diff --git a/3_RootkitTechniques/3.1_syscall_hooking/README.md b/3_RootkitTechniques/3.1_syscall_hooking/README.md
index 9b49563..486399b 100644
--- a/3_RootkitTechniques/3.1_syscall_hooking/README.md
+++ b/3_RootkitTechniques/3.1_syscall_hooking/README.md
@@ -9,6 +9,13 @@
 ```C
 typedef asmlinkage long (*orig_mkdir_t)(const struct pt_regs *);
 orig_mkdir_t orig_mkdir;
+
+...
+
+asmlinkage int hook_mkdir(const struct pt_regs *regs)
+{
+	...
+}
 ```
 
 This means that we can wrap around this syscall by doing whatever we want to do in our hook, and then just pass the entire `pt_regs` struct over to this function pointer with `orig_mkdir(regs)` when we're done.