Nothing magic. In /boot/ you find System.map for various kernel versions.
This file contains the absolute adresses of kernel functions, like fopen() ...
If you, at startup of a UBUNTU binary, replace these addresses by Solaris adresses, any UBUNTU binary runs, as if it was originally compiled for Solaris.
c041bc90 b packet_sklist
c041bc94 b packet_sklist_lock
c041bc94 b packet_socks_nr
c041bc98 A __bss_stop
c041bc98 A _end
c041c000 A pg0
ffffe400 A __kernel_vsyscall
ffffe410 A SYSENTER_RETURN
ffffe420 A __kernel_sigreturn
ffffe440 A __kernel_rt_sigreturn
WINE is working in the same way. But, of course, has added some extra functions to make Windows .EXE run.
Very simple, all that.
Hackers typically use that to "hook" keyboard sniffers into the system. Byebye passwords!