Re: Concealing an app from DTrace
Re: Concealing an app from DTrace
- Subject: Re: Concealing an app from DTrace
- From: Eric Gorr <email@hidden>
- Date: Tue, 01 May 2012 21:54:50 -0400
Thanks Kyle.
Is that the only way? Or is there something easier that would bypass the flag?
In my case, I am not sure i would be concerned if a custom kernel was required.
On May 1, 2012, at 9:28 PM, Kyle Sluder <email@hidden> wrote:
> On May 1, 2012, at 6:04 PM, Eric Gorr <email@hidden> wrote:
>
>> I found this old message:
>>
>> http://lists.apple.com/archives/cocoa-dev/2010/Mar/msg01042.html
>>
>> in which stated:
>>
>> If you think this is going to help you avoid piracy, it's not. OS X
>> has a flag (PT_DENY_ATTACH) that the kernel checks for when a debugger
>> asks to attach to a process. If that flag is set, the kernel refuses
>> to allow the debugger to attach. iTunes famously does this to prevent
>> people from inspecting the operations of the DRM system. It's a
>> trivial matter to patch the kernel to not respect this flag,
>>
>> I was just wondering if this is still true or true in general...that it is not possible to conceal an application from DTrace.
>
> It is true and will be true as long as your are able to compile your own kernel. Think about it.
>
> --Kyle Sluder
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden