undefined | Better HN

0 pointsharryfyx2y ago0 comments

I don't know reverse engineering. But, I guess the ultimate solution would be running a custom OS to fake ptrace results in the kernel level?

0 comments

You can just use LD_PRELOAD to load your own version of ptrace. Not as stealthy though.

Another way is to load a eBPF program or kernel module for this purpose.

j / k navigate · click thread line to collapse

0 pointsharryfyx2y ago0 comments

I don't know reverse engineering. But, I guess the ultimate solution would be running a custom OS to fake ptrace results in the kernel level?

You can just use LD_PRELOAD to load your own version of ptrace. Not as stealthy though.

Another way is to load a eBPF program or kernel module for this purpose.

j / k navigate · click thread line to collapse