├── .gitignore
├── README.md
├── example.sh
├── glory-penguin.png
├── glory.py
├── hook.c
├── requirements.txt
└── usage.png


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | *.swp
3 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # GLORYHook
 2 | The first Linux hooking framework to allow merging two binary files into one!
 3 | 
 4 | <p align="center">
 5 | <img src="https://raw.githubusercontent.com/tsarpaul/GLORYHook/master/glory-penguin.png" />
 6 | </p>
 7 | 
 8 | ## How is this different?
 9 | Other hooking methods do not allow calling libraries from within the hook, so you must resort to writing shellcode or your own implementation for libc APIs. This is not the case with GLORYHook. Check out hook.c, you can call any libc API you want!
10 | 
11 | ## Use cases
12 | 1. Debugging - Can't use LD_PRELOAD? Don't want to mess with injecting dependency shared objects and can't bother installing dependency libraries on the system each time? Just hook your file instantly and ship it with zero extra steps.
13 | 2. File Infection/Backdoor - Can be used as an alternative for an LD_PRELOAD rootkit but with **extra stealth sauce**. Defenders contact me for how to detect.
14 | 
15 | ## Important Notes
16 | GLORYHook supports only x64.
17 | Currently hooking is only supported on imports (e.g. libc functions).
18 | Currently interacting with globals in your hook is unsupported but will be added soon.
19 | 
20 | ## Installation
21 | 1. Install my custom LIEF (I customized LIEF to make ELF manipulations easier):
22 | ```
23 | git clone https://github.com/tsarpaul/LIEF
24 | cd LIEF
25 | python3 ./setup.py install
26 | ```
27 | 2. ```pip3 install -r requirements.txt```
28 | 
29 | ## Usage
30 | 
31 | ![usage](https://raw.githubusercontent.com/tsarpaul/GLORYHook/master/usage.png)
32 | 
33 | 1. Define gloryhook_<import_to_hook> in your hook file
34 | 2. `gcc -shared -zrelro -znow hook.c -o hook`
35 | 3. `python3 glory.py ./file-to-hook ./hook -o ./hooked-file`
36 | 
37 | Check hook.c and example.sh.
38 | 
39 | ## GLORY TO YOU
40 | 


--------------------------------------------------------------------------------
/example.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | gcc -shared -zrelro -znow hook.c -o hook
4 | python3 glory.py /bin/ls ./hook -o ./hooked-ls
5 | 
6 | 


--------------------------------------------------------------------------------
/glory-penguin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tsarpaul/GLORYHook/109c90d0be4c2bba9f4e3a03e2e41cb406bc57c1/glory-penguin.png


--------------------------------------------------------------------------------
/glory.py:
--------------------------------------------------------------------------------
  1 | from os import path
  2 | import shutil
  3 | import struct
  4 | import argparse
  5 | 
  6 | import lief
  7 | from capstone import *
  8 | from keystone import *
  9 | 
 10 | md = None
 11 | ks = None
 12 | PLT_STUB_SIZE = 0x10
 13 | MEMORY_OPERAND = 2
 14 | INT_SZ = 8
 15 | 
 16 | PLT_INDEX_OFFSET = 0x6
 17 | PLT_JMP_OFFSET = 0xb
 18 | 
 19 | def isexec(segment):
 20 | 	return segment.has(lief.ELF.SEGMENT_FLAGS.X) and segment.type == lief.ELF.SEGMENT_TYPES.LOAD
 21 | 
 22 | def isread(segment):
 23 | 	return segment.has(lief.ELF.SEGMENT_FLAGS.R) and not segment.has(lief.ELF.SEGMENT_FLAGS.X) and segment.type == lief.ELF.SEGMENT_TYPES.LOAD
 24 | 
 25 | def pc_in_instr(i):
