ptrace之SMC,反调试

#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define PAGE_START(p)	((p) &~4095)
#define PAGE_END(p) 	((p) + PAGE_START(p))

static char encrypt_shellcode[] = "\x66\xba\xd6\x65\x60\xb8\x66\x23\xb8\x76\x3b\xb8\x7e\x3f\xb8\x46\x27\xba\xf0\x83\x29\xfe\xb3\x68\x6d\x6e\xf0";

static void decrypt_shellcode() {
	int i;
	size_t len = strlen(encrypt_shellcode);
	int code;
	for (i = 0; i < len; i++) {
		code = encrypt_shellcode[i] & 0xff;
		code = code ^ 0x33;
		encrypt_shellcode[i] = code;
	}
}

int main() {
	int ret;
	decrypt_shellcode();
	int (*p_ptrace)(int, pid_t, void *, int) = (int (*)(int, pid_t, void *, int))encrypt_shellcode;
	int pagesize = getpagesize();


	if ( (ret = mprotect((void *)PAGE_START((int)encrypt_shellcode),pagesize,PROT_READ | PROT_WRITE | PROT_EXEC)) < 0) {
		perror("mprotect");
		exit(1);
	}

	if ( (ret = p_ptrace(PTRACE_TRACEME, getpid(), 0, 0)) < 0) {
		fprintf(stderr,"you're being tracing, exiting...%d\n",ret);
		exit(1);
	}

	printf("hello,world\n");

	return 0;
}

你可能感兴趣的:(unix)