[banthar]

I've used both LD_PRELOAD and Detours and I like LD_PRELOAD so much better. LD_PRELOAD just needs single standard shared library and one environment variable. With Detours you have to: inject code into executable, stop threads, worry about races, protecting/unprotecting memory. The way it's implemented also feels like a big hack. The hooks are injected into first few instructions of hooked methods. Some system functions even deliberately leave blank space there. I'm yet to encounter a use case where all this complexity is useful.

[nwellnhof]

That's because ELF allows symbol interposition and PE (Portable Executable) doesn't have a comparable feature. Symbol interposition doesn't come without a price, though, and is often criticized: https://www.macieira.org/blog/2012/01/sorry-state-of-dynamic... | https://www.airs.com/blog/archives/307 | https://news.ycombinator.com/item?id=8029564

[sandGorgon]

>The ELF dynamic linking mechanism is designed to emulate static linking. That's like designing cars to neigh and occasionally kick people to death with robot legs that exist only for this purpose.

That comment wins thread.