> For the complete documentation index, see [llms.txt](https://davidjosearaujo.gitbook.io/notes-mcs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://davidjosearaujo.gitbook.io/notes-mcs/reverse-engineering/binary-analysis/dynamic-linker.md).

# Dynamic Linker

Vital for the loading process, and can help reverse a program.

* Provide information about the loaded libraries.
* Help to debug the linking process.
* Force linking with custom libraries.
* And many others.

Communication is achieved through environmental variables.

* In the format LD\_\*.
* Setting a variable, or setting a variable with a specific value, activates Linker features.

## LD\_LIBRARY\_PATH

A list of directories in which to search for ELF libraries at execution time.

* The items in the list are separated by either colons or semicolons.
* A zero-length directory name indicates the current working directory.

Activating: `LD_LIBRARY_PATH=libs ./progname`.

* Linker will look into ./libs while loading libraries for the program.
* Allows having a different set of libraries for the program (E.g., debug versions).

## LD\_BIND\_NOW

This causes the dynamic linker to **resolve all symbols at program startup** instead of deferring function call resolution to the point when they are first referenced.

* Especially useful for debugging as all symbols point to their correct location.

Activated by setting the variable: `LD_BIND_NOW=1 progname`.

<figure><img src="/files/6FLCwPAdSWVkecLSDSvU" alt=""><figcaption><p><code>LD_BIND_NOT</code> not set</p></figcaption></figure>

<figure><img src="/files/BgsfgQLW0fSNdq0NRyIN" alt=""><figcaption><p><code>LD_BIND_NOW</code> is set</p></figcaption></figure>

## LD\_DEBUG

Output verbose debugging information about the dynamic linking.

* Allows tracing the operation of the linker.
* Debug where libraries are loading from.
* Determine if libraries are being loaded and which symbols trigger the event.
* Determine the search path used in looking for libraries.

The content of this variable is one of more of the following categories, separated by colons/commas, and spaces:

* help, all, bindings, files, reloc, scopes, statistics, symbols, unused, version.

Use: `LD_DEBUG=option programname`

<figure><img src="/files/HNSTXFEJv2ee1YISBVQ0" alt=""><figcaption></figcaption></figure>

## LD\_PRELOAD

A list of additional, user-specified, ELF shared objects to be loaded before all others.

* This feature can be used to **selectively override functions** in other shared objects.
* Symbols present in the provided ELF Shared objects are used instead of the original.
* Only the functions available in the shared object will be overwritten.

Use: `LD_PRELOAD=./liboverride.so progname`

* Useful to provide custom implementations of any function in the program.
* Custom implementation can call the original implementation through manual symbol loading.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://davidjosearaujo.gitbook.io/notes-mcs/reverse-engineering/binary-analysis/dynamic-linker.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.