Created
May 30, 2014 19:43
-
-
Save dacunni/65e2efa7c0f213c39c81 to your computer and use it in GitHub Desktop.
Bypassing ptrace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ptrace can deny access to a debugger by causing the app to crash if run from the debugger. Here is a workaround from lldb. 42 was the magic number for me on MacOS, but you might see what it should be for you by setting the breakpoint, doing a 'dis', and computing the difference between the return instruction and the current value of $pc. | |
| br set -n ptrace | |
| br command add 1 | |
| register write pc `$pc + 42` | |
| cont | |
| DONE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment