Linux antidebug 2

Content: This is dirty solution it checks programms argv[0] name with your defined namewhen running debuger such as gdb or ald name is chaned to fullpath nameuser defined name from terminal is './main'.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
 
int main( int argc , char **argv )
{
    pid_t pid,ppid;
    FILE *f;
    char str[128];
    char spid[10];
     
    //openfile and write ppid
    f = fopen( "pid.txt" , "w" );
    pid = getpid();
    fprintf(f,"%d ",pid);
    fclose( f );
    f = fopen( "pid.txt" , "r" );
    fscanf( f , "%s" , spid );
    fclose( f );
     
    strcpy( str , "cat /proc/" );
    strcat( str , &spid[0] );
    strcat( str , "/cmdline");
    printf( "[%s]\n", spid );
    system( str );
     
    printf("\n");
}

Dirty function that makes dirty solution at one place

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
int badppid( const char *real_name )
{
    pid_t pid,ppid;
    FILE *f;
    char str[128];
    char spid[10];
        f = fopen( "pid.txt" , "w" );
    pid = getpid();
    fprintf(f,"%d ",pid);
    fclose( f );
     
     
    f = fopen( "pid.txt" , "r" );
    fscanf( f , "%s" , spid );
    fclose( f );
     
     
    strcpy( str , "cat /proc/" );
    strcat( str , &spid[0] );
    strcat( str , "/cmdline > name.txt");
    system( str );
     
    f = fopen( "name.txt" , "r" );
    fscanf( f , "%s" , str );
    fclose( f );
    if ( strncmp(str,real_name,strlen(real_name)) != 0 )
    {
        return -1;
    }
     
    return 0;
}

Downloads

http://archive.main.lv/files/writeup/linux_antidebug_2/antidebug2.tar.gz