Onyx The Black Cat v0.1 – Anti Anti-debug kernel module
source link: https://reverse.put.as/2008/10/30/onyx-the-black-cat-v01-anti-anti-debug-kernel-module/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Onyx The Black Cat v0.1 – Anti Anti-debug kernel module
Here it is my crazy idea to create an anti anti-debug kernel module so reversing efforts get a little easier and faster against “hostile” code.
This module will protect you against the classic PT_DENY_ATTACH trick and the sysctl debugger detection trick http://developer.apple.com/qa/qa2004/qa1361.html.
For now it’s only compatible with Mac OS X Tiger v10.4.11. Soon I will make it compatible with Leopard.
Grab the binaries here: onyx-the-black-cat.kext.v0.1.tgz.
This is a small program to test the sysctl trick: antidebug.c.
XCode Project source code here: onyx-the-black-cat.src.tgz.
More updates very soon. Meanwhile enjoy this :-).
Some good reading:
-
Attacking FreeBSD with Kernel Modules by pragmatic / THC <http://packetstormsecurity.org/papers/unix/bsdkern.htm>
-
Fun and Games with FreeBSD Kernel Modules by Stephanie Wehner <http://www.r4k.net/mod/fbsdfun.html>
-
Designing BSD Rootkits: An Introduction to Kernel Hacking by Joseph Kong, No Starch Press
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK