Hello everybody, it's been a while i'm learning reverse engineering. Today i've stumbled upon a CTF that uses a simple anti-dbg measure, using just ptrace and PTRACE_TRACEME flag. By gathering some infos I saw that there is a simple hook I can use, suing the LD_PRELOAD flag. I did some tests on some programs that i wrote and seems effective. The problem about the CTF is that uses a dlopen of a specific lib in the system, it seems to be more relevant than the custom lib that I load with that flag obviously. Maybe I can solve the problem with patching but first I want to try solving the thing this way. Clearly there is something that I am missing here. I post here also the code if it might help.
ptrace_sym = 0x61727470;
local_1b = 0x6563;
local_19 = 0;
libhandle = dlopen("libc.so.6",1);
if (libhandle == 0) {
/* WARNING: Subroutine does not return */
exit(1);
}
sym = (code *)dlsym(libhandle,&ptrace_sym);
if (sym == (code *)0x0) {
/* WARNING: Subroutine does not return */
exit(1);
}
(*sym)(0,0);
[link] [comments]
from hacking: security in practice https://ift.tt/2OECtsn
Comments
Post a Comment