Yes. Or if it's using dynamic libraries and not compiled static, you can use LD_... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ysfr on Aug 28, 2023 \| parent \| context \| favorite \| on: The Ptrace Anti-RE Trick Yes. Or if it's using dynamic libraries and not compiled static, you can use LD_PRELOAD and overwrite ptrace() to do nothing. You don't have to patch anything then, which might be easier. `int ptrace(int request, int pid, void addr, void data) { return 0; }` And compile it: `gcc -shared myptrace.c -o myptrace.so` Afterwards you can eiher `LD_PRELOAD=./mytrace.so ./thebinary # shell ltrace -S -l ./mytrace.so ./thebinary # strace in shell` or for gdb `set environment LD_PRELOAD=./mytrace.so`

maffydub on Aug 28, 2023 [–]

Thanks, both! This was used in a static build that decrypted and checksummed its binary before execution, which ruled out naive implementations of the attacks above. I agree there are ways round these too, but I believe it was just intended to discourage amateurs rather than protect against serious hacking.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact