Hello everybody, it's been a while i'm learning reverse engineering. Today i've stumbled upon a CTF that uses a simple anti-dbg measure, using just ptrace and PTRACE_TRACEME flag. By gathering some infos I saw that there is a simple hook I can use, suing the LD_PRELOAD flag. I did some tests on some programs that i wrote and seems effective. The problem about the CTF is that uses a dlopen of a specific lib in the system, it seems to be more relevant than the custom lib that I load with that flag obviously. Maybe I can solve the problem with patching but first I want to try solving the thing this way. Clearly there is something that I am missing here. I post here also the code if it might help.

ptrace_sym = 0x61727470;

local_1b = 0x6563;

local_19 = 0;

libhandle = dlopen("libc.so.6",1);

if (libhandle == 0) {

/* WARNING: Subroutine does not return */

exit(1);

}

sym = (code *)dlsym(libhandle,&ptrace_sym);

if (sym == (code *)0x0) {

/* WARNING: Subroutine does not return */

exit(1);

}

(*sym)(0,0);