Function hooking allows the interception, modification or redirection of function calls in an application at runtime, allowing the behaviour of the programme to be altered without needing to change or recompile its code.
The LD_PRELOAD environment variable allows users to specify shared libraries that should be loaded before all others when a programme is executed, thus enabling users to selectively override functions in the original libraries and use their own code at runtime.
This article gives a practical example of using LD_PRELOAD and function hooking to beat a random number guessing game that claims to be ‘impossible’ to beat without luck.
Users first identify the libraries the binary depends on, generate a hooked function with the same signature as the rand() function from the C Standard Library and compile it as a shared library.
Loading this shared library into the binary using LD_PRELOAD generates a pre-determined number, enabling the user to beat the game.
Additionally, the article demonstrates how to call the original (hooked) function using the dlsym function from the dynamic linking library, libdl.