Skip to content

sysprog21/dont-trace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
dont_trace.c
dont_trace.c
 
 

Repository files navigation

dont_trace

dont_trace is a simple Linux kernel module that kills ptrace tracer and its tracees.

This kernel module relies upon the Linux kernel task_struct's ptrace member to detect whether a debugger is present or not.

Once any process starts "ptracing" another, the tracee gets added into ptraced that is located in task_struct, which is simply a linked list that contains all the tracees that the process is "ptracing".

Once a tracer is found, the module lists all its tracees and sends a SIGKILL signal to each of them including the tracer. This results in killing both the tracer and its tracees. Once the module is attached to the kernel, the module's "core" function will run periodically through the advantage of workqueues. Specifically, the module runs every JIFFIES_DELAY, which is set to 1. That is, the module will run every one jiffy.

License

dont_trace is released under the MIT license. Use of this source code is governed by a MIT-style license that can be found in the LICENSE file.

About

A simple Linux kernel module that kills ptrace tracer and its tracees

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages