[tonygo]

> A far more effective actual anti-debugging technique is to have the parent become the debugger of the child,

Do you have example of that? I am really curious, thanks for sharing tho :)

[sim7c00]

this is how ptrace works in essence, so if you look in the man pages for that ptrace there's an example. you just ptrace_attach from the parent to the child pid. it couldn't be more straighforward usage of ptrace. https://man7.org/linux/man-pages/man2/ptrace.2.html

long ptrace(enum __ptrace_request op, pid_t pid, void addr, void data);

. to debug oneself you can try https://gist.github.com/x64-elf-sh42/83393e319ad8280b8704fbe...

it prints -1 due to some fail, but it cannot attach GDB to it :P

edit 9001: it notes the bash is attached to it which spawned the exe, not sure if that's correct or just buggy btw

[tonygo]

Thanks a lot :)

I think that I should dig more on ptrace! Maybe a next post?