Is it possible to conceal a OS X app from DTrace?

I am developing an OS X application that I would like to conceal from inspection by DTrace. I'm aware of the P_LNOATTACH flag, but everything I've read tells me that there are ways around it. Is it possible?

Solution

Yes, it's possible. Try running DTrace against iTunes; it doesn't work.

You have to call the ptrace function with PT_DENY_ATTACH.

http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man2/ptrace.2.html

However, there are ways around it with various kext's. Google around and you'll find some of them.

for 10.6 & 10.7: https://github.com/dwalters/pt_deny_attach

Hmm, Looks like it's broken with 10.8 due to ASLR: Detecting, and Shirking Off, the Debugger

Issue with observing SwiftData model and UndoManager
dyld[22230]: Library not loaded: @rpath/SDL2.framework/Versions/A/SDL2 Reason: no LC_RPATH's found
How to make the hardware beep sound in Mac OS X 10.6
Error running pyttsx3 code on OS X: "NameError: name 'objc' is not defined"
Is there any way to run a Flutter app through background on macOS or Windows desktop?
psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: No such file or directory
How can one run a Core ML model on macOS 10.12?
Cannot run a program by clicking on it while I can from Terminal
How to apply "acceptsFirstMouse" for app build with SwiftUI?
QWidget on Mac OS X not focusing in Qt 5
How to create whole screen overlay in MacOS with Swift?
How to remove autostart of apache on macosx
"SSL certificate verify failed" using pip to install packages
Pyttsx3 doesn't work on Python 3.11 script, Mac M1
Code Helper process by VS Code eating my cpu
OS updates related information for Mac OS X
vscode edit symlinks path
How to send data to local clipboard from a remote SSH session
rmarkdown: pandoc: pdflatex not found
openssl/ssl.h not found but installed with homebrew
Homebrew refusing to link OpenSSL
Why ico image does not display on the window using Tkinter?
socket.error: [Errno 48] Address already in use
error AH00558: httpd: Could not reliably determine the server's fully qualified domain name
Programmatically created NSWindow crashes upon close
BUG! exception in phase 'semantic analysis' in source unit '_BuildScript_' Unsupported class file major version 61 on Apple Arm
MacOS - detect when camera is turned on/off
Tk label not displaying on MacOS 13.0.1
How to push a file from computer to /data/.../databases/ using adb command?
SMAppService register() - How to detect launch at startup/login vs regular launch?