM_SC_LSM_GET_SELF_ATTR,  -1},
+	[PPME_GENERIC_E] = (ppm_sc_code[]){ PPM_SC_RESTART_SYSCALL, PPM_SC_EXIT, PPM_SC_TIME, PPM_SC_GETPID, PPM_SC_SYNC, PPM_SC_TIMES, PPM_SC_ACCT, PPM_SC_UMASK, PPM_SC_USTAT, PPM_SC_GETPPID, PPM_SC_GETPGRP, PPM_SC_SETHOSTNAME, PPM_SC_GETRUSAGE, PPM_SC_GETTIMEOFDAY, PPM_SC_SETTIMEOFDAY, PPM_SC_READLINK, PPM_SC_SWAPON, PPM_SC_REBOOT, PPM_SC_TRUNCATE, PPM_SC_FTRUNCATE, PPM_SC_GETPRIORITY, PPM_SC_SETPRIORITY, PPM_SC_STATFS, PPM_SC_FSTATFS, PPM_SC_SETITIMER, PPM_SC_GETITIMER, PPM_SC_UNAME, PPM_SC_VHANGUP, PPM_SC_WAIT4, PPM_SC_SWAPOFF, PPM_SC_SYSINFO, PPM_SC_FSYNC, PPM_SC_SETDOMAINNAME, PPM_SC_ADJTIMEX, PPM_SC_DELETE_MODULE, PPM_SC_GETPGID, PPM_SC_SYSFS, PPM_SC_PERSONALITY, PPM_SC_MSYNC, PPM_SC_GETSID, PPM_SC_FDATASYNC, PPM_SC_SCHED_SETSCHEDULER, PPM_SC_SCHED_GETSCHEDULER, PPM_SC_SCHED_YIELD, PPM_SC_SCHED_GET_PRIORITY_MAX, PPM_SC_SCHED_GET_PRIORITY_MIN, PPM_SC_SCHED_RR_GET_INTERVAL, PPM_SC_MREMAP, PPM_SC_ARCH_PRCTL, PPM_SC_RT_SIGACTION, PPM_SC_RT_SIGPROCMASK, PPM_SC_RT_SIGPENDING, PPM_SC_RT_SIGTIMEDWAIT, PPM_SC_RT_SIGQUEUEINFO, PPM_SC_RT_SIGSUSPEND, PPM_SC_CAPGET, PPM_SC_SETREUID, PPM_SC_SETREGID, PPM_SC_GETGROUPS, PPM_SC_SETGROUPS, PPM_SC_SETFSUID, PPM_SC_SETFSGID, PPM_SC_PIVOT_ROOT, PPM_SC_MINCORE, PPM_SC_MADVISE, PPM_SC_GETTID, PPM_SC_SETXATTR, PPM_SC_LSETXATTR, PPM_SC_FSETXATTR, PPM_SC_GETXATTR, PPM_SC_LGETXATTR, PPM_SC_FGETXATTR, PPM_SC_LISTXATTR, PPM_SC_LLISTXATTR, PPM_SC_FLISTXATTR, PPM_SC_REMOVEXATTR, PPM_SC_LREMOVEXATTR, PPM_SC_FREMOVEXATTR,PPM_SC_SCHED_SETAFFINITY, PPM_SC_SCHED_GETAFFINITY, PPM_SC_SET_THREAD_AREA, PPM_SC_GET_THREAD_AREA, PPM_SC_IO_SETUP, PPM_SC_IO_DESTROY, PPM_SC_IO_GETEVENTS, PPM_SC_IO_SUBMIT, PPM_SC_IO_CANCEL, PPM_SC_EXIT_GROUP, PPM_SC_REMAP_FILE_PAGES, PPM_SC_SET_TID_ADDRESS, PPM_SC_TIMER_CREATE, PPM_SC_TIMER_SETTIME, PPM_SC_TIMER_GETTIME, PPM_SC_TIMER_GETOVERRUN, PPM_SC_TIMER_DELETE, PPM_SC_CLOCK_SETTIME, PPM_SC_CLOCK_GETTIME, PPM_SC_CLOCK_GETRES, PPM_SC_CLOCK_NANOSLEEP,PPM_SC_UTIMES, PPM_SC_MQ_OPEN, PPM_SC_MQ_UNLINK, PPM_SC_MQ_TIMEDSEND, PPM_SC_MQ_TIMEDRECEIVE, PPM_SC_MQ_NOTIFY, PPM_SC_MQ_GETSETATTR, PPM_SC_KEXEC_LOAD, PPM_SC_WAITID, PPM_SC_ADD_KEY, PPM_SC_REQUEST_KEY, PPM_SC_KEYCTL, PPM_SC_IOPRIO_SET, PPM_SC_IOPRIO_GET, PPM_SC_INOTIFY_ADD_WATCH, PPM_SC_INOTIFY_RM_WATCH, PPM_SC_FUTIMESAT, PPM_SC_READLINKAT, PPM_SC_FACCESSAT, PPM_SC_SET_ROBUST_LIST, PPM_SC_GET_ROBUST_LIST, PPM_SC_TEE, PPM_SC_VMSPLICE, PPM_SC_GETCPU, PPM_SC_EPOLL_PWAIT, PPM_SC_UTIMENSAT, PPM_SC_TIMERFD_SETTIME, PPM_SC_TIMERFD_GETTIME, PPM_SC_RT_TGSIGQUEUEINFO, PPM_SC_PERF_EVENT_OPEN, PPM_SC_FANOTIFY_INIT, PPM_SC_CLOCK_ADJTIME, PPM_SC_SYNCFS, PPM_SC_MSGSND, PPM_SC_MSGRCV, PPM_SC_MSGGET, PPM_SC_MSGCTL, PPM_SC_SHMDT, PPM_SC_SHMGET, PPM_SC_SHMCTL, PPM_SC_STATFS64, PPM_SC_FSTATFS64, PPM_SC_FSTATAT64, PPM_SC_BDFLUSH, PPM_SC_SIGPROCMASK, PPM_SC_IPC, PPM_SC__NEWSELECT, PPM_SC_SGETMASK, PPM_SC_SSETMASK, PPM_SC_SIGPENDING, PPM_SC_OLDUNAME, PPM_SC_SIGNAL, PPM_SC_NICE, PPM_SC_STIME, PPM_SC_WAITPID, PPM_SC_SHMAT, PPM_SC_RT_SIGRETURN, PPM_SC_FALLOCATE, PPM_SC_SIGALTSTACK, PPM_SC_GETRANDOM, PPM_SC_FADVISE64, PPM_SC_SOCKETCALL, PPM_SC_FSPICK, PPM_SC_FSMOUNT, PPM_SC_FSOPEN, PPM_SC_OPEN_TREE, PPM_SC_MOVE_MOUNT, PPM_SC_MOUNT_SETATTR, PPM_SC_MEMFD_SECRET, PPM_SC_IOPERM, PPM_SC_KEXEC_FILE_LOAD, PPM_SC_PIDFD_SEND_SIGNAL, PPM_SC_PKEY_ALLOC, PPM_SC_PKEY_MPROTECT, PPM_SC_PKEY_FREE, PPM_SC_LANDLOCK_CREATE_RULESET, PPM_SC_QUOTACTL_FD, PPM_SC_LANDLOCK_RESTRICT_SELF, PPM_SC_LANDLOCK_ADD_RULE, PPM_SC_EPOLL_PWAIT2, PPM_SC_MIGRATE_PAGES, PPM_SC_MOVE_PAGES, PPM_SC_PREADV2, PPM_SC_PWRITEV2, PPM_SC_QUERY_MODULE, PPM_SC_STATX, PPM_SC_SET_MEMPOLICY, PPM_SC_FANOTIFY_MARK, PPM_SC_SYNC_FILE_RANGE, PPM_SC_READAHEAD, PPM_SC_PROCESS_MRELEASE, PPM_SC_MBIND, PPM_SC_PROCESS_MADVISE, PPM_SC_MEMBARRIER, PPM_SC_MODIFY