2010-02-26 Linux antidebug 2

This is dirty solution it checks programms argv[0] name with your defined name
when running debuger such as gdb or ald name is chaned to fullpath name
user defined name from terminal is './main'.

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
 
int main( int argc , char **argv )
{
	pid_t pid,ppid;
	FILE *f;
	char str[128];
	char spid[10];
 
	//openfile and write ppid
	f = fopen( "pid.txt" , "w" );
	pid = getpid();
	fprintf(f,"%d ",pid);
	fclose( f );
	f = fopen( "pid.txt" , "r" );
	fscanf( f , "%s" , spid );
	fclose( f );
 
	strcpy( str , "cat /proc/" );
	strcat( str , &spid[0] );
	strcat( str , "/cmdline");
	printf( "[%s]\n", spid );
	system( str );
 
	printf("\n");
}

Dirty function that makes dirty solution at one place

int badppid( const char *real_name )
{
	pid_t pid,ppid;
	FILE *f;
	char str[128];
	char spid[10];
		f = fopen( "pid.txt" , "w" );
	pid = getpid();
	fprintf(f,"%d ",pid);
	fclose( f );
 
 
	f = fopen( "pid.txt" , "r" );
	fscanf( f , "%s" , spid );
	fclose( f );
 
 
	strcpy( str , "cat /proc/" );
	strcat( str , &spid[0] );
	strcat( str , "/cmdline > name.txt");
	system( str );
 
	f = fopen( "name.txt" , "r" );
	fscanf( f , "%s" , str );
	fclose( f );
	if ( strncmp(str,real_name,strlen(real_name)) != 0 )
	{
		return -1;
	}
 
	return 0;
}

Source

www.main.lv

Don't think just code it

Menu

Tags

Archive

2010-02-26 Linux antidebug 2