An old and well-known technique to prevent debugging of an executable file in OS X is to use the following ptrace call to prevent debuggers from attaching themselves to the executable.
ptrace(PT_DENY_ATTACH, 0, 0, 0);
Attempting to run an executable with this code in GDB will result in GDB failing with a response [Inferior 1 (process #) exited with code 055]. Getting around this was as simple as using load executable in gdb and setting a breakpoint on ptrace using b ptraceand input yon request Make breakpoint pending on future shared library load? (y or [n]). Unfortunately, when the executable is launched, this breakpoint is never set and ends without continuing.
[Inferior 1 (process #) exited with code 055]
b ptrace
y
Make breakpoint pending on future shared library load? (y or [n])
Here's how to reproduce the problem.
brew install https://raw.github.com/Homebrew/homebrew-dupes/master/gdb.rb
Compile the following C program ptrace.c, compile withgcc -o ptrace ptrace.c
ptrace.c
gcc -o ptrace ptrace.c
#include <stdio.h> #include <sys/types.h> #include <sys/ptrace.h> int main() { ptrace(PT_DENY_ATTACH, 0, 0, 0); printf("Hello, World!\n"); }
From the directory with the compiled executable, do the following:
$ gdb ptrace ... (gdb) b ptrace Function "ptrace" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (ptrace) pending. (gdb) r Starting program: .../ptrace [Inferior 1 (process #) exited with code 055]
After further testing, the same is true for other functions that are not part of the executable, for example printf. I searched the internet and could not find anything to suggest the above, it may not work. I am open to almost any solution using gdb or lldb, and would also appreciate any documentation regarding what might be the problem.
printf
UPDATE: GDB 7.8 Homebrew, . , , , . Fat .
, GDB, Homebrew, GDB, Apple GDB, Xcode. GDB , . Apple GDB - , Apple, , GDB, OS X 10.9 Mavericks (, , ).
Apple GDB, , GDB , LLDB, -, . .
$ lldb ptrace (lldb) b ptrace (lldb) r
ptrace.
ptrace