title:Linux antidebug 4
keywords:linux,debug,antidebug

# Linux antidebug 4
Content: Here is one more method how to check if your
application is debugged. Need to set signal handler with handles
interrupt number 3 with is used for step by step debugging

Compile:

```
gcc main.c -o main
```

```c
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
 
#define FALSE 0
#define TRUE  1
 
void sig_handler( int );
 
int debuging;
 
int main()
{
    debuging = FALSE;
    signal(SIGTRAP, sig_handler);
    __asm__("int3");
    if (debuging == FALSE)
    {
        printf("Nothing special\n");
    } else
    {
        printf("Playing seek and hide\n");
    }
    exit(1);
}
 
void sig_handler( int sig)
{
    debuging = TRUE;
}
```


Run:
```bash
./main
```

Example with asm

Compile:

```bash
fasm ad4.asm ad4.o

gcc ad4.o -o ad4
```

```asm
format ELF
 
include 'ccall.inc'
 
SYS_EXIT    equ     1
SIGTRAP     equ     5
TRUE        equ     1
FALSE       equ     0
section '.text' executable
 
public main
 
extrn printf
extrn exit
extrn signal
 
main:
    ccall   signal, SIGTRAP, sig_handler
    int     3h
     
    cmp     [debug],FALSE
    jne     no_dbg
    ccall   printf,str1
    jmp exit
     
no_dbg:
    ccall   printf,str2
 
to_exit:
    mov     eax, SYS_EXIT
    mov     ebx, 0
    int     80h
 
sig_handler:
    param1 equ dword [ebp+8]    
    mov     [debug], TRUE
    ret
 
section '.data' writable
 
debug   db  FALSE
str1    db "Under debug",0xA,0
str2    db "No debug",0xA,0
```

Tested and works for gdb and ald.


## Links
http://blog.binarycell.org/2011/04/simple-antidebugging-methods-part-2.html

## Downloads
http://archive.main.lv/files/writeup/linux_antidebug_4/antidebug4.zip