19 April 2011

Simple antidebugging methods (part 1)

Interesting an easy to catch antidebugging technique is using ptrace, some commercial application like cider (TransGaming) uses them on they game ports:

This example is in valid on Objective C / pure C / C++:

#import <Foundation/Foundation.h>

#include <sys/types.h>
#include <sys/ptrace.h>

int main (int argc, const char * argv[])
{
    ptrace(PT_DENY_ATTACH, 0, 0, 0);
    []
    return 0;
}
Debugging them may result a rapid crash:

$ gdb ./test
[...]
(gdb) r
Starting program: test
Reading symbols for shared libraries .++++....................... done

Program exited with code 055.
(gdb)

This method is really simply and easy to patch, have fun!


Posted at BinaryCell

No comments:

Post a Comment


Disclaimer: In no event shall the blog owner, be liable for any damages, including without limitation, special, indirect or consequential damages, or any damages, whatsoever resulting from access or use, or inability to access or use this Website or arising out of any materials, information, qualifications or recommendations on this Website.