Friday, February 16, 2018

Anti GDB ( debugger ) Program


Anti GDB ( debugger ) Program 

GDB use ptrace system call to attach to running program , this little trick below can
terminate the process as soon as it detects the program is ran using GDB.
Since Debugger can only one PTRACE another instance will fail.
#include
#include
void anti_debug(void)
{
        if(ptrace(PTRACE_TRACEME,0,0,0))
        {
                printf("Attached to debugger with terminate\n");
                kill(getpid());
                exit(0);
        }
}
main()
{
anti_debug();
printf("Anti GDB Code\n");
}


root@embsys-VirtualBox:~/github/intx/usrc/antigdb# ./a.out
Anti GDB Code

root@embsys-VirtualBox:~/github/intx/usrc/antigdb# gdb a.out
..
Reading symbols from a.out...(no debugging symbols found)...done.
(gdb) r
Starting program: /home/embsys/github/intx/usrc/antigdb/a.out
Attached to debugger with terminate-----------------------------------> Exit from the Program
[Inferior 1 (process 12902) exited normally]

Good Read:
https://majantali.net/2016/10/how-breakpoints-are-set/
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

XDP - Getting Started with XDP (Linux)

  • SIP/VOIP/IMS Interview Questions
    Below is the list of VOIP Interview questions , that will cover most of the interview questions If you find it useful please do write comme...
  • XDP - Getting Started with XDP (Linux)
      XDP Introduced in Linux 4.8 eBPF hook at the driver level (ingress) Intercept packet before it reaches the stack, before allocating sk_buf...
  • Fake i2c device( i2c-stub)
    If you want to test I2C client implementation without actual hardware you can do this with i2c-stub. Kernel has a Fake I2C master a...