summaryrefslogtreecommitdiff
path: root/md/writeup/linux_antidebug_4.md
blob: 63325cc844aa8043b73d1b1a3ecc3afdc131f638 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
title:Linux antidebug 4
keywords:linux,debug,antidebug

# Linux antidebug 4
Content: Here is one more method how to check if your
application is debugged. Need to set signal handler with handles
interrupt number 3 with is used for step by step debugging

Compile:

```
gcc main.c -o main
```

```c
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
 
#define FALSE 0
#define TRUE  1
 
void sig_handler( int );
 
int debuging;
 
int main()
{
    debuging = FALSE;
    signal(SIGTRAP, sig_handler);
    __asm__("int3");
    if (debuging == FALSE)
    {
        printf("Nothing special\n");
    } else
    {
        printf("Playing seek and hide\n");
    }
    exit(1);
}
 
void sig_handler( int sig)
{
    debuging = TRUE;
}
```


Run:
```bash
./main
```

Example with asm

Compile:

```bash
fasm ad4.asm ad4.o

gcc ad4.o -o ad4
```

```asm
format ELF
 
include 'ccall.inc'
 
SYS_EXIT    equ     1
SIGTRAP     equ     5
TRUE        equ     1
FALSE       equ     0
section '.text' executable
 
public main
 
extrn printf
extrn exit
extrn signal
 
main:
    ccall   signal, SIGTRAP, sig_handler
    int     3h
     
    cmp     [debug],FALSE
    jne     no_dbg
    ccall   printf,str1
    jmp exit
     
no_dbg:
    ccall   printf,str2
 
to_exit:
    mov     eax, SYS_EXIT
    mov     ebx, 0
    int     80h
 
sig_handler:
    param1 equ dword [ebp+8]    
    mov     [debug], TRUE
    ret
 
section '.data' writable
 
debug   db  FALSE
str1    db "Under debug",0xA,0
str2    db "No debug",0xA,0
```

Tested and works for gdb and ald.


## Links
http://blog.binarycell.org/2011/04/simple-antidebugging-methods-part-2.html

## Downloads
http://archive.main.lv/files/writeup/linux_antidebug_4/antidebug4.zip