• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Concealing an app from DTrace
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Concealing an app from DTrace


  • Subject: Re: Concealing an app from DTrace
  • From: Ken Thomases <email@hidden>
  • Date: Wed, 02 May 2012 06:52:12 -0500

On May 2, 2012, at 12:04 AM, Don Quixote de la Mancha wrote:

> On Tue, May 1, 2012 at 6:28 PM, Kyle Sluder <email@hidden> wrote:
>
>>> I was just wondering if this is still true or true in general...that it is not possible to conceal an application from DTrace.
>
>> On May 1, 2012, at 6:04 PM, Eric Gorr <email@hidden> wrote:
>> It is true and will be true as long as your are able to compile your own kernel. Think about it.
>
> Even if you couldn't compiler your own kernel there are all kinds of
> ways to defeat this:
> [... snip ...]

My recollection is that it was even easier to defeat.  You just start the target program with the debugger, as opposed to attaching to it already running, break on ptrace() where it attempts to deny attaching, and simply short-circuit the call.

Regards,
Ken


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References: 
 >Concealing an app from DTrace (From: Eric Gorr <email@hidden>)
 >Re: Concealing an app from DTrace (From: Kyle Sluder <email@hidden>)
 >Re: Concealing an app from DTrace (From: Don Quixote de la Mancha <email@hidden>)

  • Prev by Date: Re: Concealing an app from DTrace
  • Next by Date: Re: Minimal document-based app
  • Previous by thread: Re: Concealing an app from DTrace
  • Next by thread: Instruments, how to fix leak in C Lib
  • Index(es):
    • Date
    • Thread