Apple has no plans to change that either! They say “Why would we want to do this? A hacker could just patch your app and then resign it with his own signature and it will have a valid sig again. Okay, you could write code that checks if the signature is valid *AND* if the signature is signed by your cert, but the hacker could just replace this piece of code, too”

Sign your code instead. Use techniques and tools that obfuscate and encrypt your code. Just don’t make the system opaque to understanding. That path takes us back to Windows.

So, I re-ran the test, typed ‘r’ and got an 055 exit. Then I unzipped an old version of my app which was not compiled with the call to ptrace PT_DENY_ATTACH, attached to it, typed ‘r’, and gdb continued to work. So, I take back what I said yesterday.

Thanks, Kenneth.

Also, regarding the original comment by ctwise, I don’t believe that the “makes…impossible” applies to your machine. #ifdef DEBUG, everything is back to normal. Regarding the workaround, of course, if one hacks the system, anything is possible. PT_DENY_ATTACH just sets up another hurdle for some hacker who may be seriously thinking of not drinking another Coke and going to bed instead.

Note that gdb still loads, but won’t let you run. So if you load gdb with the executable, it will work, read symbols and everything. However, it’s when you “run” that the app exits with code 055 every time.

GNU gdb 6.3.50-20050815 (Apple version gdb-768) (Tue Oct 2 04:07:49 UTC 2007)

I’m pretty sure I did it correctly. To make sure that the #ifdef was working (actually I used #ifndef), I logged a compiler #warning just above the call to ptrace(), and it did log. If you send me, or post, your ProtectionSample, I’ll see if my gdb can attach to it.