 26 | 	return 'rip' in i.op_str or 'eip' in i.op_str
 27 | 
 28 | class Binary64():
 29 | 	def _fix_got_after_injection(self, injected_offset, injected_size):
 30 | 		with open(self.path, 'rb+') as f:
 31 | 			# Fix header - it should point at its own VA
 32 | 			f.seek(self.got_section.file_offset)
 33 | 			got_header_va = self.got_section.virtual_address
 34 | 			f.write(struct.pack("<Q", got_header_va))
 35 | 		self.reload()
 36 | 
 37 | 	def update_injection_metadata(self, injected_offset, injected_size, end_of_section=True, extend_backwards=False):
 38 | 		def get_injected_section():
 39 | 			if end_of_section:
 40 | 				injected_section = self.binary.section_from_offset(injected_offset - 1)
 41 | 			else:
 42 | 				injected_section = self.binary.section_from_offset(injected_offset)
 43 | 			return injected_section
 44 | 
 45 | 		injected_section = get_injected_section()
 46 | 
 47 | 		if extend_backwards:
 48 | 			# TODO: Fix this if it is needed
 49 | 			for i, s in enumerate(self.binary.sections):
 50 | 				if s == injected_section:
 51 | 					break
 52 | 
 53 | 			last_section = self.binary.sections[i-1]
 54 | 			self.binary.extend(last_section, injected_size)
 55 | 
 56 | 			last_section.size -= injected_size
 57 | 			injected_section.virtual_address -= injected_size
 58 | 			injected_section.offset -= injected_size
 59 | 			
 60 | 			self.lief_write()
 61 | 		else:
 62 | 			# Extend section to prepare for injection
 63 | 			self.binary.extend(injected_section, injected_size)
 64 | 			self.lief_write()
 65 | 
 66 | 			injected_section = get_injected_section()
 67 | 			# Create a cavity for the injection by pushing code forward to fill the extension
 68 | 			with open(self.path, 'rb+') as f:
 69 | 				old_section_end = injected_section.file_offset + injected_section.size - injected_size
 70 | 				bytes_to_move_sz = old_section_end - injected_offset
 71 | 				f.seek(injected_offset)
 72 | 				bytes_to_move = f.read(bytes_to_move_sz)
 73 | 				f.seek(injected_offset + injected_size)
 74 | 				f.write(bytes_to_move)
 75 | 
 76 | 		self.reload()
 77 | 
 78 | 	def apply_code_changes(self, code_changes):
 79 | 		with open(self.path, 'rb+') as f:
 80 | 			for cc in code_changes:
 81 | 				f.seek(cc[0])
 82 | 				f.write(bytearray(cc[1]))
 83 | 		self.reload()
 84 | 
 85 | 	def va(self, offset):
 86 | 		section = self.binary.section_from_offset(offset)
 87 | 		return section.virtual_address + offset - section.file_offset
 88 | 
 89 | 	def update_injection_code(self, injected_offset, injected_size):
 90 | 		def injection_in_positive_delta(injected_va, instruction_va, operand_delta):
 91 | 			return operand_delta > 0 and instruction_va < injected_va < instruction_va + operand_delta
 92 | 		
 93 | 		def injection_in_negative_delta(injected_va, injected_size, instruction_va, operand_delta):
 94 | 			return operand_delta < 0 and instruction_va > injected_va + injected_size and injected_va > instruction_va + operand_delta
 95 | 
 96 | 		x_sections = []
 97 | 		for s in self.binary.sections:
 98 | 			if s.has(lief.ELF.SECTION_FLAGS.EXECINSTR):
 99 | 				x_sections.append(s)
100 | 
101 | 		code_changes = []
102 | 		for s in x_sections:
103 | 			code_start = s.file_offset
104 | 			code_va = s.virtual_address
105 | 			code_size = s.size
106 | 
107 | 			# Fix relative addressings where the injection is located in the middle
108 | 			# Collect relative instructions
