From 40bec8bdc9c7fa191014c02385358330dc91e883 Mon Sep 17 00:00:00 2001 From: tranarchy <150830424+tranarchy@users.noreply.github.com> Date: Mon, 3 Jun 2024 17:12:02 +0200 Subject: [PATCH] added a way to hide tpid in readme --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index fdfd28504ed..dcc10b50d5b 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,20 @@ You can simply run the following script in the directory containing **libOsiris. However, this injection method might be detected by VAC as gdb is visible under **TracerPid** in `/proc/$(pidof cs2)/status` for the duration of the injection. +It's possible to hide the TracerPid by applying the following patch to your kernel sources: + + --- a/fs/proc/array.c + +++ b/fs/proc/array.c + @@ -162,7 +162,7 @@ + + tracer = ptrace_parent(p); + if (tracer) + - tpid = task_pid_nr_ns(tracer, ns); + + tpid = 0; + + tgid = task_tgid_nr_ns(p, ns); + ngid = task_numa_group_id(p); + ## License > Copyright (c) 2018-2024 Daniel KrupiĆski