- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Detect usage of the ptrace system call with the PTRACE_TRACEME
argument, indicating a program actively attempting to avoid debuggers attaching to the process. This behavior is typically indicative of malware activity.
The ptrace system call provides a means for one process to observe and control the execution of another process. This system call allows a process to modify the execution of another process, including changing memory and register values. One limitation of this system call is that a process can only have one trace, and malicious actors have been observed making use of this limitation to prevent debuggers from attaching to malicious processes for the purpose of forensics or analysis.