Here it is my crazy idea to create an anti anti-debug kernel module so reversing efforts get a little easier and faster against “hostile” code.

This module will protect you against the classic PT_DENY_ATTACH trick and the sysctl debugger detection trick

For now it’s only compatible with Mac OS X Tiger v10.4.11. Soon I will make it compatible with Leopard.
Grab the binaries here: onyx-the-black-cat.kext.v0.1.tgz.
This is a small program to test the sysctl trick: antidebug.c.
XCode Project source code here: onyx-the-black-cat.src.tgz.

More updates very soon. Meanwhile enjoy this :-).


Some good reading: