是否可以从DTrace隐藏OS X应用程序? [英] Is it possible to conceal a OS X app from DTrace?
问题描述
我正在开发OS X应用程序,我想对它进行隐瞒.我知道P_LNOATTACH
标志,但是我读过的所有内容都告诉我它周围有办法.有可能吗?
I am developing an OS X application that I would like to conceal from inspection by DTrace. I'm aware of the P_LNOATTACH
flag, but everything I've read tells me that there are ways around it. Is it possible?
推荐答案
是的,有可能.尝试在iTunes上运行DTrace;它不起作用.
Yes, it's possible. Try running DTrace against iTunes; it doesn't work.
您必须使用PT_DENY_ATTACH调用ptrace函数.
You have to call the ptrace function with PT_DENY_ATTACH.
http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man2/ptrace.2.html
但是,各种kext可以解决它.到处都是Google,您会发现其中的一些.
However, there are ways around it with various kext's. Google around and you'll find some of them.
对于10.6& 10.7: https://github.com/dwalters/pt_deny_attach
for 10.6 & 10.7: https://github.com/dwalters/pt_deny_attach
嗯,由于ASLR,它似乎已被10.8破坏:检测并回避,调试器
Hmm, Looks like it's broken with 10.8 due to ASLR: Detecting, and Shirking Off, the Debugger
这篇关于是否可以从DTrace隐藏OS X应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!