This document describes a new syscall hooking technique for Linux systems and exposes how it can be implemented as part of a virus or a backdoor in order to take full control over an userland application. Although there are some well- known methods for hooking functions, they are mostly based on the ELF format itself. This technique is focused on those pieces of code that are externally called by the main program and invoke a system call or system service.
You can download it from the following link: https://packetstormsecurity.com/files/download/49573/Linux_PerProcess_Syscall_Hooking.txt
Source: https://packetstormsecurity.com/files/49573/Linux_PerProcess_Syscall_Hooking.txt.html