sysadmin > user-mode
document updated 11 years ago, on Apr 3, 2012


LD_PRELOAD can be used to execute arbitrary code in all programs that run under your user. This can be used to radically alter every program without additional compilation. This can be used for very good or very bad purposes. My intents for for the geeky-cool good stuff. For instance, user-mode filesystems have been implemented this way.

phrack has a good example of hooking into common libraries.

Compiling shared libraries is required for this. The options vary from platform to platform, this may provide some hints. This seemed to work for me in Solaris:

For documentation on how to call the original function that you overwrite, see the phrack article, and documentation on the functions dlopen and dlsym. It may be preferable to use the dlsym(RTLD_NEXT, "malloc") syntax.

Projects which use LD_PRELOAD:

Things that make it easier to write LD_PRELOAD hooks:


ptrace is sometimes used to do similar things to what LD_PRELOAD allows.


Various folks advocate replacing ptrace with utrace.