How to make static linked ELF file to load LD_PRELOAD .so

Question

I have static linked binary (ELF file) it doesn't have dynamic segment, .dymsym sections and it doesn't perform LD_PRELOAD command and etc. How could i create fake dummy dynamic segment to activate dynamic loader and perform LD_PRELOAD command?

Answer 1

I will start by saying that I don't think that your proposed solution works, but there is a way load dynamic libraries into static binaries (which answers tyour initial question).

How to make static linked ELF file to load LD_PRELOAD .so

To do such you will need to call the linker directly such as ld.so (exactly the same as calling a normal executable). If you are not finding it, check for the following paths:

ls /lib64/ld*
ls /lib/ld*

You shloud find a linker for x86(32bits) and 64bits. Choose the one compatible with binary you want to inject. In fact you can also use --help to show some of the options. The last part is calling the loader with the --preload option and the executable, like this:

/lib64/ld-linux-x86-64.so.2 --preload /path/to/shared_lib.so /path/to/executable

You might want to check ld.so manpages as well.

NOTE: This will not replace the symbols on the binary (aka replacing with the injected implementation), however this can be useful for enabling restrictions on the process with things like SECCOMP or Landlock LSM.

Answer 2

How could i create fake dummy dynamic segment to activate dynamic loader and perform LD_PRELOAD command?

You can't.

Even if you could, getting LD_PRELOAD to preload something would still be useless: usually you want to interpose some symbols in your LD_PRELOADed library, but that requires these symbols to be unresolved in the main binary, or at least exported in its dynamic symbol table. A statically linked executable doesn't have any unresolved symbols, nor a dynamic symbol table by definition.