I put together a tiny, observe‑only LD_PRELOAD template aimed at RE workflows. It interposes a function in a self‑owned .so, logs args/ret/latency to CSV, and auto‑plots a histogram in GitHub Actions. Useful as a lightweight dynamic probe before pulling out heavier tooling.

• What you get

  • libhook.so that forwards via dlsym(RTLD_NEXT, ...)

  • Demo target libdemo.so and a small driver

  • hook.csv + latency.png (generated locally or in CI artifacts)

  • Clean Makefile and a CI pipeline: build → run with LD_PRELOAD → plot → upload

• Quick start

• git clone https://github.com/adilungo39/libdemo-instrumentation cd libdemo-instrumentation make && make run && make plot

• Artifacts are also downloadable from the repo’s Actions tab (ci-artifacts).

• How it works (core idea)

• real_demo_add = (demo_add_fn)dlsym(RTLD_NEXT, "demo_add"); // take timestamps around the real call, then append a CSV line

• The interposer uses constructor/destructor hooks for setup/teardown and logs: ts,a,b,r,ms.

• Why RE folks might care

Feedback welcome: features you’d want for RE (symbol selection, demangling, GOT/PLT tricks, multi‑thread correlation, JSON lines, env‑driven filters). If useful, feel free to fork or open issues.

Flair suggestion: Tooling / PoC

• Fast dynamic probe to sanity‑check call behavior and timing

• Template for writing custom interposers, adding filters, thread IDs, JSON output, p95/p99, etc.

• CI‑friendly: every push produces fresh logs and plots

• Scope and limitations

  • Linux/glibc, gcc; intended for self‑owned code or permitted scenarios

  • Minimal example (single symbol, simple logging); not a general tracer