Last active
March 27, 2018 02:00
-
-
Save cedriczirtacic/c39792c51f98b300cc710f0cca7fc995 to your computer and use it in GitHub Desktop.
when the binary file is execve'ed with dtruss, R9 register is set to 0x18 or R11 != 0xffffffff00000000
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main() { | |
| unsigned long val; | |
| __asm__ ( | |
| "movq %%r9, %0" | |
| :"=m"(val) | |
| ); | |
| #ifdef DEBUG | |
| printf("%%r9 = 0x%lx\n", val); | |
| #endif | |
| if (val == 0x18) | |
| exit(1); | |
| while(1){ } | |
| return (0); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main() { | |
| unsigned long val; | |
| __asm__ ( | |
| "movq %%r11, %0" | |
| :"=m"(val) | |
| ); | |
| #ifdef DEBUG | |
| printf("%%r11 = 0x%lx\n", ~val); | |
| #endif | |
| if (~(val) != 0xffffffff) | |
| exit(1); | |
| while(1){ } | |
| return (0); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment