Next

How to Avoid Writing Kernel Modules
© 2004 Michael C. Toren

#7

Hijacking functions with `LD_PRELOAD`

Example hijacking getpid(2) to add a side-effect:

    #include <sys/syscall.h>
    #include <sys/types.h>
    #include <unistd.h>
    #include <stdio.h>

    pid_t getpid(void)
    {
        printf("Hello, world!\n");
        return syscall(SYS_getpid);
    }

Compiling and execution:

    $ gcc -Wall -fPIC -shared -o getpid.so getpid.c

    $ LD_PRELOAD=./getpid.so bash -c 'echo $$'
    Hello, world!
    3358