diff options
Diffstat (limited to 'md/writeup/linux_antidebug_4.md')
-rw-r--r-- | md/writeup/linux_antidebug_4.md | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/md/writeup/linux_antidebug_4.md b/md/writeup/linux_antidebug_4.md new file mode 100644 index 0000000..63325cc --- /dev/null +++ b/md/writeup/linux_antidebug_4.md @@ -0,0 +1,118 @@ +title:Linux antidebug 4 +keywords:linux,debug,antidebug + +# Linux antidebug 4 +Content: Here is one more method how to check if your +application is debugged. Need to set signal handler with handles +interrupt number 3 with is used for step by step debugging + +Compile: + +``` +gcc main.c -o main +``` + +```c +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> + +#define FALSE 0 +#define TRUE 1 + +void sig_handler( int ); + +int debuging; + +int main() +{ + debuging = FALSE; + signal(SIGTRAP, sig_handler); + __asm__("int3"); + if (debuging == FALSE) + { + printf("Nothing special\n"); + } else + { + printf("Playing seek and hide\n"); + } + exit(1); +} + +void sig_handler( int sig) +{ + debuging = TRUE; +} +``` + + +Run: +```bash +./main +``` + +Example with asm + +Compile: + +```bash +fasm ad4.asm ad4.o + +gcc ad4.o -o ad4 +``` + +```asm +format ELF + +include 'ccall.inc' + +SYS_EXIT equ 1 +SIGTRAP equ 5 +TRUE equ 1 +FALSE equ 0 +section '.text' executable + +public main + +extrn printf +extrn exit +extrn signal + +main: + ccall signal, SIGTRAP, sig_handler + int 3h + + cmp [debug],FALSE + jne no_dbg + ccall printf,str1 + jmp exit + +no_dbg: + ccall printf,str2 + +to_exit: + mov eax, SYS_EXIT + mov ebx, 0 + int 80h + +sig_handler: + param1 equ dword [ebp+8] + mov [debug], TRUE + ret + +section '.data' writable + +debug db FALSE +str1 db "Under debug",0xA,0 +str2 db "No debug",0xA,0 +``` + +Tested and works for gdb and ald. + + +## Links +http://blog.binarycell.org/2011/04/simple-antidebugging-methods-part-2.html + +## Downloads +http://archive.main.lv/files/writeup/linux_antidebug_4/antidebug4.zip + |