Disclaimer: In no event shall the blog owner, be liable for any damages, including without limitation, special, indirect or consequential damages, or any damages, whatsoever resulting from access or use, or inability to access or use this Website or arising out of any materials, information, qualifications or recommendations on this Website.

25 April 2011

Simple antidebugging methods (part 2)

This is a really old techine, but still works:

#include <signal.h>
#include <stdio.h>
#include <stdlib.h>

void handler(int theSignal)
{
        printf("No debugger found\n");
        exit(0);
}

int main()
{
        signal(SIGTRAP, handler);
        __asm__("int3");
        printf("Debugger found\n");
        exit(1);
}

When run normally:

riker3:tmp sharek$ ./test 
No debugger found
riker3:tmp sharek$

And with a debugger:

riker3:tmp sharek$ gdb ./test
[...]
(gdb) r
[...]
Program received signal SIGTRAP, Trace/breakpoint trap.
0x0000000100000eaf in main ()
(gdb) c
Continuing.
Debugger found

Program exited with code 01.
(gdb) q
riker3:tmp sharek$

Enjoy!

Posted at BinaryCell
at 12:01
Labels:

1 comments:

Rubén Hortas said...

Good post :)
I'll go to try it so soon as I can, ty!

April 25, 2011 3:11 PM

Post a Comment