Linked by Eugenia Loli on Wed 23rd Jan 2008 22:04 UTC, submitted by Tyr.
General Development PT_DENY_ATTACH is a non-standard ptrace() request type that prevents a debugger from attaching to the calling process. Adam Leventhal recently discovered that Leopard extends PT_DENY_ATTACH to prevent introspection into processes using dtrace. This article will cover disabling PT_DENY_ATTACH for all processes on Mac OS X 10.5. Over the previous few years, I've provided similar hacks for both Mac OS X 10.4, and 10.3.
Permalink for comment 297586
To read all comments associated with this story, please click here.
Tyr.
Member since:
2005-07-06

I can see it already. Mac OS is gaining market share, so this nice how-to article will probably get some gears turning in certain corners of the net (well, they probably were already, to be honest).


To install a kext (kernel extension) file as the author does you need to be able to create files with root:wheel. If someone already has that ability all hope is pretty much gone.

Reply Parent Score: 2