This is the mail archive of the mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How to protect a file from debugging

Hi Tavis

> The short answer is no, any tricks you attempt to use to prevent
> ptrace() can be defeated (some more easily than others), however if you
> explain what the "troubles" are there may be a better solution.
damn ;)

Ok here is what I am planing:

I have an application, lets say a simple text editor, that is used to
read/write sensitive information.
Now I start gdb, attach it to the process and call "gcore" which - for
my understanding - dumps the entire memory of the process to a file. So
the core dump reveals my secret data.

What I want to do is, to either prevent gdb from attaching and capturing
the memory or at least find a way to recognize when a program attaches
another. I am a noob regarding the internal system structure, so I dont
know exactly what gdb does to attach to a program, but I guess there is
a syscall or similar that is used to pass the memory location to gdb and
if I block/supervise that, I might find a way around....


Protect your environment -  close windows and adopt a penguin!
PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF  8168 CAB7 B0DD 3985 1721

Attachment: signature.asc
Description: OpenPGP digital signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]