Discussing Two Methods for Function Hooking on Linux

Discussing Two Methods for Function Hooking on Linux

1. Background 1. Storytelling In the previous two articles, we introduced the powerful capabilities of Minhook on the Windows platform. In this article, we will discuss how to hook functions on Linux, introducing two methods. Lightweight LD_PRELOAD Interception LD_PRELOAD is a method of intercepting shared libraries. The advantage of this method is that it does … Read more

From Symbol Hijacking to Runtime Tracing in Linux: How to Function Hook, Audit Hijacking, and Function Instrumentation?

From Symbol Hijacking to Runtime Tracing in Linux: How to Function Hook, Audit Hijacking, and Function Instrumentation?

Hello, friends! Hooking using LD_PRELOAD Hooking using LD_PRELOAD Hooking using RTLD_NEXT LD_AUDIT linker listening mechanism GCC function instrumentation feature (-finstrument-functions) In this article, we will learn about Linux from symbol hijacking to runtime tracing: function hooking (LD_PRELOAD), audit stream hijacking (LD_AUDIT), and function instrumentation, as well as how to use and leverage these tools. Hooking … Read more