Awesome
adbg
Linux anti-debugging techniques.
Techniques
adbg_check_ldpreload
: detect LD_PRELOAD techniquesadbg_check_gdb
: detect GDB fingerprintsadbg_check_parent
: detect debugging tools via procfsadbg_check_sigtrap
: detect SIGTRAP handlingadbg_check_ptrace
: check if the current process has a tracer
Testing
The test routine simply returns from adbg_check_all()
, which wraps all functions. To enable debugging messages of failed tests, pass -DDEBUG
to the compiler.
- Build the test binary
adbg-test
withmake
and run it using different debugging tools such asstrace
,gdb
,radare2
, etc. If the process returns 1, debugging behaviour was detected.