Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What are the differences between LD_PRELOAD and strace?

Both methods are used to gather system calls also parameters and return values of them. When we prefer LD_PRELOAD and why? Maybe we can say that we can only gather syscalls via strace but we can gather library calls with LD_PRELOAD trick. However, there is another tracer for libraries whose name is ltrace.

like image 636
Ricardo Cristian Ramirez Avatar asked Dec 13 '12 17:12

Ricardo Cristian Ramirez


1 Answers

strace is using the ptrace(2) syscall (with PTRACE_SYSCALL probably), so will catch every system call (thru kernel hooks installed by ptrace). It will work on any executable, even on statically linked ones, or those using something else than your distribution's GNU Glibc (like e.g. musl-libc, or some assembly written utility like old versions of busybox).

LD_PRELOAD tricks use the dynamic loader e.g. /lib64/ld-linux-x86-64.so.2 or /lib/ld.so (see ld.so(8) man page) etc... so won't work with statically linked executables (or those using something else than your dynamic loader and your GNU libc).

ltrace is probably also ptrace based.

And all these are being free software, you could study their source code (and improve it).

like image 50
Basile Starynkevitch Avatar answered Sep 22 '22 15:09

Basile Starynkevitch