|
|
|
|
|
|
by wazari972
3408 days ago
|
|
|
I'm not convinced that the double ptrace is really stronger than the first one, a simple GDB.py script let you bypass it: first = True
class ptraceBPT(gdb.Breakpoint):
def stop(self):
global first
gdb.execute("return (long int) {}".format("0" if first else "-1"))
first = False
ptraceBPT("ptrace")
what would be interesting is an actual use of ptrace, something like: int i = 10;
int read = ptrace(PTRACE_USER_PEEK, &i, sizeof(i));
if (read != i) printf("ptrace error");
although it still would be hard to write a GDB breakpoint that mimics it: everything ptrace can do, GDB can do it as well :) |
|
|