blob: 63325cc844aa8043b73d1b1a3ecc3afdc131f638 (
plain) (
tree)
|
|
title:Linux antidebug 4
keywords:linux,debug,antidebug
# Linux antidebug 4
Content: Here is one more method how to check if your
application is debugged. Need to set signal handler with handles
interrupt number 3 with is used for step by step debugging
Compile:
```
gcc main.c -o main
```
```c
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#define FALSE 0
#define TRUE 1
void sig_handler( int );
int debuging;
int main()
{
debuging = FALSE;
signal(SIGTRAP, sig_handler);
__asm__("int3");
if (debuging == FALSE)
{
printf("Nothing special\n");
} else
{
printf("Playing seek and hide\n");
}
exit(1);
}
void sig_handler( int sig)
{
debuging = TRUE;
}
```
Run:
```bash
./main
```
Example with asm
Compile:
```bash
fasm ad4.asm ad4.o
gcc ad4.o -o ad4
```
```asm
format ELF
include 'ccall.inc'
SYS_EXIT equ 1
SIGTRAP equ 5
TRUE equ 1
FALSE equ 0
section '.text' executable
public main
extrn printf
extrn exit
extrn signal
main:
ccall signal, SIGTRAP, sig_handler
int 3h
cmp [debug],FALSE
jne no_dbg
ccall printf,str1
jmp exit
no_dbg:
ccall printf,str2
to_exit:
mov eax, SYS_EXIT
mov ebx, 0
int 80h
sig_handler:
param1 equ dword [ebp+8]
mov [debug], TRUE
ret
section '.data' writable
debug db FALSE
str1 db "Under debug",0xA,0
str2 db "No debug",0xA,0
```
Tested and works for gdb and ald.
## Links
http://blog.binarycell.org/2011/04/simple-antidebugging-methods-part-2.html
## Downloads
http://archive.main.lv/files/writeup/linux_antidebug_4/antidebug4.zip
|
