fuckptrace is a Linux kernel module used for bypassing anti-ptrace protection used against the reverse engineering process.
4ae4703493e86a63a0d13935e9e14568b86026565924f9ba7e6b114fcc7646ee
/********************************************************\
* fuckptrace.c *
* By truff (truff@projet7.org) *
* *
* lkm to bypass anti ptrace protections in reverse *
* engineering process. *
* *
* Greetz to #root and #!fr people *
* *
* www.projet7.org - Security Researchs - *
\********************************************************/
#define MODULE=20
#define __KERNEL__=20
#include <linux/module.h>=20
#include <linux/kernel.h>=20
#include <sys/syscall.h>
#include <sys/ptrace.h>
#include <linux/sched.h>
extern void* sys_call_table[];=20
extern struct task_struct *current;
int (*orig_ptrace)(int requete, int pid, int addr, int data);
int hacked_ptrace(int requete, int pid, int addr, int data)
{=20
int ret =3D 0;
if (current->ptrace & PT_PTRACED)
ret =3D 0;
else=20
ret =3D orig_ptrace (requete, pid, addr, data);=20
return ret;
}=20
int init_module(void) =20
{=20
orig_ptrace =3D sys_call_table[SYS_ptrace];=20
sys_call_table[SYS_ptrace] =3D hacked_ptrace;=20
=20
return 0;=20
}=20
void cleanup_module(void) =20
{=20
sys_call_table[SYS_ptrace]=3Dorig_ptrace;=20
}