├── .gitignore
├── Makefile
├── README.md
├── cptrace.c
├── traceme1.c
└── traceme2.c


/.gitignore:
--------------------------------------------------------------------------------
1 | *.out
2 | *.so
3 | *.o
4 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | CC=gcc
 2 | CFLAGS=-fPIC
 3 | LDFLAGS=-shared
 4 | 
 5 | all: cptrace.so traceme1.out traceme2.out
 6 | 
 7 | cptrace.so: cptrace.o
 8 | 	$(CC) -o $@ $^ $(LDFLAGS)
 9 | 
10 | cptrace.o: cptrace.c
11 | 	$(CC) $(CFLAGS) -c -o $@ $^
12 | 
13 | traceme1.out: traceme1.o
14 | 	$(CC) -o $@ $^ 
15 | 
16 | traceme2.out: traceme2.o
17 | 	$(CC) -o $@ $^
18 | 
19 | %.o: %.c
20 | 	$(CC) -c -o $@ $^
21 | 
22 | clean:
23 | 	rm -f cptrace.o
24 | 	rm -f cptrace.so
25 | 	rm -f traceme1.o traceme2.o
26 | 	rm -f traceme1.out traceme2.out 
27 | 
28 | .PHONY: all clean
29 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Linux Anti Debugging
2 | Advanced usage of the ptrace syscall in order to implement a more resistent anti debugging feature.
3 | 
4 | See my [blog post](https://seblau.github.io/posts/linux-anti-debugging) for more details.
5 | 


--------------------------------------------------------------------------------
/cptrace.c:
--------------------------------------------------------------------------------
1 | long ptrace(int request, int pid, int addr, int data)
2 | {
3 |     return 0;
4 | } 
5 | 


--------------------------------------------------------------------------------
/traceme1.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <sys/ptrace.h>
 3 | 
 4 | int main()
 5 | {
 6 |     if (ptrace(PTRACE_TRACEME, 0, 1, 0) == -1) 
 7 |     {
 8 |         printf("don't trace me !!\n");
 9 |         return 1;
10 |     }
11 |     
12 |     printf("normal execution\n");
13 |     return 0;
14 | }
15 | 


--------------------------------------------------------------------------------
/traceme2.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <sys/ptrace.h>
 3 | 
 4 | int main()
 5 | {
 6 |     int offset = 0;
 7 | 
 8 |     if (ptrace(PTRACE_TRACEME, 0, 1, 0) == 0)
 9 |     {
10 |         offset = 2;
11 |     }
12 | 
13 |     if (ptrace(PTRACE_TRACEME, 0, 1, 0) == -1)
14 |     {
15 |         offset = offset * 3;
16 |     }
17 | 
18 |     if (offset == 2 * 3)
19 |     {
20 |         printf("normal execution\n");
21 |     }
22 |     else
23 |     {
24 |         printf("don't trace me !!\n");
25 |     }
26 | 
27 |     return 0;
28 | }
29 | 


--------------------------------------------------------------------------------