The Problems With Hijacking System Calls 

There is no mechanism in Linux's kernel to hijack system calls, due to political reasons. Thus, hijacking them is done using the same methods that one used for hijacking interrupts under MS-DOS.

This method means you locate the system call table - a table of pointers to all syscalls, mapped by syscall ID - copy a pointer to your own table, and replace the original pointer with a pointer to your function.

Luckily, the system call table (sys_call_table) is exporter for modules to use, so there was no need for searching the kernel's memory directly.