是否可以从DTrace隐藏OS X应用程序? [英] Is it possible to conceal a OS X app from DTrace?

问题描述

我正在开发OS X应用程序，我想对它进行隐瞒.我知道P_LNOATTACH标志，但是我读过的所有内容都告诉我它周围有办法.有可能吗?

I am developing an OS X application that I would like to conceal from inspection by DTrace. I'm aware of the P_LNOATTACH flag, but everything I've read tells me that there are ways around it. Is it possible?

推荐答案

是的，有可能.尝试在iTunes上运行DTrace；它不起作用.

Yes, it's possible. Try running DTrace against iTunes; it doesn't work.

您必须使用PT_DENY_ATTACH调用ptrace函数.

You have to call the ptrace function with PT_DENY_ATTACH.

http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man2/ptrace.2.html

但是，各种kext可以解决它.到处都是Google，您会发现其中的一些.

However, there are ways around it with various kext's. Google around and you'll find some of them.

对于10.6& 10.7: https://github.com/dwalters/pt_deny_attach

for 10.6 & 10.7: https://github.com/dwalters/pt_deny_attach

嗯，由于ASLR，它似乎已被10.8破坏:检测并回避，调试器

Hmm, Looks like it's broken with 10.8 due to ASLR: Detecting, and Shirking Off, the Debugger

这篇关于是否可以从DTrace隐藏OS X应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！