Overriding functionality with modules in Linux kernel

Question

Without getting into the details of why, I\'m looking for a clean (as possible) way to replace kernel functions and system calls from a loadable module. My initial

Answer 1

This might prove a useful read to you.

Basically, since the system call table is not directly exported in newer kernels, you have to do some searching to determine its location yourself. Then you can intercept your system calls of choice and manipulate them. Replacing other kernel functions, though, will be much more difficult, unless some of them are organized the same way system calls are (they appear on some dispatch table etc.) - which is not at all common.