The checks performed by debugmenot include wellknown sanitychecks on the environment parent process, environment variables, ptrace. It covers the very basic anti debugging techniques as introduced by silvio cesares paper 1 back in 1999. With the ptrace syscall it is quite easy to implement some simple linux anti debugging techniques. One of the simplest anti debugging techniques is based on calling isdebuggerpresent function.
Contribute to tobyxddlinuxantidebugging development by creating an account on github. Elf antidebugging and packing techniques learning linux binary. Elf antidebugging and packing techniques in the next chapter, breaking elf software protection, we will discuss the ins and outs of software encryption and. A ptrace antidebugging trick learning linux binary analysis. Meanwhile such kind of protection tricks are often used, several approaches work against such kind of protection. This is similar to the techniques showed in the coursera course malicious software. Lets say we have a simple program which asks you for a score, adds 10. Because only one process is allowed to do this at a time, having a call to ptrace in your code can be used as an antidebugging technique. Antidebugging techniques are meant to ensure that a program is not running under a debugger, and in the case that it is, to change its behavior correspondingly. This paper is an introduction for anti anti debugging techniques on the linux os. In most cases, the antidebugging process will slow down the process of reverse engineering, but will not prevent it. Many oldschool linux antidebugging tricks, such as monitoring the proc.
One of the easiest and most effective ways to start debugging your code is to start printing things out. Anti debugging protection techniques with examples in terms of software, reverse engineering is the process of researching a program to obtain closed information about how it works and what algorithms it uses. It covers the very basic anti debugging techniques as introduced by. Debugmenot is a collection of simple antidebugging tricks targeting gdb lldb on linux. Elf antidebugging and packing techniques learning linux.
Classic antidebugging techniques on linux are usually either checking. Elf antidebugging and packing techniques in the next chapter, breaking elf software protection, we will discuss the ins and outs of software encryption and packing with elf executables. Meanwhile such kind of protection tricks are often used, several. One known method are antianti tricks which circumvent the mentioned protection schemes. By sprinkling an app with little antijdwp tricks, developers can effectively. And yet this seems to be the antidebugging technique everyone relies on ever since. Viruses and malware are very commonly encrypted or packed with some type of protection mechanism, which can also include antidebugging techniques to make analyzing the binary very difficult. Printing a message within branches of an if statement will help you determine which branch is actually being executed. I am thinking about techniques such as the ptrace test at the beginning of a program or at various points of its execution, the insertion of fake. The ptrace command can be used as an antidebugging technique. This function refers to the peb process environment block, a closed system structure and in particular to its beingdebugged field. Another technique often used in malware and commercial products is self debugging. Beginners guide to basic linux anti anti debugging techniques.
1460 360 690 113 474 297 974 328 1419 101 416 1320 1243 813 1143 526 1335 658 451 867 1197 398 312 208 1253 1351 728 989 407 921 432