LD_PRELOAD and stealing function calls

LD_PRELOAD and stealing function calls

Comments 2 comments

There is a clever little trick that one can use for a variety of purposes on Linux. It involves overriding or hijacking function calls. It’s called LD_PRELOAD.

Lets say you create a file called unrandom.c that includes an implementation of the rand() function. It matches the function rand() in standard C.

unrandom.c:
1
2
3
int rand(){
    return 42; //the most random number in the universe
}

We’ll compile it into a shared library.

gcc -shared -fPIC unrandom.c -o unrandom.so

Now… just run a program (my_program) that uses random numbers like this, and you’ll find that the rand function only generates 42.

LD_PRELOAD=$PWD/unrandom.so ./my_program

This trick can be used in a variety of ways. A good write-up can be found here, and is worth a read:

Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs

2 thoughts on “LD_PRELOAD and stealing function calls

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.