Program being run under debugger

[kristolearn]

Hi,
Is there a way to detect if my program is being run under any debugger. I am intrested in detecing below two cases

1. If my running program is atttached to some debugger
2. If my program is started under debugger itself.

Please share your ideas regarding this.

Thanks in advance,
Kris.

[gerard4143]

I don't know your answers outright but you should be able to find most of them be investigating the debug registers and related flags...does Linux have a library or function(s) to accomplish this task? I really don't know...Gerard4143

Note: AMD/Intel has all their manuals posted on the web

[kristolearn]

Thanks gerard4143 for replying . I also have not heard any such function which can access such low level stuff . If at all available, can you brief a bit as of how can we use them to determine if my program is being run under a debugger

Thanks
Kristo

[Cabhan]

You could check if your problem was started by a debugger by using the getppid() system call to get the parent's PID. Then check /proc/PID/exec (I think that's the symlink) to find out what executable the parent is and check it against a list of known debuggers.

I don't know about other debuggers (though I suspect they're the same), but gdb does its debugging by using the ptrace() system call. I don't know if a process can tell if it's being traced, but if you can detect this, then you would know if someone is tracing you. In theory, it could be anything, but in practice, it's very likely to be a debugger.

[gerard4143]

Maybe I'm getting too low level with this....mmmh you really should investigate gdb's info/man pages and especially look into gdbserver but before you do this you really should strip your executable of all debug symbols...no symbols no debugger....Gerard4143

But if you insist on low level then I recommend AMD manual "AMD64 Architecture Programmer's Manual Volume 2: System Programming - 13 section Debug and Performance Resources "

AMD64 Architecture Tech Docs