On May 2, 2012, at 12:04 AM, Don Quixote de la Mancha wrote:
> On Tue, May 1, 2012 at 6:28 PM, Kyle Sluder wrote:
>
>>> I was just wondering if this is still true or true in general...that it is
>>> not possible to conceal an application from DTrace.
>
>> On May 1, 2012, at 6:04 PM, Eric Gorr
Thanks Don. This is what I was looking for in response to my inquiry.
Sent from my iPad
On May 2, 2012, at 1:04 AM, Don Quixote de la Mancha
wrote:
> On Tue, May 1, 2012 at 6:28 PM, Kyle Sluder wrote:
>
>>> I was just wondering if this is still true or true in general...that it is
>>> not p
On Tue, May 1, 2012 at 6:28 PM, Kyle Sluder wrote:
>> I was just wondering if this is still true or true in general...that it is
>> not possible to conceal an application from DTrace.
> On May 1, 2012, at 6:04 PM, Eric Gorr wrote:
> It is true and will be true as long as your are able to compi
> Is that the only way? Or is there something easier that would bypass the flag?
There are several that I know of. But my question first, to you, is why? I
can tell you now that you can't reliably defend against all approaches. What
you can do is make things really awkward for yourself for de
Thanks Kyle.
Is that the only way? Or is there something easier that would bypass the flag?
In my case, I am not sure i would be concerned if a custom kernel was required.
On May 1, 2012, at 9:28 PM, Kyle Sluder wrote:
> On May 1, 2012, at 6:04 PM, Eric Gorr wrote:
>
>> I found this old me
On May 1, 2012, at 6:04 PM, Eric Gorr wrote:
> I found this old message:
>
>http://lists.apple.com/archives/cocoa-dev/2010/Mar/msg01042.html
>
> in which stated:
>
>If you think this is going to help you avoid piracy, it's not. OS X
>has a flag (PT_DENY_ATTACH) that the kernel chec
I found this old message:
http://lists.apple.com/archives/cocoa-dev/2010/Mar/msg01042.html
in which stated:
If you think this is going to help you avoid piracy, it's not. OS X
has a flag (PT_DENY_ATTACH) that the kernel checks for when a debugger
asks to attach to a process. If t