Both methods are used to gather system calls also parameters and return values of them. When we prefer LD_PRELOAD
and why? Maybe we can say that we can only gather syscalls via strace
but we can gather library calls with LD_PRELOAD
trick. However, there is another tracer for libraries whose name is ltrace
.
strace
is using the ptrace(2) syscall (with PTRACE_SYSCALL
probably), so will catch every system call (thru kernel hooks installed by ptrace
). It will work on any executable, even on statically linked ones, or those using something else than your distribution's GNU Glibc (like e.g. musl-libc, or some assembly written utility like old versions of busybox
).
LD_PRELOAD
tricks use the dynamic loader e.g. /lib64/ld-linux-x86-64.so.2
or /lib/ld.so
(see ld.so(8) man page) etc... so won't work with statically linked executables (or those using something else than your dynamic loader and your GNU libc).
ltrace
is probably also ptrace
based.
And all these are being free software, you could study their source code (and improve it).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With