Re: Detecting if you're being debugged
Re: Detecting if you're being debugged
- Subject: Re: Detecting if you're being debugged
- From: Kyle Sluder <email@hidden>
- Date: Thu, 18 Mar 2010 11:03:51 -0700
On Thu, Mar 18, 2010 at 4:48 AM, Peter Hudson <email@hidden> wrote:
> Does this code report on my app being debugged by any third party, even when
> the app has been stripped of symbols ?
It does precisely what it claims to do: asks the kernel if the
P_TRACED flag is set on your process, which means a debugger has used
the kernel to attach to your process.
> Would it work irrespective of the debugging tool used ?
If you think this is going to help you avoid piracy, it's not. OS X
has a flag (PT_DENY_ATTACH) that the kernel checks for when a debugger
asks to attach to a process. If that flag is set, the kernel refuses
to allow the debugger to attach. iTunes famously does this to prevent
people from inspecting the operations of the DRM system. It's a
trivial matter to patch the kernel to not respect this flag, and it
would be equally trivial to patch the kernel to not inform you of a
debugger's presence even if you asked.
Barring that, I'd just run your app in a virtual machine and examine
it directly.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden