1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
title:Linux antidebug 2
keywords:linux,debug,antidebug
# Linux antidebug 2
Content: This is dirty solution it checks programms argv[0] name
with your defined namewhen running debuger such as gdb or ald name is
chaned to fullpath nameuser defined name from terminal is './main'.
```c
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
int main( int argc , char **argv )
{
pid_t pid,ppid;
FILE *f;
char str[128];
char spid[10];
//openfile and write ppid
f = fopen( "pid.txt" , "w" );
pid = getpid();
fprintf(f,"%d ",pid);
fclose( f );
f = fopen( "pid.txt" , "r" );
fscanf( f , "%s" , spid );
fclose( f );
strcpy( str , "cat /proc/" );
strcat( str , &spid[0] );
strcat( str , "/cmdline");
printf( "[%s]\n", spid );
system( str );
printf("\n");
}
```
Dirty function that makes dirty solution at one place
```c
int badppid( const char *real_name )
{
pid_t pid,ppid;
FILE *f;
char str[128];
char spid[10];
f = fopen( "pid.txt" , "w" );
pid = getpid();
fprintf(f,"%d ",pid);
fclose( f );
f = fopen( "pid.txt" , "r" );
fscanf( f , "%s" , spid );
fclose( f );
strcpy( str , "cat /proc/" );
strcat( str , &spid[0] );
strcat( str , "/cmdline > name.txt");
system( str );
f = fopen( "name.txt" , "r" );
fscanf( f , "%s" , str );
fclose( f );
if ( strncmp(str,real_name,strlen(real_name)) != 0 )
{
return -1;
}
return 0;
}
```
## Downloads
http://archive.main.lv/files/writeup/linux_antidebug_2/antidebug2.tar.gz
|
