Added anti-debug via syscall

[mnrkbys]

The following url introduces an anti-debug technique using ptrace via syscall.

https://cardaci.xyz/blog/2018/02/12/a-macos-anti-debug-technique-using-ptrace/

In the article you will find the following statement.

This confirms that ptrace is invoked by a library initializer function and 0x1000b6162 denotes the return address of the system call, so the breakpoint must be set 2 bytes before that (thus skipping the syscall instruction, opcode 0f05). Unfortunately lldb is not able to set such breakpoint, I guess this is because there is another trick in place, but IDA can do that.
From now on one could simply skip/nop that call to see what lies ahead… which in the case of the-program, was a bunch of other checks and obfuscated assembly.

To automate this, I have considered scanning all mnemonics in the __text section and setting breakpoints on syscall or svc calls.
However, this implementation may take a long time to complete for huge programs.
Therefore, this PR registers a separate command (antidebug_syscall) from the existing antidebug command. This is an area for consideration.

[gdbinit]

The linear disassemble can break easily in x86 and less in ARM64 so this might be of limited usage against hostile obfuscated code using anti-debugging. Maybe some better disassembler assistance to find out the locations and load a list for this specific implementation. Annoying to solve this one at user level.