Daniel Roberson - cesare1999

Daniel Roberson

cesare1999

2024-08-16

Linux Anti-Debugging Techniques (Fooling the Debugger)

By Silvio Cesare (January 1999)

https://github.com/RobertLarsen/ProsaWorkshop/blob/master/presentations/01-reversing/papers/linux-anti-debugging.txt

Notes
false disassembly
anti-debugger
anti-analysis
anti-forensics
Linux
debugging
virus
breakpoint
breakpoint detection
opcode
int3
ptrace
man page
checking for breakpoints by checking for int3 instruction
gdb
false breakpoints
SIGTRAP
signal
signal.h
signal handler
debugger detection with ptrace PTRACE_TRACEME
ltrace
strace

Links to this note

Recent Posts

Linux Persistence: atd

2025-04-01 DFIR CTF linux persistence at atd

Linux Persistence: SSH

2025-03-29 DFIR CTF SSH hardening hunting persistence linux persistence hunting hardening SSH PAM

Linux Hardening: SSH

2025-03-06 DFIR SSH hardening linux hardening SSH PAM

Linux Anti-Forensics: Timestomping

2025-03-05 DFIR linux anti-forensics

Finding Bad with Linux Package Managers

2025-03-03 DFIR linux persistence