Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed.