Reputation: 3726
Detecting hardware breakpoints in Linux
I am trying to implement some minimal anti-reversing protection for a commercial Linux software. Calculating the checksum of the executable seems to protect against software breakpoints. Is there a way to detect hardware breakpoints in Linux?
Upvotes: 0
Views: 940
Answers (1)
Reputation: 25266
Seems not, as it is the processor that does the break when conditions in its debug registers are met, i.e. the program code doesn't change.
And you can't protect [easily] against software breakpoints either when the program is taken into a debugger when/while running: the debugger will replace an instruction with an instruction that causes and exception, catches the exception, halts the program, shows the registers and when you want it to continue, restores the instruction, etc.
Though many years ago I tried to crack DBASE and found a very clever trick: the program checked at some point if the next instruction was an INT 3 instruction (software breakpoint), and if so, jumped into nothingness. Took me days to find that trick...
Upvotes: 1
Related Questions
- What is the difference between hardware and software breakpoints?
- C ptrace breakpoints
- Need an overview of debugging process from the hardware layer
- Hardware breakpoints vs Software breakpoints in embedded systems
- How does the processor know the breakpoints?
- (GDB) Breakpoints and Disassemble
- Hardware breakpoints on ARM
- Linux kernel hardware break points
- Tracing with IDA: how to get around the 4 hardware breakpoints limitation?
- A simple, uniform and portable way of including tracing and backtracing into a C program