https://reverse.put.as/tags/anti-debug/ Recent content in anti-debug on Reverse Engineering Hugo -- gohugo.io en-us reverser@put.as (fG!) reverser@put.as (fG!) © 2025 fG! Tue, 31 Jan 2012 23:33:45 +0100 https://reverse.put.as/2012/01/31/anti-debug-trick-1-abusing-mach-o-to-crash-gdb/ Tue, 31 Jan 2012 23:33:45 +0100 reverser@put.as (fG!) https://reverse.put.as/2012/01/31/anti-debug-trick-1-abusing-mach-o-to-crash-gdb/ I developed this funny trick while trying to find a solution for a problem in a project. It is pretty easy to implement and fun. The trick consists in abusing the offset field in the dylib_command and pointing it to somewhere else. From the Mach-O File Format Reference document, the command structures are: struct dylib_command { uint_32 cmd; uint_32 cmdsize; struct dylib dylib; } struct dylib { union lc_str name; uint_32 timestamp; uint_32 current_version; uint_32 compatibility_version; } union lc_str { uint32_t offset; #ifndef __LP64__ char *ptr; #endif } The definition of the offset field is: