Hi, > As to LD_PRELOAD, it is also used for privilege escalation. Will it be regarded as vulnerability and forbidden on some Linux systems? It could yes. In that case you will be limited to the syscalls interface for the libc observability unless you instrument it and distribute it. Cheers.