2011-9-15 Linux antidebug 4
Content: Here is one more method how to check if your
application is debugged. Need to set signal handler with handles
interrupt number 3 with is used for step by step debugging
Compile:
Run:
Example with asm
Compile:
Tested and works for gdb and ald.
application is debugged. Need to set signal handler with handles
interrupt number 3 with is used for step by step debugging
Compile:
gcc main.c -o main
#include#include #include #define FALSE 0 #define TRUE 1 void sig_handler( int ); int debuging; int main() { debuging = FALSE; signal(SIGTRAP, sig_handler); __asm__("int3"); if (debuging == FALSE) { printf("Nothing special\n"); } else { printf("Playing seek and hide\n"); } exit(1); } void sig_handler( int sig) { debuging = TRUE; }
Run:
./mainExample with asm
Compile:
fasm ad4.asm ad4.o
gcc ad4.o -o ad4
format ELF include 'ccall.inc' SYS_EXIT equ 1 SIGTRAP equ 5 TRUE equ 1 FALSE equ 0 section '.text' executable public main extrn printf extrn exit extrn signal main: ccall signal, SIGTRAP, sig_handler int 3h cmp [debug],FALSE jne no_dbg ccall printf,str1 jmp exit no_dbg: ccall printf,str2 to_exit: mov eax, SYS_EXIT mov ebx, 0 int 80h sig_handler: param1 equ dword [ebp+8] mov [debug], TRUE ret section '.data' writable debug db FALSE str1 db "Under debug",0xA,0 str2 db "No debug",0xA,0
Tested and works for gdb and ald.