Reputation: 21
GDB Debugging protections
I am trying to reverse engineer a cydia app (binary) and using GDB with IDA Pro.
There seems to be some debugging protection because main() is not in the bt stack, and I cannot access any of the functions, class-dump-z and IDA Pro both show the functions clearly.
The last two entries in the BT Stack are:
_mh_execute_header<br>
_mh_execute_header<br>
This is where main() should be.
Has anyone seen these before?
From what I have read ptrace() wouldn't let you attach the process but this will let me. I tried to get around sysctl() but I don't think this method has been used either.
Does anyone know what else it could be?
Also I do not have the source files.
Upvotes: 1
Views: 565
Answers (1)
Reputation: 213754
Your question is exceedingly unclear. What exactly are you asking?
main() is not in the bt stack,
That's quite common for fully-stripped executables. If you run nm a.out | grep main and don't see main, then main can't show up in any stack traces.
That alone does not necessarily prove that the application is using any anti-debugging techniques.
Upvotes: 1