8dcc
parent
8216613d11
commit
b76e33d526
44
inject.sh
44
inject.sh
|
|
@ -3,16 +3,40 @@
|
|||
pid=$(pidof "hl_linux")
|
||||
libpath=$(realpath "libhlcheat.so")
|
||||
|
||||
# 0x2 -> RTLD_NOW
|
||||
sudo gdb -n -q -batch \
|
||||
-ex "attach $pid" \
|
||||
-ex "set \$dlopen = (void* (*)(char*, int))dlopen" \
|
||||
-ex "set \$dlerror = (char* (*)(void))dlerror" \
|
||||
-ex "call \$dlopen(\"$libpath\", 2)" \
|
||||
-ex "call \$dlerror()" \
|
||||
-ex "detach" \
|
||||
-ex "quit"
|
||||
# Used to echo the command. For debugging.
|
||||
#set -x
|
||||
|
||||
# -ex "set \$dlclose = (int (*)(void*))dlclose" \
|
||||
if grep -q "$libpath" "/proc/$pid/maps"; then
|
||||
echo -e "hl-cheat already loaded. Reloading...\n";
|
||||
|
||||
# 0x2 -> RTLD_NOW
|
||||
# 0x6 -> RTLD_LAZY | RTLD_NOLOAD
|
||||
# For more info on the 3 mid lines, see self_unload() in main.c
|
||||
sudo gdb -n -q -batch \
|
||||
-ex "attach $pid" \
|
||||
-ex "set \$dlopen = (void* (*)(char*, int))dlopen" \
|
||||
-ex "set \$dlclose = (int (*)(void*))dlclose" \
|
||||
-ex "set \$dlerror = (char* (*)(void))dlerror" \
|
||||
\
|
||||
-ex "set \$self = \$dlopen(\"$libpath\", 6)" \
|
||||
-ex "call \$dlclose(\$self)" \
|
||||
-ex "call \$dlclose(\$self)" \
|
||||
\
|
||||
-ex "call \$dlopen(\"$libpath\", 2)" \
|
||||
-ex "call \$dlerror()" \
|
||||
-ex "detach" \
|
||||
-ex "quit"
|
||||
else
|
||||
sudo gdb -n -q -batch \
|
||||
-ex "attach $pid" \
|
||||
-ex "set \$dlopen = (void* (*)(char*, int))dlopen" \
|
||||
-ex "set \$dlclose = (int (*)(void*))dlclose" \
|
||||
-ex "set \$dlerror = (char* (*)(void))dlerror" \
|
||||
-ex "call \$dlopen(\"$libpath\", 2)" \
|
||||
-ex "call \$dlerror()" \
|
||||
-ex "detach" \
|
||||
-ex "quit"
|
||||
fi
|
||||
|
||||
set +x
|
||||
echo -e "\nDone."
|
||||
|
|
|
|||
Loading…
Reference in New Issue