hugsy/no-ptrace.c

## no-ptrace.c
#include <stdio.h>
#include <unistd.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <string.h>

#define MSG "ptrace protected"

int main(int argc, char** argv, char** envp)
{
	pid_t pid;
	void* addr;

	printf("[+] disabling ptrace\n");
	if (ptrace(PTRACE_TRACEME, 0, 1, 0) < 0) {
		perror("[-] is traced\n");
		return 1;
	}
	printf("[+] is not traced\n");

	pid = getpid();
	printf("[+] pid is %d\n", pid);

	addr = mmap(NULL, getpagesize(),
		    PROT_READ|PROT_WRITE,
		    MAP_ANONYMOUS|MAP_PRIVATE,
		    -1, 0);
	if (addr==MAP_FAILED) {
		perror("mmap");
		return 1;
	}
	memset(addr, 0, getpagesize());
	printf("[+] addr is %p\n", addr);
	strcpy(addr, MSG);

	while (1) {
		sleep(10);
		printf("data @%p is %s\n", addr, addr);
	}

	return 0;
}

## process_vm_readv.c
/**
 * Read/Write access in ptrace() protected process memory
 *
 * @_hugsy_
 */
http://lxr.free-electrons.com/source/mm/process_vm_access.c */

#include <sys/uio.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char** argv, char** envp)
{
	struct iovec local[1];
	struct iovec remote[1];
	char buf[20];
	ssize_t nread;
	pid_t pid = atoi( argv[1] );
	int i;
	int to_read = 20;

	local->iov_base = buf;
	local->iov_len = to_read;

	remote->iov_base = (void *) strtoll(argv[2], NULL, 16);
	remote->iov_len = to_read;

	printf("[+] trying to read %d bytes from pid=%d @%s\n",
	       to_read,
	       pid,
	       argv[2] );

	nread = process_vm_readv(pid, local, 1, remote, 1, 0);
	if (nread < 0) {
		perror("fail");
		return 1;
	}

	printf("[+] read %lu bytes\n", nread);

	for (i=0; i<nread; ) {
		printf("%c", buf[i++]);
		if(i%16==0)
			printf("\n");
	}

	strcpy(buf, "ptrace bypassed");
	nread = process_vm_writev(pid, local, 1, remote, 1, 0);
	printf("[+] written %lu bytes\n", nread);

	return 0;
}
	#include <stdio.h>
	#include <unistd.h>
	#include <sys/ptrace.h>
	#include <sys/types.h>
	#include <sys/mman.h>
	#include <string.h>

	#define MSG "ptrace protected"

	int main(int argc, char argv, char envp)
	{
	pid_t pid;
	void* addr;

	printf("[+] disabling ptrace\n");
	if (ptrace(PTRACE_TRACEME, 0, 1, 0) < 0) {
	perror("[-] is traced\n");
	return 1;
	}
	printf("[+] is not traced\n");

	pid = getpid();
	printf("[+] pid is %d\n", pid);

	addr = mmap(NULL, getpagesize(),
	PROT_READ\|PROT_WRITE,
	MAP_ANONYMOUS\|MAP_PRIVATE,
	-1, 0);
	if (addr==MAP_FAILED) {
	perror("mmap");
	return 1;
	}
	memset(addr, 0, getpagesize());
	printf("[+] addr is %p\n", addr);
	strcpy(addr, MSG);

	while (1) {
	sleep(10);
	printf("data @%p is %s\n", addr, addr);
	}

	return 0;
	}
	/**
	* Read/Write access in ptrace() protected process memory
	*
	* @_hugsy_
	*/
	http://lxr.free-electrons.com/source/mm/process_vm_access.c */

	#include <sys/uio.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>

	int main(int argc, char argv, char envp)
	{
	struct iovec local[1];
	struct iovec remote[1];
	char buf[20];
	ssize_t nread;
	pid_t pid = atoi( argv[1] );
	int i;
	int to_read = 20;

	local->iov_base = buf;
	local->iov_len = to_read;

	remote->iov_base = (void *) strtoll(argv[2], NULL, 16);
	remote->iov_len = to_read;

	printf("[+] trying to read %d bytes from pid=%d @%s\n",
	to_read,
	pid,
	argv[2] );

	nread = process_vm_readv(pid, local, 1, remote, 1, 0);
	if (nread < 0) {
	perror("fail");
	return 1;
	}

	printf("[+] read %lu bytes\n", nread);

	for (i=0; i<nread; ) {
	printf("%c", buf[i++]);
	if(i%16==0)
	printf("\n");
	}

	strcpy(buf, "ptrace bypassed");
	nread = process_vm_writev(pid, local, 1, remote, 1, 0);
	printf("[+] written %lu bytes\n", nread);

	return 0;
	}