From 40bec8bdc9c7fa191014c02385358330dc91e883 Mon Sep 17 00:00:00 2001
From: tranarchy <150830424+tranarchy@users.noreply.github.com>
Date: Mon, 3 Jun 2024 17:12:02 +0200
Subject: [PATCH] added a way to hide tpid in readme

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index fdfd28504ed..dcc10b50d5b 100644
--- a/README.md
+++ b/README.md
@@ -85,6 +85,20 @@ You can simply run the following script in the directory containing **libOsiris.
 
 However, this injection method might be detected by VAC as gdb is visible under **TracerPid** in `/proc/$(pidof cs2)/status` for the duration of the injection.
 
+It's possible to hide the TracerPid by applying the following patch to your kernel sources:
+
+    --- a/fs/proc/array.c
+    +++ b/fs/proc/array.c
+    @@ -162,7 +162,7 @@
+     
+     	tracer = ptrace_parent(p);
+     	if (tracer)
+    -		tpid = task_pid_nr_ns(tracer, ns);
+    +		tpid = 0;
+     
+     	tgid = task_tgid_nr_ns(p, ns);
+     	ngid = task_numa_group_id(p);
+
 ## License
 
 > Copyright (c) 2018-2024 Daniel KrupiƄski