How does this block GDB? Is it like the App if flagging "do not debug me" (like a "do not enter sign" on a door without lock) and that GDB is reading this flag and then decides not to debug and crash? If that's the case, it would be easy to put a patched GDB (it's GPLed after all) on an alternate repository, so that protection would be useless.
kinda, actually it goes through the kernel, so the person would have to patch the kernel in order to bypass this protection... but I suppose now that everyone know that this protection is useless huh? =P --posixninja 01:40, 14 May 2009 (UTC)
I don't get why this works at all. Why can't I start the process in gdb, run until the start of main, and patch this out? --geohot 16:45, 14 May 2009 (UTC)
yup, you can do that as well. I think this method is mostly for keeping someone from attaching to your process while it's already running. it'll take care of most n00bs and automated programs, but it's not perfect. --posixninja 17:15, 14 May 2009 (UTC)