Gdbypass May 2026

Authors: [Your Name], [Affiliation] – Corresponding author [Co‑author 1], [Affiliation] [Co‑author 2], [Affiliation] Dynamic binary analysis tools such as the GNU Debugger (GDB) are indispensable for reverse‑engineering, vulnerability research, and malware analysis. However, modern adversaries increasingly employ anti‑debugging mechanisms that detect and thwart the presence of a debugger. In this paper we introduce GDBypass , a lightweight, architecture‑agnostic framework that enables native binaries to evade detection by GDB without sacrificing functional correctness. GDBypass leverages a combination of runtime code morphing , system‑call interposition , and hardware break‑point cloaking to hide the debugger’s presence from the target process. We present a systematic evaluation on Linux‑x86_64 and Linux‑ARM64 platforms, demonstrating that GDBypass defeats a suite of 27 state‑of‑the‑art anti‑debugging checks (including ptrace , procfs , prctl , and timing‑based heuristics) while incurring an average overhead of 3.2 % in wall‑clock time and 1.8 % in memory consumption. Our findings suggest that existing defensive tools must be redesigned to account for the stealth capabilities offered by GDBypass.

# Install privileged helper (set‑uid root) sudo cp src/gdbypass-ctl /usr/local/sbin/ sudo chmod u+s /usr/local/sbin/gdbypass-ctl gdbypass

Title GDBypass: A Novel Technique for Transparent Debugger Evasion in Native Executables GDBypass leverages a combination of runtime code morphing