Re: Concealing an app from DTrace
Re: Concealing an app from DTrace
- Subject: Re: Concealing an app from DTrace
- From: Kyle Sluder <email@hidden>
- Date: Tue, 01 May 2012 18:28:48 -0700
On May 1, 2012, at 6:04 PM, Eric Gorr <email@hidden> wrote:
> I found this old message:
>
> http://lists.apple.com/archives/cocoa-dev/2010/Mar/msg01042.html
>
> in which stated:
>
> If you think this is going to help you avoid piracy, it's not. OS X
> has a flag (PT_DENY_ATTACH) that the kernel checks for when a debugger
> asks to attach to a process. If that flag is set, the kernel refuses
> to allow the debugger to attach. iTunes famously does this to prevent
> people from inspecting the operations of the DRM system. It's a
> trivial matter to patch the kernel to not respect this flag,
>
> I was just wondering if this is still true or true in general...that it is not possible to conceal an application from DTrace.
It is true and will be true as long as your are able to compile your own kernel. Think about it.
--Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden