Comments on: Overriding System Functions for Fun and Profit

By: Ville Laurikari

Ville Laurikari — Sun, 21 Aug 2011 18:18:21 +0000

@cyro, it’s possible if you know the signature of each function in the target library (arguments and return type) at compile time. The implementation of your parasitic library would then define each function in the target library with an identical signature and call the target library functions (obtained with dlopen/dlsym) and return the result.

LD_PRELOAD is much simpler.

By: cyro

cyro — Sun, 21 Aug 2011 15:18:47 +0000

Is there some way to make a parasitic library which loads a target library using dlopen and maps almost all of it’s symbols except for a couple of symbols and override it?

By: AB CD

AB CD — Mon, 04 Oct 2010 10:00:26 +0000

I know this article is somewhat old, but thanks a lot, HackerBoss. And BTW, +1@lonelycoder: I must say exactly the same.

By: Ville Laurikari

Ville Laurikari — Fri, 16 Oct 2009 06:39:00 +0000

Johnny, I think your problem might be related to a GCC optimization. GCC sometimes replaces calls to printf() with puts() as an optimization.

A simple test confirms this:

$ cat hello.c
#include 
int main() { printf("Hello, World!\n"); return 0; }
$ gcc -o hello hello.c
$ nm --undefined-only hello
                 w _Jv_RegisterClasses
                 w __gmon_start__
                 U __libc_start_main@@GLIBC_2.2.5
                 U puts@@GLIBC_2.2.5

My code calls printf(), but the resulting executable actually calls puts()!

You need to override both puts() and printf() to catch all cases. Another option is to recompile using -fno-builtin-printf, but that’s probably defeating the purpose of using LD_PRELOAD in the first place.

By: Johnny

Johnny — Fri, 16 Oct 2009 05:07:03 +0000

I successfully defined my own malloc/free functions, but for printf(), seems there’re some problem. Have you check it? Thanks.

By: Johnny

Johnny — Thu, 15 Oct 2009 07:21:30 +0000

It’s what I really need for current project. Thanks.

I need to dump all debugging messages sent to console to a file/memory. At least three solutions are available:
1. Deploy wrapped printf all over the system. Our codes are from different team/company, different wrapper functions are used to output to console, so unify them is a little difficult (even inside our team, due to historical reason, printf of system library and wrappers are mix-used, NOT well organized!)
2. Touch UART driver: it’s a good solution, but we don’t want it. No reason.
3. Hook into printf: I find the solution here :-)

By: lonelycoder

lonelycoder — Fri, 25 Sep 2009 10:30:59 +0000

I was aware of this ld_preload thing, but I though it was some kind of black magic to use it. Thanks.

By: hackerboss

hackerboss — Thu, 24 Sep 2009 10:20:08 +0000

Overriding System Functions for Fun and Profit: http://bit.ly/mJzch

This comment was originally posted on Twitter