Simple antidebugging methods (part 1)
Interesting an easy to catch antidebugging technique is using ptrace, some commercial application like cider (TransGaming) uses them on they game ports:
This example is in valid on Objective C / pure C / C++:
$ gdb ./test
[...]
(gdb) r
Starting program: test
Reading symbols for shared libraries .++++....................... done
Program exited with code 055.
(gdb)
Posted at BinaryCell
This example is in valid on Objective C / pure C / C++:
#import <Foundation/Foundation.h> #include <sys/types.h> #include <sys/ptrace.h> int main (int argc, const char * argv[]) { ptrace(PT_DENY_ATTACH, 0, 0, 0); […] return 0; }Debugging them may result a rapid crash:
$ gdb ./test
[...]
(gdb) r
Starting program: test
Reading symbols for shared libraries .++++....................... done
Program exited with code 055.
(gdb)
This method is really simply and easy to patch, have fun!
Posted at BinaryCell
Comments
Post a Comment