diff --git a/examples/cpp/HelloWorld.cc b/examples/cpp/HelloWorld.cc
index d01cb259b0bf..05e5509eece7 100644
--- a/examples/cpp/HelloWorld.cc
+++ b/examples/cpp/HelloWorld.cc
@@ -27,8 +27,9 @@ int main() {
 
   std::ifstream pipe("/sys/kernel/debug/tracing/trace_pipe");
   std::string line;
+  std::string clone_fnname = bpf.get_syscall_fnname("clone");
 
-  auto attach_res = bpf.attach_kprobe("sys_clone", "on_sys_clone");
+  auto attach_res = bpf.attach_kprobe(clone_fnname, "on_sys_clone");
   if (attach_res.code() != 0) {
     std::cerr << attach_res.msg() << std::endl;
     return 1;
@@ -38,7 +39,7 @@ int main() {
     if (std::getline(pipe, line)) {
       std::cout << line << std::endl;
       // Detach the probe if we got at least one line.
-      auto detach_res = bpf.detach_kprobe("sys_clone");
+      auto detach_res = bpf.detach_kprobe(clone_fnname);
       if (detach_res.code() != 0) {
         std::cerr << detach_res.msg() << std::endl;
         return 1;
diff --git a/src/cc/api/BPF.cc b/src/cc/api/BPF.cc
index 28af931c362c..f5aa69f5ccc4 100644
--- a/src/cc/api/BPF.cc
+++ b/src/cc/api/BPF.cc
@@ -39,6 +39,11 @@
 
 namespace ebpf {
 
+static const char *syscall_prefix[] = {
+  "sys_",
+  "__x64_sys_",
+};
+
 std::string uint_to_hex(uint64_t value) {
   std::stringstream ss;
   ss << std::hex << value;
@@ -57,6 +62,10 @@ StatusTuple BPF::init(const std::string& bpf_program,
                       const std::vector<std::string>& cflags,
                       const std::vector<USDT>& usdt) {
   std::string all_bpf_program;
+  bcc_symbol_option symbol_option = {};
+  void *ksym_cache;
+  uint64_t addr;
+  int ret;
 
   for (auto u : usdt) {
     if (!u.initialized_)
@@ -74,6 +83,16 @@ StatusTuple BPF::init(const std::string& bpf_program,
   if (bpf_module_->load_string(all_bpf_program, flags, flags_len) != 0)
     return StatusTuple(-1, "Unable to initialize BPF program");
 
+  ksym_cache = bcc_symcache_new(-1, &symbol_option);
+  ret = bcc_symcache_resolve_name(ksym_cache, NULL, "sys_bpf", &addr);
+  if (ret == 0) {
+    syscall_prefix_idx_ = 0;
+  } else {
+    ret = bcc_symcache_resolve_name(ksym_cache, NULL, "__x64_sys_bpf", &addr);
+    syscall_prefix_idx_ = (ret == 0) ? 1 : 0;
+  }
+  bcc_free_symcache(ksym_cache, -1);
+
   return StatusTuple(0);
 };
 
@@ -548,6 +567,11 @@ StatusTuple BPF::unload_func(const std::string& func_name) {
   return StatusTuple(0);
 }
 
+std::string BPF::get_syscall_fnname(const std::string &name) {
+  std::string fn_name = syscall_prefix[syscall_prefix_idx_] + name;
+  return std::move(fn_name);
+}
+
 StatusTuple BPF::check_binary_symbol(const std::string& binary_path,
                                      const std::string& symbol,
                                      uint64_t symbol_addr,
diff --git a/src/cc/api/BPF.h b/src/cc/api/BPF.h
index 3fc69e50d79e..9293cd33bb11 100644
--- a/src/cc/api/BPF.h
+++ b/src/cc/api/BPF.h
@@ -47,7 +47,8 @@ class BPF {
 
   explicit BPF(unsigned int flag = 0, TableStorage* ts = nullptr,
                bool rw_engine_enabled = true)
-      : flag_(flag), bpf_module_(new BPFModule(flag, ts, rw_engine_enabled)) {}
+      : flag_(flag), syscall_prefix_idx_(0),
+        bpf_module_(new BPFModule(flag, ts, rw_engine_enabled)) {}
   StatusTuple init(const std::string& bpf_program,
                    const std::vector<std::string>& cflags = {},
                    const std::vector<USDT>& usdt = {});
@@ -90,6 +91,7 @@ class BPF {
                                     int group_fd = -1);
   StatusTuple detach_perf_event(uint32_t ev_type, uint32_t ev_config);
   StatusTuple detach_perf_event_raw(void* perf_event_attr);
+  std::string get_syscall_fnname(const std::string &name);
 
   BPFTable get_table(const std::string& name) {
     TableStorage::iterator it;
@@ -212,6 +214,8 @@ class BPF {
 
   int flag_;
 
+  int syscall_prefix_idx_;
+
   std::unique_ptr<BPFModule> bpf_module_;
 
   std::map<std::string, int> funcs_;
diff --git a/tests/cc/test_bpf_table.cc b/tests/cc/test_bpf_table.cc
index 5ceff74824ea..55e8a91195c9 100644
--- a/tests/cc/test_bpf_table.cc
+++ b/tests/cc/test_bpf_table.cc
@@ -178,10 +178,11 @@ TEST_CASE("test bpf stack table", "[bpf_stack_table]") {
   ebpf::StatusTuple res(0);
   res = bpf.init(BPF_PROGRAM);
   REQUIRE(res.code() == 0);
-  res = bpf.attach_kprobe("sys_getuid", "on_sys_getuid");
+  std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
+  res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
   REQUIRE(res.code() == 0);
   REQUIRE(getuid() >= 0);
-  res = bpf.detach_kprobe("sys_getuid");
+  res = bpf.detach_kprobe(getuid_fnname);
   REQUIRE(res.code() == 0);
 
   auto id = bpf.get_hash_table<int, int>("id");
diff --git a/tests/cc/test_perf_event.cc b/tests/cc/test_perf_event.cc
index 2f499cd10b47..76d2d17ef721 100644
--- a/tests/cc/test_perf_event.cc
+++ b/tests/cc/test_perf_event.cc
@@ -62,10 +62,11 @@ TEST_CASE("test read perf event", "[bpf_perf_event]") {
   res =
       bpf.open_perf_event("cnt", PERF_TYPE_SOFTWARE, PERF_COUNT_SW_CPU_CLOCK);
   REQUIRE(res.code() == 0);
-  res = bpf.attach_kprobe("sys_getuid", "on_sys_getuid");
+  std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
+  res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
   REQUIRE(res.code() == 0);
   REQUIRE(getuid() >= 0);
-  res = bpf.detach_kprobe("sys_getuid");
+  res = bpf.detach_kprobe(getuid_fnname);
   REQUIRE(res.code() == 0);
   res = bpf.close_perf_event("cnt");
   REQUIRE(res.code() == 0);