how to intercepting operating system function call [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clari开发者_如何学运维fying this question so that it can be reopened, visit the help center. Closed 11 years ago.

suppose if a program make a operating system function call and I have to intercept it how it can be done?

---

API hooking in C# directly isn't possible, manipulating the stack frame requires machine code. There is however a pretty popular library available that makes it possible from a C# program, EasyHook, download is here. Source code is available, in case you want to find out how it works.

---

You need to create a hook. In unmanaged code you should be able to use Detours. Check out EasyHook since you need to do this in C#. This article on The Code Project explains how to use it.