如何检测如果当前进程正由GDB运行吗? [英] How to detect if the current process is being run by GDB?
问题描述
该标准的方式是以下内容:
如果(ptrace函数(PTRACE_TRACEME,0,NULL,0)== -1)
的printf(跟踪\\ n!);
在此情况下,如果当前进程被跟踪的ptrace返回一个错误(即用gdb运行它或附加到它)。
但有这个一个严重的问题:如果调用成功返回,GDB可能不重视它以后。这是因为我并不想实施反调试的东西有问题。我的目的是要发出一个'诠释3'当contition满足(即断言失败)和gdb正在运行(否则我得到它停止应用SIGTRAP)。
禁用SIGTRAP并发射一个'诠释3'每次是不是一个好sollution因为我的测试可能会使用SIGTRAP用于其他目的(在这种情况下,我还是搞砸,所以不会有问题的应用程序但它是事物的原理:))
感谢
previously为注释:你可以fork一个孩子哪会尝试 PTRACE_ATTACH 其父(然后,如果必要的分离),并进行通信的结果返回。这似乎有点不雅,虽然
至于你提到的,这是相当昂贵的。我想这不是太糟糕,如果断言失败不规则。也许它会是值得保持一个长期运行的孩子身边这样做 - 份额家长和孩子之间的两条管道,孩子不当读取一个字节,然后用状态发送一个字节后面的检查
The standard way would be the following:
if (ptrace(PTRACE_TRACEME, 0, NULL, 0) == -1)
printf("traced!\n");
In this case ptrace returns an error if the current process is traced (i.e. running it with gdb or attaching to it).
But there is a serious problem with this: if the call returns successfully, gdb may not attach to it later. Which is a problem since I'm not trying to implement anti-debug stuff. My purpose is to emit an 'int 3' when a contition is met (i.e. an assert fails) and gdb is running (otherwise I get a SIGTRAP which stops the application).
Disabling SIGTRAP and emitting an 'int 3' every time is not a good sollution because the application I'm testing might be using SIGTRAP for some other purpose (in which case I'm still screwed, so it wouldn't matter but it's the principle of the thing :))
Thanks
Previously as a comment: you could fork a child which would try to PTRACE_ATTACH its parent (and then detach if necessary) and communicates the result back. It does seem a bit inelegant though.
As you mention, this is quite costly. I guess it's not too bad if assertions fail irregularly. Perhaps it'd be worthwhile keeping a single long-running child around to do this - share two pipes between the parent and the child, child does its check when it reads a byte and then sends a byte back with the status.
这篇关于如何检测如果当前进程正由GDB运行吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
