dlsym() with the RTLD_NEXT flag basically:
https://catonmat.net/simple-ld-preload-tutorial-part-two
There's actually a better way to hook GNUs malloc:
https://www.man7.org/linux/man-pages/man3/malloc_hook.3.html
This is better because you can disable the hook inside the callback, and therefore use malloc within your malloc hook (no recursion)
But you can't use this mechanism before main()
The use of these hook functions is not safe in multithreaded
programs, and they are now deprecated. From glibc 2.24 onwards,
the __malloc_initialize_hook variable has been removed from the
API, and from glibc 2.34 onwards, all the hook variables have been
removed from the API. Programmers should instead preempt calls to
the relevant functions by defining and exporting malloc(), free(),
realloc(), and calloc().Yeah. Shame though because it gave you the option to control exactly when you hooked and didn't hook, which let stop and start debugging allocations based on arbitrary triggers.
The global variable approach was very useful and pretty low overhead.
You can still override malloc and call __libc_malloc if you do not want to bother with dlsym/RTLD_NEXT. These function aliases are undocumented, but for a quick experiment, that shouldn't matter.
If you only wanted to observe the behavior the post is discussing, it seems like `ltrace -e malloc` is a lot easier.