Onyx The Black Cat v0.1 – Anti Anti-debug kernel module

Here it is my crazy idea to create an anti anti-debug kernel module so reversing efforts get a little easier and faster against “hostile” code.

This module will protect you against the classic PT_DENY_ATTACH trick and the sysctl debugger detection trick http://developer.apple.com/qa/qa2004/qa1361.html.

For now it’s only compatible with Mac OS X Tiger v10.4.11. Soon I will make it compatible with Leopard.
Grab the binaries here: onyx-the-black-cat.kext.v0.1.tgz.
This is a small program to test the sysctl trick: antidebug.c.
XCode Project source code here: onyx-the-black-cat.src.tgz.

More updates very soon. Meanwhile enjoy this :-).

fG!

Some good reading: