I have another that I sometimes use: overriding getenv(3). (I typically just printf() the variable name and return NULL).<p>Most of the time you can spot environment variable usage in binaries using strings(1) (folks still like to use upper case env vars in non-system applications even though this goes against POSIX).<p>But by using LD_PRELOAD you can easily see if the program is actually hitting the codepath reads that variable without debuggers or grovelling about in the assembly.
Disappointed that my LD_PRELOAD exploit - still unpatched after 20 years! - did not make the list:<p><a href="http://lcamtuf.coredump.cx/soft/ld-expl" rel="nofollow">http://lcamtuf.coredump.cx/soft/ld-expl</a>
Nice list of fun hacks. My personal favorite preload is [stderr in red](<a href="https://github.com/sickill/stderred" rel="nofollow">https://github.com/sickill/stderred</a>). (Not my github, but I've used this for a long time on my macbook)
I actually recently worked on an LD_PRELOAD wrapper to enable TLS for existing plain sockets.<p><a href="https://github.com/zliuva/ktlswrapper" rel="nofollow">https://github.com/zliuva/ktlswrapper</a><p>Did it for fun to get my Transmission daemon behind TLS without socat or nginx.
> <i>drop files content from page cache after closing, useful for backups</i><p>It took me a minute to understand why this is useful for backups. It prevents your backup tool from leaving a bunch of stuff in cache that isn't needed. It's a performance thing. (And it's not a data integrity thing, which came to mind because one reason for flushing a cache is to be sure writes to the underlying layer been done.)<p>This leads to an interesting question: do most backup tools not already have this optimization built in? From a quick perusal of the GNU tar manual page and source and running it under strace, it doesn't seem like it supports it. (Though tar is really more of an archive tool than a backup tool, which isn't precisely the same thing.)
It reminds me my experiments to get a debian rootfs running on a plain Android terminal emulator without something like termux.<p>I remember I used LD_PRELOAD along with fakechroot and fakeroot packages to get most things working. Those days' android allowed running statically linked binaries among other things.<p>(except DNS resolution and argv[0] was always ${some_large_path}/ld-linux-armhf.so, as I invoked glibc dynamic loader)..<p>Those days I didn't have a laptop and learned some C programming and unix stuff through termux. I sometimes think, as a CSE student, I lack the enthusiasm I had in those 12th grade days..
the most crazy LD_PRELOAD was using 4.X kernel on a centos6 machine with LKL<p><a href="https://github.com/lkl/linux" rel="nofollow">https://github.com/lkl/linux</a><p>There are tons of extremely OpenVZ hostings on the interweb but with an ancient 2.6 kernel like centos5.<p>With LKL you can enjoy the benefits of modern kernel with minimal performance penalty.<p>Submitted an issue here: <a href="https://github.com/gaul/awesome-ld-preload/issues/1" rel="nofollow">https://github.com/gaul/awesome-ld-preload/issues/1</a>
As far as I know LD_PRELOAD does not allows overriding syscalls, for example mmap. I believe also open call can not be overriden to (because it is a syscall too), so I wonder how ld-preload-open works?<p><a href="https://stackoverflow.com/a/31439038" rel="nofollow">https://stackoverflow.com/a/31439038</a>
<a href="https://github.com/libhugetlbfs/libhugetlbfs" rel="nofollow">https://github.com/libhugetlbfs/libhugetlbfs</a> can use LD_PRELOAD to remap segments onto huge pages for a performance boost (via fewer TLB misses).
Here's another that I've found useful:<p><a href="https://github.com/mariusae/trickle" rel="nofollow">https://github.com/mariusae/trickle</a><p>"Trickle is a userland bandwidth shaper for Unix-like systems."
LD_PRELOAD is powerful. For example run pacman4console, but hide that with a LD_PRELOAD calling prctl() and overwriting the argv array. So even if your boss knows ps he will not know you're playing.
Is the existence of LD_PRELOAD a <i>strong</i> argument in favor of static linking?<p>I hadn't heard of LD_PRELOAD before now, but my first reaction was "oh wow, better static link <i>all the things</i>!". Is that wrong?