You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there, the great developer.
I found that some programs do anti-debug detection when startup like detecting other exceptions for the current thread. Because the proot needs to start a process (tracer) to track the main thread. The detection method is similar to as follows.
DIR *pdr = opendir("/proc");
if (pdr == nullptr) {
return;
}
dirent *read_ptr;
while ((read_ptr = readdir(pdr)) != nullptr) {
int procpid = atoi(read_ptr->d_name);
LOG(INFO) << "find /proc/ child dir " << procpid;
if (procpid && procpid != getpid()) {
LOG(ERROR) << ">>>>> FIND OTHER THREAD SANDBOX " << procpid;
}
}
closedir(pdr);
LOG(ERROR) << ">>>>> NOT FIND SANDBOX ";
This pid of tracer can be detected. The program is considered to be being debugged. Is there any good way to bypass this ?
The text was updated successfully, but these errors were encountered:
When a program is detected to be being debugged, the program may kill-9, and many programs will detect whether the current environment is being ptrace, and thus detect whether the current environment is a security hazard. If the current environment is considered safe, the normal logic will continue.
When this special case of detection, anti-debugging or ptrace, I did not find a good way to counter it.
I don t know how the sandbox based on the seccomp implementation handles this kind of problem. Do you have any good suggestions, a great developer.
Hi there, the great developer.
I found that some programs do anti-debug detection when startup like detecting other exceptions for the current thread. Because the proot needs to start a process (tracer) to track the main thread. The detection method is similar to as follows.
This pid of tracer can be detected. The program is considered to be being debugged. Is there any good way to bypass this ?
The text was updated successfully, but these errors were encountered: