2010-02-26 Linux antidebug 2
This is dirty solution it checks programms argv[0] name with your defined name
when running debuger such as gdb or ald name is chaned to fullpath name
user defined name from terminal is './main'.
#include <stdlib.h> #include <stdio.h> #include <string.h> #include <sys/types.h> int main( int argc , char **argv ) { pid_t pid,ppid; FILE *f; char str[128]; char spid[10]; //openfile and write ppid f = fopen( "pid.txt" , "w" ); pid = getpid(); fprintf(f,"%d ",pid); fclose( f ); f = fopen( "pid.txt" , "r" ); fscanf( f , "%s" , spid ); fclose( f ); strcpy( str , "cat /proc/" ); strcat( str , &spid[0] ); strcat( str , "/cmdline"); printf( "[%s]\n", spid ); system( str ); printf("\n"); }
Dirty function that makes dirty solution at one place
int badppid( const char *real_name ) { pid_t pid,ppid; FILE *f; char str[128]; char spid[10]; f = fopen( "pid.txt" , "w" ); pid = getpid(); fprintf(f,"%d ",pid); fclose( f ); f = fopen( "pid.txt" , "r" ); fscanf( f , "%s" , spid ); fclose( f ); strcpy( str , "cat /proc/" ); strcat( str , &spid[0] ); strcat( str , "/cmdline > name.txt"); system( str ); f = fopen( "name.txt" , "r" ); fscanf( f , "%s" , str ); fclose( f ); if ( strncmp(str,real_name,strlen(real_name)) != 0 ) { return -1; } return 0; }
Source
2010-02-23 Linux antidebug 1
When ptrace is used for programm debugin then only one ptrace can be attached to programm
when we trying run ptrace with PTRACE_TRACEME then we get -1. I tested with gdb,ald. Also this method should
work with IDApro
#include <stdlib.h> #include <stdio.h> #include <sys/ptrace.h> long int ptraced() { return (ptrace(PTRACE_TRACEME, 0, 0, 0) == -1); } int main() { if ( ptraced() ) { printf("Ptraced!\n"); } return 0; }
Source