Code [Tweak.xm] Ptrace Disabler

[Admin 479]

This code will allow you to bypass anti debug protection on apps that have debugging protection. This was not made by me, I found it somewhere in my old files.
Here is the Tweak.xm:

[hide]

 

#import <substrate.h>
#if !defined(PT_DENY_ATTACH)
#define PT_DENY_ATTACH 31
#endif
 
//declare orig of ptrace
static int (*_ptraceHook)(int request, pid_t pid, caddr_t addr, int data); 
 
//implementation of the hook
static int $ptraceHook(int request, pid_t pid, caddr_t addr, int data) {
 
if (request == PT_DENY_ATTACH) { //check if the request is PT_DENY_ATTACH
 
request = -1; //invalidate if it is PT_DENY_ATTACH
 
}
 
return _ptraceHook(request,pid,addr,data);  //call orig
 
}
 
%ctor {
 
MSHookFunction((void *)MSFindSymbol(NULL,"_ptrace"), (void *)$ptraceHook, (void **)&_ptraceHook);
 
}
 

[preditor1000 0]

Damn man, dope stuff right there!

[Fr0sTy7u7 0]

I can code too hehehehehehehehheehhe jk I cannot code anyting im su smert yey

[Ezi 768]

What is that

[AnonymousX 2]

I would recommend adding syscall also. Changes are as follows

 

#import

 

#if !defined(PT_DENY_ATTACH)

#define PT_DENY_ATTACH 31

#endif

 

#if !defined(sys_ptrace_request)

#define sys_ptrace_request 26

#endif

 

static int (*_ptraceHook)(int request, pid_t pid, caddr_t addr, int data);

static int (*_syscall)(long request, long pid, long addr, long data);

 

static int $ptraceHook(int request, pid_t pid, caddr_t addr, int data) {

if (request == PT_DENY_ATTACH) {

request = -1;

}

return _ptraceHook(request,pid,addr,data);

}

 

static int $syscall(long request, long pid, long addr, long data) {

if (request == sys_ptrace_request) {

return 0;

}

return _syscall(request,pid,addr,data);

}

 

%ctor {

MSHookFunction((void *)MSFindSymbol(NULL,"_ptrace"), (void *)$ptraceHook, (void **)&_ptraceHook);

MSHookFunction((void *)MSFindSymbol(NULL,"_syscall"),(void *)$syscall,(void **)&_syscall);

}