Merge pull request gdbinit#3 from Lichtso/master

Improved ptrace patch and added a appropriate test
tyilo · Sep 24, 2014 · 9f30290 · 9f30290
2 parents 207b3f3 + eeea0b9
commit 9f30290
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 4 deletions.
diff --git a/kext/antidebug.c b/kext/antidebug.c
@@ -48,6 +48,7 @@
 #include "cpu_protections.h"
 
 /* ptrace request */
+#define PT_ATTACH               10
 #define PT_DENY_ATTACH          31
 #define P_LNOATTACH     0x00001000
 #define P_LTRACED       0x00000400
@@ -225,16 +226,22 @@ ustack();
 int 
 onyx_ptrace(struct proc *p, struct ptrace_args *uap, int *retval)
 {
+    /* retrieve pid using exported functions so we don't need definition of struct proc */
+    pid_t pid = proc_pid(p);
 	char processname[MAXCOMLEN+1] = {0};
     // verify if it's a PT_DENY_ATTACH request and fix for all processes that call it
     if (uap->req == PT_DENY_ATTACH)
     {
-        /* retrieve pid using exported functions so we don't need definition of struct proc */
-        pid_t pid = proc_pid(p);
         proc_name(pid, processname, sizeof(processname));
         LOG_INFO("Blocked PT_DENY_ATTACH/P_LNOATTACH in PID %d (%s)", pid, processname);
         return 0;
     }
+    // for the extra tricky ones : simulate exact behavior
+    else if (uap->req == PT_ATTACH && uap->pid == pid)
+    {
+        proc_signal(pid, SIGSEGV);
+        return 22;
+    }
     // else it's business as usual, we are not interested in messing with other requests
     else
     {

diff --git a/tests/testptrace.c b/tests/testptrace.c
@@ -1,12 +1,14 @@
 /*
  * test PT_DENY_ATTACH
  */
+#include <stdio.h>
+#include <unistd.h>
 #include <sys/types.h>
 #include <sys/ptrace.h>
 
 int main()
 {
-  ptrace(PT_DENY_ATTACH, -1, 0, 0);
+  ptrace(PT_DENY_ATTACH, 0, 0, 0);
   sleep(2);
   printf("Buh!\n");
-}
+}
diff --git a/tests/testptraceTrap.c b/tests/testptraceTrap.c
@@ -0,0 +1,27 @@
+/*
+ * test PT_DENY_ATTACH and SIGSEGV
+ */
+#include <stdio.h>
+#include <signal.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/ptrace.h>
+
+unsigned int trap = 1;
+
+void signalHandler(int signal)
+{
+  trap = 0;
+}
+
+int main()
+{
+  ptrace(PT_DENY_ATTACH, 0, 0, 0);
+  signal(11, signalHandler);
+  ptrace(PT_ATTACH, getpid(), 0, 0);
+  signal(11, 0);
+  if(trap)
+    ((unsigned int*)0)[0] = 0;
+  sleep(2);
+  printf("Buh!\n");
+}