_LDT, PPM_SC_SEMTIMEDOP, PPM_SC_NAME_TO_HANDLE_AT, PPM_SC_KCMP, PPM_SC_EPOLL_CTL_OLD, PPM_SC_EPOLL_WAIT_OLD, PPM_SC_FUTEX_WAITV, PPM_SC_CREATE_MODULE, PPM_SC__SYSCTL, PPM_SC_LOOKUP_DCOOKIE, PPM_SC_IOPL, PPM_SC_IO_PGETEVENTS, PPM_SC_GETPMSG, PPM_SC_SCHED_SETATTR, PPM_SC_GET_KERNEL_SYMS, PPM_SC_RSEQ, PPM_SC_CLOSE_RANGE, PPM_SC_GET_MEMPOLICY, PPM_SC_SCHED_GETATTR, PPM_SC_NFSSERVCTL, PPM_SC_SET_MEMPOLICY_HOME_NODE, PPM_SC_FACCESSAT2, PPM_SC_EPOLL_CTL, PPM_SC_SCHED_GETPARAM, PPM_SC_PSELECT6, PPM_SC_SCHED_SETPARAM, PPM_SC_PAUSE, PPM_SC_UTIME, PPM_SC_SYSLOG, PPM_SC_USELIB, PPM_SC_ALARM, PPM_SC_SIGSUSPEND, PPM_SC_IDLE, PPM_SC_S390_RUNTIME_INSTR, PPM_SC_SIGRETURN, PPM_SC_S390_GUARDED_STORAGE, PPM_SC_TIMERFD, PPM_SC_S390_PCI_MMIO_READ, PPM_SC_SIGACTION, PPM_SC_S390_PCI_MMIO_WRITE, PPM_SC_READDIR, PPM_SC_S390_STHYI, PPM_SC_CACHESTAT, PPM_SC_FCHMODAT2, PPM_SC_MAP_SHADOW_STACK,  PPM_SC_RISCV_FLUSH_ICACHE, PPM_SC_RISCV_HWPROBE,  PPM_SC_FUTEX_WAKE, PPM_SC_FUTEX_REQUEUE, PPM_SC_FUTEX_WAIT,  PPM_SC_SYNC_FILE_RANGE2, PPM_SC_OLDFSTAT, PPM_SC_SPU_RUN, PPM_SC_SWAPCONTEXT, PPM_SC_OLDLSTAT, PPM_SC_SPU_CREATE, PPM_SC_PCICONFIG_READ, PPM_SC_SYS_DEBUG_SETCONTEXT, PPM_SC_VM86, PPM_SC_PCICONFIG_WRITE, PPM_SC_RTAS, PPM_SC_PCICONFIG_IOBASE, PPM_SC_OLDOLDUNAME, PPM_SC_SUBPAGE_PROT, PPM_SC_MULTIPLEXER, PPM_SC_OLDSTAT, PPM_SC_SWITCH_ENDIAN,  PPM_SC_LISTMOUNT, PPM_SC_STATMOUNT, PPM_SC_LSM_GET_SELF_ATTR, PPM_SC_LSM_SET_SELF_ATTR, PPM_SC_LSM_LIST_MODULES,  -1},
+	[PPME_GENERIC_X] = (ppm_sc_code[]){ PPM_SC_RESTART_SYSCALL, PPM_SC_EXIT, PPM_SC_TIME, PPM_SC_GETPID, PPM_SC_SYNC, PPM_SC_TIMES, PPM_SC_ACCT, PPM_SC_UMASK, PPM_SC_USTAT, PPM_SC_GETPPID, PPM_SC_GETPGRP, PPM_SC_SETHOSTNAME, PPM_SC_GETRUSAGE, PPM_SC_GETTIMEOFDAY, PPM_SC_SETTIMEOFDAY, PPM_SC_READLINK, PPM_SC_SWAPON, PPM_SC_REBOOT, PPM_SC_TRUNCATE, PPM_SC_FTRUNCATE, PPM_SC_GETPRIORITY, PPM_SC_SETPRIORITY, PPM_SC_STATFS, PPM_SC_FSTATFS, PPM_SC_SETITIMER, PPM_SC_GETITIMER, PPM_SC_UNAME, PPM_SC_VHANGUP, PPM_SC_WAIT4, PPM_SC_SWAPOFF, PPM_SC_SYSINFO, PPM_SC_FSYNC, PPM_SC_SETDOMAINNAME, PPM_SC_ADJTIMEX, PPM_SC_DELETE_MODULE, PPM_SC_GETPGID, PPM_SC_SYSFS, PPM_SC_PERSONALITY, PPM_SC_MSYNC, PPM_SC_GETSID, PPM_SC_FDATASYNC, PPM_SC_SCHED_SETSCHEDULER, PPM_SC_SCHED_GETSCHEDULER, PPM_SC_SCHED_YIELD, PPM_SC_SCHED_GET_PRIORITY_MAX, PPM_SC_SCHED_GET_PRIORITY_MIN, PPM_SC_SCHED_RR_GET_INTERVAL, PPM_SC_MREMAP, PPM_SC_ARCH_PRCTL, PPM_SC_RT_SIGACTION, PPM_SC_RT_SIGPROCMASK, PPM_SC_RT_SIGPENDING, PPM_SC_RT_SIGTIMEDWAIT, PPM_SC_RT_SIGQUEUEINFO, PPM_SC_RT_SIGSUSPEND, PPM_SC_CAPGET, PPM_SC_SETREUID, PPM_SC_SETREGID, PPM_SC_GETGROUPS, PPM_SC_SETGROUPS, PPM_SC_SETFSUID, PPM_SC_SETFSGID, PPM_SC_PIVOT_ROOT, PPM_SC_MINCORE, PPM_SC_MADVISE, PPM_SC_GETTID, PPM_SC_SETXATTR, PPM_SC_LSETXATTR, PPM_SC_FSETXATTR, PPM_SC_GETXATTR, PPM_SC_LGETXATTR, PPM_SC_FGETXATTR, PPM_SC_LISTXATTR, PPM_SC_LLISTXATTR, PPM_SC_FLISTXATTR, PPM_SC_REMOVEXATTR, PPM_SC_LREMOVEXATTR, PPM_SC_FREMOVEXATTR,PPM_SC_SCHED_SETAFFINITY, PPM_SC_SCHED_GETAFFINITY, PPM_SC_SET_THREAD_AREA, PPM_SC_GET_THREAD_AREA, PPM_SC_IO_SETUP, PPM_SC_IO_DESTROY, PPM_SC_IO_GETEVENTS, PPM_SC_IO_SUBMIT, PPM_SC_IO_CANCEL, PPM_SC_EXIT_GROUP, PPM_SC_REMAP_FILE_PAGES, PPM_SC_SET_TID_ADDRESS, PPM_SC_TIMER_CREATE, PPM_SC_TIMER_SETTIME, PPM_SC_TIMER_GETTIME, PPM_SC_TIMER_GETOVERRUN, PPM_SC_TIMER_DELETE, PPM_SC_CLOCK_SETTIME, PPM_SC_CLOCK_GETTIME, PPM_SC_CLOCK_GETRES, PPM_SC_CLOCK_NANOSLEEP,PPM_SC_UTIMES, PPM_SC_MQ_OPEN, PPM_SC_MQ_UNLINK, PPM_SC_MQ_TIMEDSEND, PPM_SC_MQ_TIMEDRECEIVE, PPM_SC_MQ_NOTIFY, PPM_SC_MQ_GETSETATTR, PPM_SC_KEXEC_LOAD, PPM_SC_WAITID, PPM_SC_ADD_KEY, PPM_SC_REQUEST_KEY, PPM_SC_KEYCTL, PPM_SC_IOPRIO_SET, PPM_SC_IOPRIO_GET, PPM_SC_INOTIFY_ADD_WATCH, PPM_SC_INOTIFY_RM_WATCH, PPM_SC_FUTIMESAT, PPM_SC_READLINKAT, PPM_SC_FACCESSAT, PPM_SC_SET_ROBUST_LIST, PPM_SC_GET_ROBUST_LIST, PPM_SC_TEE, PPM_SC_VMSPLICE, PPM_SC_GETCPU, PPM_SC_EPOLL_PWAIT, PPM_SC_UTIMENSAT, PPM_SC_TIMERFD_SETTIME, PPM_SC_TIMERFD_GETTIME, PPM_SC_RT_TGSIGQUEUEINFO, PPM_SC_PERF_EVENT_OPEN, PPM_SC_FANOTIFY_INIT, PPM_SC_CLOCK_ADJTIME, PPM_SC_SYNCFS, PPM_SC_MSGSND, PPM_SC_MSGRCV, PPM_SC_MSGGET, PPM_SC_MSGCTL, PPM_SC_SHMDT, PPM_SC_SHMGET, PPM_SC_SHMCTL, PPM_SC_STATFS64, PPM_SC_FSTATFS64, PPM_SC_FSTATAT64, PPM_SC_BDFLUSH, PPM_SC_SIGPROCMASK, PPM_SC_IPC, PPM_SC__NEWSELECT, PPM_SC_SGETMASK, PPM_SC_SSETMASK, PPM_SC_SIGPENDING, PPM_SC_OLDUNAME, PPM_SC_SIGNAL, PPM_SC_NICE, PPM_SC_STIME, PPM_SC_WAITPID, PPM_SC_SHMAT, PPM_SC_RT_SIGRETURN, PPM_SC_FALLOCATE, PPM_SC_SIGALTSTACK, PPM_SC_GETRANDOM, PPM_SC_FADVISE64, PPM_SC_SOCKETCALL, PPM_SC_FSPICK, PPM_SC_FSMOUNT, PPM_SC_FSOPEN, PPM_SC_OPEN_TREE, PPM_SC_MOVE_MOUNT, PPM_SC_MOUNT_SETATTR, PPM_SC_MEMFD_SECRET, PPM_SC_IOPERM, PPM_SC_KEXEC_FILE_LOAD, PPM_SC_PIDFD_SEND_SIGNAL, PPM_SC_PKEY_ALLOC, PPM_SC_PKEY_MPROTECT, PPM_SC_PKEY_FREE, PPM_SC_LANDLOCK_CREATE_RULESET, PPM_SC_QUOTACTL_FD, PPM_SC_LANDLOCK_RESTRICT_SELF, PPM_SC_LANDLOCK_ADD_RULE, PPM_SC_EPOLL_PWAIT2, PPM_SC_MIGRATE_PAGES, PPM_SC_MOVE_PAGES, PPM_SC_PREADV2, PPM_SC_PWRITEV2, PPM_SC_QUERY_MODULE, PPM_SC_STATX, PPM_SC_SET_MEMPOLICY, PPM_SC_FANOTIFY_MARK, PPM_SC_SYNC_FILE_RANGE, PPM_SC_READAHEAD, PPM_SC_PROCESS_MRELEASE, PPM_SC_MBIND, PPM_SC_PROCESS_MADVISE, PPM_SC_MEMBARRIER, PPM_SC_MODIFY_LDT, PPM_SC_SEMTIMEDOP, PPM_SC_NAME_TO_HANDLE_AT, PPM_SC_KCMP, PPM_SC_EPOLL_CTL_OLD, PPM_SC_EPOLL_WAIT_OLD, PPM_SC_FUTEX_WAITV, PPM_SC_CREATE_MODULE, PPM_SC__SYSCTL, PPM_SC_LOOKUP_DCOOKIE, PPM_SC_IOPL, PPM_SC_IO_PGETEVENTS, PPM_SC_GETPMSG, PPM_SC_SCHED_SETATTR, PPM_SC_GET_KERNEL_SYMS, PPM_SC_RSEQ, PPM_SC_CLOSE_RANGE, PPM_SC_GET_MEMPOLICY, PPM_SC_SCHED_GETATTR, PPM_SC_NFSSERVCTL, PPM_SC_SET_MEMPOLICY_HOME_NODE, PPM_SC_FACCESSAT2, PPM_SC_EPOLL_CTL, PPM_SC_SCHED_GETPARAM, PPM_SC_PSELECT6, PPM_SC_SCHED_SETPARAM, PPM_SC_PAUSE, PPM_SC_UTIME, PPM_SC_SYSLOG, PPM_SC_USELIB, PPM_SC_ALARM, PPM_SC_TIMERFD, PPM_SC_S390_PCI_MMIO_READ, PPM_SC_SIGACTION, PPM_SC_S390_PCI_MMIO_WRITE, PPM_SC_READDIR, PPM_SC_S390_STHYI, PPM_SC_SIGSUSPEND, PPM_SC_IDLE, PPM_SC_S390_RUNTIME_INSTR, PPM_SC_SIGRETURN, PPM_SC_S390_GUARDED_STORAGE, PPM_SC_CACHESTAT, PPM_SC_FCHMODAT2, PPM_SC_MAP_SHADOW_STACK,  PPM_SC_RISCV_FLUSH_ICACHE, PPM_SC_RISCV_HWPROBE,  PPM_SC_FUTEX_WAKE, PPM_SC_FUTEX_REQUEUE, PPM_SC_FUTEX_WAIT,  PPM_SC_OLDOLDUNAME, PPM_SC_SUBPAGE_PROT, PPM_SC_PCICONFIG_IOBASE, PPM_SC_OLDSTAT, PPM_SC_SWITCH_ENDIAN, PPM_SC_MULTIPLEXER, PPM_SC_OLDLSTAT, PPM_SC_SPU_CREATE, PPM_SC_SYNC_FILE_RANGE2, PPM_SC_OLDFSTAT, PPM_SC_SPU_RUN, PPM_SC_SWAPCONTEXT, PPM_SC_PCICONFIG_WRITE, PPM_SC_RTAS, PPM_SC_PCICONFIG_READ, PPM_SC_SYS_DEBUG_SETCONTEXT, PPM_SC_VM86,  PPM_SC_LSM_SET_SELF_ATTR, PPM_SC_LSM_LIST_MODULES, PPM_SC_LISTMOUNT, PPM_SC_STATMOUNT, PPM_SC_LSM_GET_SELF_ATTR,  -1},
 	[PPME_SYSCALL_OPEN_E] = (ppm_sc_code[]){PPM_SC_OPEN, -1},
 	[PPME_SYSCALL_OPEN_X] = (ppm_sc_code[]){PPM_SC_OPEN, -1},
 	[PPME_SYSCALL_CLOSE_E] = (ppm_sc_code[]){PPM_SC_CLOSE, -1},
@@ -450,6 +450,10 @@ static const ppm_sc_code *g_events_to_sc_map[] = {
 	[PPME_SYSCALL_MKNODAT_X] = (ppm_sc_code[]){PPM_SC_MKNODAT, -1},
 	[PPME_SYSCALL_NEWFSTATAT_E] = (ppm_sc_code[]){PPM_SC_NEWFSTATAT, -1},
 	[PPME_SYSCALL_NEWFSTATAT_X] = (ppm_sc_code[]){PPM_SC_NEWFSTATAT, -1},
+	[PPME_SYSCALL_PROCESS_VM_READV_E] = (ppm_sc_code[]){PPM_SC_PROCESS_VM_READV, -1},
+	[PPME_SYSCALL_PROCESS_VM_READV_X] = (ppm_sc_code[]){PPM_SC_PROCESS_VM_READV, -1},
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_E] = (ppm_sc_code[]){PPM_SC_PROCESS_VM_WRITEV, -1},
+	[PPME_SYSCALL_PROCESS_VM_WRITEV_X] = (ppm_sc_code[]){PPM_SC_PROCESS_VM_WRITEV, -1},
 };
 
 #if defined(__GNUC__) || (__STDC_VERSION__ >=201112L)