Skip to content

hiatus/adbg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
adbg.c
adbg.c
 
 
adbg.h
adbg.h
 
 
main.c
main.c
 
 

Repository files navigation

adbg

Linux anti-debugging techniques.

Techniques

  • adbg_check_ldpreload: detect LD_PRELOAD techniques
  • adbg_check_gdb: detect GDB fingerprints
  • adbg_check_parent: detect debugging tools via procfs
  • adbg_check_sigtrap: detect SIGTRAP handling
  • adbg_check_ptrace: check if the current process has a tracer

Testing

The test routine simply returns from adbg_check_all(), which wraps all functions. To enable debugging messages of failed tests, pass -DDEBUG to the compiler.

  • Build the test binary adbg-test with make and run it using different debugging tools such as strace, gdb, radare2, etc. If the process returns 1, debugging behaviour was detected.

About

Linux anti-debugging techniques.

Topics

debugging gdb radare2 anti-debugging

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Contributors

Languages