LD_PRELOAD and stealing function calls
There is a clever little trick that one can use for a variety of purposes on Linux. It involves overriding or hijacking function calls. It’s called LD_PRELOAD.
Lets say you create a file called unrandom.c that includes an implementation of the rand() function. It matches the function rand() in standard C.
We’ll compile it into a shared library.
gcc -shared -fPIC unrandom.c -o unrandom.so
Now… just run a program (my_program) that uses random numbers like this, and you’ll find that the rand function only generates 42.
This trick can be used in a variety of ways. A good write-up can be found here, and is worth a read:
Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs
2 thoughts on “LD_PRELOAD and stealing function calls”
Another set of Windows equivalents: