Mac OS X debugger presence check

This piece of code is designed to determine if the application runs under debugger. I found it at http://borkware.com/quickies/single?id=182

#include <stdio.h>
#include <sys/sysctl.h>
#include <errno.h>

int main(int argc, char * argv[])
{
    int mib[4];
    size_t size;

    mib[0] = CTL_KERN;
    mib[1] = KERN_PROC;
    mib[2] = KERN_PROC_PID;
    mib[3] = getpid();

    struct kinfo_proc info;

    info.kp_proc.p_flag = 0;

    size = sizeof(info);

    if ( sysctl(mib, 4, &info, &size, NULL, 0) )
    {
        printf("Error: %d\n", errno);
        return 1;
    }

    if((info.kp_proc.p_flag & P_TRACED) == P_TRACED)
    {
        printf("This program is being debugged.\n");
    }

    return 0;
}

No Comments

Categories: Debugging, Mac OS X.

By jimm3rs

— April 26, 2011 at 6:41 pm

Mac OS X debugger presence check

No Responses (yet)

Search

Pages

Categories

Tags

Archives