Modifying a Dynamic Library Without Changing the Source Code

November 2nd, 2004 by Greg Kroah-Hartman in
Software

Placing your own code between a program and the libraries it is linked against is easy when you use the LD_PRELOAD environment variable.

Sometimes, you might want to determine what is happening in a shared library without modifying the library (have you tried to build glibc lately?). Other times, you might want to override only a few functions within a library and get them to do something else--force a process to a specific CPU, prevent a specific USB message from being sent and so on. All of these tasks are possible if you use the LD_PRELOAD environment variable and a small shim program placed between the application and the library.

As an example, say you create a shared library object called shim.so and want it to be loaded before any other shared library. Say you also want to run the program "test". These things can be done on the command line with LD_PRELOAD:


	LD_PRELOAD=/home/greg/test/shim.so ./test

This command tells glibc to load the library shim.so from the directory /home/greg/test first, before it loads any other shared libraries the test program might need.

It is quite easy to create a shim library, thanks to some help from an old e-mail sent by the kernel developer Anton Blanchard. His e-mail provides an example of how to do exactly this.

As an example, let us log some information about how the libusb library is being called by another program. libusb is a library used by programs to access USB devices from userspace, eliminating the need to create a kernel driver for all USB devices.
Starting with the usb_open() function provided by libusb, the following small bit of code is used to log all accesses to this function:
usb_dev_handle *usb_open(struct usb_device *dev)
{
  static usb_dev_handle *(*libusb_open)
             (struct usb_device *dev) = NULL;
  void *handle;
  usb_dev_handle *usb_handle;
  char *error;

  if (!libusb_open) {
    handle = dlopen("/usr/lib/libusb.so",
                    RTLD_LAZY);
    if (!handle) {
      fputs(dlerror(), stderr);
      exit(1);
    }
    libusb_open = dlsym(handle, "usb_open");
    if ((error = dlerror()) != NULL) {
      fprintf(stderr, "%s\n", error);
      exit(1);
    }
  }

  printf("calling usb_open(%s)\n", dev->filename);
  usb_handle = libusb_open(dev);
  printf("usb_open() returned %p\n", usb_handle);
  return usb_handle;
}

To compile this code, run GCC with the following options:


 gcc -Wall -O2 -fpic -shared -ldl -o shim.so shim.c

This command creates a shared library called shim.so from the shim.c source code file. Then, if the test program was run with the previous LD_PRELOAD line, any calls to the function usb_open() in the test function call our library function instead. The code within our function tries to load the real libusb library with a call to the function dlopen:


    handle = dlopen("/usr/lib/libusb.so",
                    RTLD_LAZY);

The option RTLD_LAZY is passed here, because I do not want the loader to resolve all symbols at this point in time. I want them resolved only when the shim code asks for them to be resolved.

If that function succeeds, the code then asks for a pointer to the real usb_open function with a call to dlsym:


    libusb_open = dlsym(handle, "usb_open");

If that function succeeds, the shim now has a pointer to the real libusb function. It can call the real function whenever it wants to, after logging some information to the screen:


  printf("calling usb_open(%p)\n", dev);
  usb_handle = libusb_open(dev);

This also allows the code to do something after the library function has been called and before control is returned to the original program.

An example of running a program with this shim in place might produce the following output:


 calling usb_open(002)
 usb_open() returned 0x8061100
 calling usb_open(002)
 usb_open() returned 0x8061100
 calling usb_open(002)
 usb_open() returned 0x8061100
 calling usb_open(002)
 usb_open() returned 0x8061100
 calling usb_open(002)
 usb_open() returned 0x8061120
 calling usb_open(002)
 usb_open() returned 0x8061120

To log a more complex function, such as usb_control_message, the same thing needs to be done as was done for usb_open:


int usb_control_msg(usb_dev_handle *dev, 
                    int requesttype,
                    int request,
                    int value,
                    int index,
                    char *bytes,
                    int size,
                    int timeout)
{
  static int(*libusb_control_msg)
            (usb_dev_handle *dev,
             int requesttype, int request,
             int value, int index, char *bytes,
             int size, int timeout) = NULL;
  void *handle;
  int ret, i;
  char *error;

  if (!libusb_control_msg) {
    handle = dlopen("/usr/lib/libusb.so", RTLD_LAZY);
    if (!handle) {
      fputs(dlerror(), stderr);
      exit(1);
    }
    libusb_control_msg = dlsym(handle, "usb_control_msg");
    if ((error = dlerror()) != NULL) {
      fprintf(stderr, "%s\n", error);
      exit(1);
    }
  }

  printf("calling usb_control_msg(%p, %04x, "
         "%04x, %04x, %04x, %p, %d, %d)\n"
         "\tbytes = ", dev, requesttype, 
         request, value, index, bytes, size,
         timeout);
  for (i = 0; i < size; ++i)
    printf ("%02x ", (unsigned char)bytes[i]);
  printf("\n");

  ret = libusb_control_msg(dev, requesttype, 
                           request, value, 
                           index, bytes, size,
                           timeout);

  printf("usb_control_msg(%p) returned %d\n"
         "\tbytes = ", dev, ret);
  for (i = 0; i < size; ++i)
    printf ("%02x ", (unsigned char)bytes[i]);
  printf("\n");

  return ret;
}

Running the test program again with the shim library loaded produces the following output:


usb_open() returned 0x8061100
calling usb_control_msg(0x8061100, 00c0, 0013, 6c7e, c41b, 0x80610a8, 8, 1000)
        bytes = c9 ea e7 73 2a 36 a6 7b 
usb_control_msg(0x8061100) returned 8
        bytes = 81 93 1a c4 85 27 a0 73 
calling usb_open(002)
usb_open() returned 0x8061120
calling usb_control_msg(0x8061120, 00c0, 0017, 9381, c413, 0x8061100, 8, 1000)
        bytes = 39 83 1d cc 85 27 a0 73 
usb_control_msg(0x8061120) returned 8
        bytes = 35 15 51 2e 26 52 93 43 
calling usb_open(002)
usb_open() returned 0x8061120
calling usb_control_msg(0x8061120, 00c0, 0017, 9389, c413, 0x8061108, 8, 1000)
        bytes = 80 92 1b c6 e3 a3 fa 9d 
usb_control_msg(0x8061120) returned 8
        bytes = 80 92 1b c6 e3 a3 fa 9d

Using the LD_PRELOAD environment variable, it is easy to place your own code between a program and the libraries it is linked against.

Greg Kroah-Hartman currently is the Linux kernel maintainer for a variety of different driver subsystems. He works for IBM, doing Linux kernel-related things, and can be reached at greg@kroah.com.

__________________________

Special Magazine Offer -- Free Gift with Subscription
Receive a free digital copy of Linux Journal's System Administration Special Edition as well as instant online access to current and past issues. CLICK HERE for offer

Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.

Can you post that code

On March 19th, 2009 Flowers (not verified) says:

Can you post that code perchance?

I have found interesting

On January 3rd, 2009 Anonymous (not verified) says:

I have found interesting sources and would like to give the benefit of my experience to you.
I am tuning my pc by the best software for free, with the file search engine DornFall
May be you have your own experience and could give some useful sites too. Because this social site help me much.

A little thing you forgot

On November 4th, 2004 grib (not verified) says:

You wrote:
This command tells glibc...

Hmm, lets see:
$ man ld.so NAME ld.so/ld-linux.so - dynamic linker/loader ... ENVIRONMENT ... LD_PRELOAD A whitespace-separated list of additional, user-specified, ELF shared libraries to be loaded before all others. This can be used to selectively override functions in other shared libraries. For setuid/setgid ELF binaries, only libraries in the standard search directories that are also setgid will be loaded. ... $
So, LD_PRELOAD affects the dynamic linker rather than glibc.

It's possible to override

On September 27th, 2006 promag (not verified) says:

It's possible to override dlopen and dlsym?

Yes

On November 11th, 2006 i3839 (not verified) says:

Yes, it is, but you need to do extra work if you want to call the real ones yourself (there are special linking options which can ahcieve this).

poor man's AOP ?

On November 4th, 2004 kevin bedell (not verified) says:

This strikes me as describing a fundamental way to implement AOP on theop of the Linux Kernel.

Anyone heaerd of people taking this idea further and actually trying to build an AOP implementation?

re: force a process to a specific CPU

On November 3rd, 2004 Anonymous (not verified) says:

Ahh, the teaser promises binding to a single CPU -- can you post that code perchance?

Thanks!

Nice example. A trick that be

On November 3rd, 2004 bildrulle (not verified) says:

Nice example. A trick that be usefull for many things. But this particular example could just as easily have been achived by running the ltrace command.

Re: Nice example. A trick that be

On November 4th, 2004 Anonymous (not verified) says:

Ltrace is nice, but the LD_PRELOAD shim can do more things with the shimmed function(s). For example, it might only print out the trace message when certain conditions are met in the parameters. Or, every call to the shimmed function could scan target library internal data structures for corruption. Etc.

thats one of the problems wit

On November 3rd, 2004 gfdsa (not verified) says:

thats one of the problems with open source today, it became "too much", for every thing you want to do, there are a few ways

no problem :)

On November 3rd, 2004 Anonymous (not verified) says:

It's not a problem, to have a lot of options, it's flexibility and last not least, it's freedom.

It's an illusion of freedom

On November 4th, 2004 Anonymous (not verified) says:

It's an illusion of freedom

I know you

On November 4th, 2004 Anonymous (not verified) says:

Osama, is that you?

Post new comment

The Latest


Would You Like Linux With Your Jello?	Jul-03-09
Celebrate the 4th of July From the Command Line	Jul-02-09
Fireworks from the Command Line	Jul-02-09
Tech Tip: Color man Pages	Jul-02-09
Reserve Your Space on the Australian Stage	Jul-01-09
Making Processes Feel Important	Jul-01-09

Each week Linux Journal editors will tell you what's hot in the world of Linux. You will receive late breaking news, technical tips and tricks, and links to in-depth stories featured on www.linuxjournal.com.

Tech Tip Videos

Celebrate the 4th of July From the Command Line
Jul-02-09
Making Processes Feel Important
Jul-01-09
Reading Lots of Text with More and Less
Jun-30-09
Getting User Input in a Shell Script
Jun-29-09

Recently Popular


Bash Extended Globbing	4.40909
Why Python?	4.49468
Would You Like Linux With Your Jello?	5
Fireworks from the Command Line	5
Celebrate the 4th of July From the Command Line	4.57143
Tech Tip: Color man Pages	4.8

July 2009, #183

News Flash: Linux Kernel 3.0 to include an on-the-go Expresso machine interface! Ok, maybe not, but Linux is definitely going mobile, from phones to e-readers. Find out more inside about Android, the Kindle 2, the Western Digital MyBook II, The Bug, and Indamixx (a portable recording studio). And if you've gone mobile and you been wanting more Emacs in your life then check out Conkeror.

To compliment the mobile we've got the stationary: parsing command line options with getopt, checking your Ruby code with metric_fu, and building a secure Squid proxy. How is this stationary you ask? What can we say? It's not. We just wanted to see if anybody actually read this part of the page :) .

All this and more, and all you have to do is get your hot sweaty hands on the latest copy of Linux Journal.

Read this issue

Contribute to the Linux Journal Flickr Pool
Follow Linux Journal on Twitter
Add Linux Journal to your RSS reader
Meet other readers on Facebook
Get Linux Journal Miis