adbg

Linux anti-debugging techniques.

Techniques

• adbg_check_ldpreload: detect LD_PRELOAD techniques
• adbg_check_gdb: detect GDB fingerprints
• adbg_check_parent: detect debugging tools via procfs
• adbg_check_sigtrap: detect SIGTRAP handling
• adbg_check_ptrace: check if the current process has a tracer

Testing

The test routine simply returns from adbg_check_all(), which wraps all functions. To enable debugging messages of failed tests, pass -DDEBUG to the compiler.

• Build the test binary adbg-test with make and run it using different debugging tools such as strace, gdb, radare2, etc. If the process returns 1, debugging behaviour was detected.