1 files changed, 84 insertions, 0 deletions

diff --git a/md/writeup/linux_antidebug_2.md b/md/writeup/linux_antidebug_2.md
new file mode 100644
index 0000000..b4c60e1
--- /dev/null
+++ b/md/writeup/linux_antidebug_2.md
@@ -0,0 +1,84 @@
+title:Linux antidebug 2
+keywords:linux,debug,antidebug
+
+# Linux antidebug 2
+Content: This is dirty solution it checks programms argv[0] name
+with your defined namewhen running debuger such as gdb or ald name is
+chaned to fullpath nameuser defined name from terminal is './main'.
+
+```c
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+ 
+int main( int argc , char **argv )
+{
+    pid_t pid,ppid;
+    FILE *f;
+    char str[128];
+    char spid[10];
+     
+    //openfile and write ppid
+    f = fopen( "pid.txt" , "w" );
+    pid = getpid();
+    fprintf(f,"%d ",pid);
+    fclose( f );
+    f = fopen( "pid.txt" , "r" );
+    fscanf( f , "%s" , spid );
+    fclose( f );
+     
+    strcpy( str , "cat /proc/" );
+    strcat( str , &spid[0] );
+    strcat( str , "/cmdline");
+    printf( "[%s]\n", spid );
+    system( str );
+     
+    printf("\n");
+}
+```
+
+Dirty function that makes dirty solution at one place
+
+```c
+int badppid( const char *real_name )
+{
+    pid_t pid,ppid;
+    FILE *f;
+    char str[128];
+    char spid[10];
+        f = fopen( "pid.txt" , "w" );
+    pid = getpid();
+    fprintf(f,"%d ",pid);
+    fclose( f );
+     
+     
+    f = fopen( "pid.txt" , "r" );
+    fscanf( f , "%s" , spid );
+    fclose( f );
+     
+     
+    strcpy( str , "cat /proc/" );
+    strcat( str , &spid[0] );
+    strcat( str , "/cmdline > name.txt");
+    system( str );
+     
+    f = fopen( "name.txt" , "r" );
+    fscanf( f , "%s" , str );
+    fclose( f );
+    if ( strncmp(str,real_name,strlen(real_name)) != 0 )
+    {
+        return -1;
+    }
+     
+    return 0;
+}
+```
+
+## Downloads
+
+http://archive.main.lv/files/writeup/linux_antidebug_2/antidebug2.tar.gz
+
+
+
+