This is literally the most requested article ever, I've had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it, because it was fairly undocumented and writing an article may have led to more people using it; However, yesterday I came across a few bloggers posting their implementations of the hook code (without explanation), so I've finally decided to go over it seeming as the code is already available.
read more.........http://www.malwaretech.com/2014/06/usermode-system-call-hooking-betabot.html