Intercepting Function/System Calls in Linux
===========================================

Option 1: `LD_PRELOAD`
----------------------

* No need to re-link
* Works for *all* functions
* Works only on dynamically linked executables

Example:
```c
#include <stdlib.h>
#include <dlfcn.h>
#include <errno.h>

void *malloc(size_t size) {
    // before call to malloc
    void *(* _malloc)(size_t);
    if ((_malloc = dlsym(RTLD_NEXT, "malloc")) == NULL) {
        errno = ENOSYS;
        return NULL;
    }
    void *ret = _malloc(size);
    // after call to malloc
    return ret;
}
```


Option 2: `gcc --wrap`
----------------------

* Need to re-link
* Relatively simple code:
  * Function name: `__wrap_<symbol>`
  * Call to real function inside wrapper: `__real_<symbol>`
* Works for *all* functions
* Works only on dynamically linked executables

Example:
```c
#include <stdlib.h>

void *__wrap_malloc(size_t size) {
    // before call to malloc
    void *ret = __real_malloc(size);
    // after call to malloc
    return ret;
}
```


Option 3: Linux kernel
----------------------

* Only works with Linux system calls
* Also works with statically linked executables