Detect debugging of binary with ptrace

alichtman / malware-techniques

A collection of techniques commonly used in malware to accomplish core tasks.

MIT License

85 stars 8 forks source link

Detect debugging of binary with ptrace #3

Closed alichtman closed 5 years ago

alichtman commented 5 years ago

Linux Anti-Debugging Blog Post

#include <stdio.h>
#include <sys/ptrace.h>

int main()
{
    int offset = 0;

    if (ptrace(PTRACE_TRACEME, 0, 1, 0) == 0)
    {
        offset = 2;
    }

    if (ptrace(PTRACE_TRACEME, 0, 1, 0) == -1)
    {
        offset = offset * 3;
    }

    if (offset == 2 * 3)
    {
        printf("normal execution\n");
    }
    else
    {
        printf("don't trace me !!\n");
    }

    return 0;
}