check pid #203
Description
Hello, the great developer.
I tried implementing a simple sandbox on Android with ptrace + seccomp long ago.
The main function is to modify the parameters of svc and modify the function parameters related to the IO file. This enables the sandbox.
But now it seems to find a lot of problems, such as my tracer will have traces, it is easy to be found by anti-debugging detection.
For example, here is the most commonly used code to detect a ptrace tracer.
DIR *pdr = opendir("/proc");
if (pdr == nullptr) {
return;
}
dirent *read_ptr;
while ((read_ptr = readdir(pdr)) != nullptr) {
int procpid = atoi(read_ptr->d_name);
LOG(INFO) << "find /proc/ child dir " << procpid;
if (procpid && procpid != getpid()) {
LOG(ERROR) << ">>>>> FIND OTHER THREAD SANDBOX " << procpid;
}
}
closedir(pdr);
LOG(ERROR) << ">>>>> NOT FIND SANDBOX ";
}
I searched in google and saw you on this project. Is there any good way to solve this detection problem?
Do you have any good suggestions?
Thank you for the problems you can see during your busy time .