1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
title:Linux antidebug 4
keywords:linux,debug,antidebug
# Linux antidebug 4
Content: Here is one more method how to check if your
application is debugged. Need to set signal handler with handles
interrupt number 3 with is used for step by step debugging
Compile:
```
gcc main.c -o main
```
```c
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#define FALSE 0
#define TRUE 1
void sig_handler( int );
int debuging;
int main()
{
debuging = FALSE;
signal(SIGTRAP, sig_handler);
__asm__("int3");
if (debuging == FALSE)
{
printf("Nothing special\n");
} else
{
printf("Playing seek and hide\n");
}
exit(1);
}
void sig_handler( int sig)
{
debuging = TRUE;
}
```
Run:
```bash
./main
```
Example with asm
Compile:
```bash
fasm ad4.asm ad4.o
gcc ad4.o -o ad4
```
```asm
format ELF
include 'ccall.inc'
SYS_EXIT equ 1
SIGTRAP equ 5
TRUE equ 1
FALSE equ 0
section '.text' executable
public main
extrn printf
extrn exit
extrn signal
main:
ccall signal, SIGTRAP, sig_handler
int 3h
cmp [debug],FALSE
jne no_dbg
ccall printf,str1
jmp exit
no_dbg:
ccall printf,str2
to_exit:
mov eax, SYS_EXIT
mov ebx, 0
int 80h
sig_handler:
param1 equ dword [ebp+8]
mov [debug], TRUE
ret
section '.data' writable
debug db FALSE
str1 db "Under debug",0xA,0
str2 db "No debug",0xA,0
```
Tested and works for gdb and ald.
## Links
http://blog.binarycell.org/2011/04/simple-antidebugging-methods-part-2.html
## Downloads
http://archive.main.lv/files/writeup/linux_antidebug_4/antidebug4.zip
|