109 | 			with open(self.path, 'rb') as f:
110 | 				f.seek(code_start)
111 | 				injected_code = f.read(code_size)
112 | 
113 | 			# Disassemble for the relatives
114 | 			injected_disassembly = md.disasm(injected_code, code_va)
115 | 			disassembly_index = 0
116 | 			disassembly_va = code_va
117 | 
118 | 			for i in injected_disassembly:
119 | 				offset = code_start + disassembly_index
120 | 				#if offset == 0x3FED00:
121 | 				#	import pdb; pdb.set_trace()
122 | 
123 | 				# Relative call
124 | 				if i.mnemonic in ['call', 'jmp'] and i.operands[0].type == MEMORY_OPERAND:
125 | 					# Capstone resolves imm to the appropriate address, instead of a delta
126 | 					imm = i.operands[0].imm
127 | 					new_imm = None
128 | 
129 | 					if self.va(offset) > self.va(injected_offset) + injected_size > imm:
130 | 						new_imm = imm - injected_size
131 | 					elif self.va(offset) < self.va(injected_offset) < imm:
132 | 						new_imm = imm + injected_size
133 | 
134 | 					if new_imm is not None:
135 | 						# Keystone does not resolve imm to appropriate address, so we have to recalculate the offset
136 | 						new_imm = new_imm - disassembly_va 
137 | 						new_asm_str = f'{i.mnemonic} {hex(new_imm)};'
138 | 						new_asm, count = ks.asm(new_asm_str)
139 | 						assert(len(new_asm) == i.size)  # TODO: If this happens we overflowed, we'll need to inject extra code to add up the relative call
140 | 						code_changes.append((offset, new_asm))
141 | 
142 | 				elif pc_in_instr(i):
143 | 					rip_operand_index = 0
144 | 					try:
145 | 						if i.operands[1].mem.disp != 0:
146 | 							rip_operand_index = 1
147 | 					except IndexError:
148 | 						pass
149 | 
150 | 					disp = i.operands[rip_operand_index].mem.disp
151 | 					new_disp = None
152 | 
153 | 					if(injection_in_positive_delta(self.va(injected_offset), self.va(offset), disp + i.size)):
154 | 						new_disp = disp + injected_size
155 | 					elif(injection_in_negative_delta(self.va(injected_offset), injected_size, self.va(offset), disp + i.size)):
156 | 						new_disp = disp - injected_size
157 | 
158 | 					if new_disp is not None:
159 | 						new_asm_str = f'{i.mnemonic} {i.op_str};'
160 | 						new_asm_str = new_asm_str.replace(str(hex(disp)), hex(new_disp))
161 | 						new_asm, count = ks.asm(new_asm_str)
162 | 						assert(len(new_asm) == i.size)
163 | 						code_changes.append((offset, new_asm))
164 | 
165 | 				disassembly_index += i.size
166 | 				disassembly_va += i.size
167 | 
168 | 		self.apply_code_changes(code_changes)
169 | 
170 | 
171 | 	def __init__(self, path):
172 | 		self.path = path
173 | 		self.reload()
174 | 
175 | 		self.arch = self.binary.header.machine_type
176 | 		if self.arch not in [lief.ELF.ARCH.x86_64, lief.ELF.ARCH.i386]:
177 | 			raise("Unsupported architectures!")
178 | 
179 | 		exec_segs = [seg for seg in self.binary.segments if isexec(seg)]
180 | 		read_segs = [seg for seg in self.binary.segments if isread(seg)]
181 | 		assert(len(exec_segs) == 1)
182 | 		assert(len(read_segs) == 1)
183 | 
184 | 	def lief_write(self):
185 | 		self.binary.write(self.path)
186 | 		self.reload()
187 | 
188 | 	def reload(self):
189 | 		"""Using old LIEF primitives MAY RESULT IN UNDEFINED BEHAVIOR after reloading!"""
190 | 		self.binary = lief.parse(self.path)
191 | 		self.plt_section = self.binary.get_section('.plt')
192 | 		self.text_section = self.binary.get_section('.text')
193 | 		self.got_section = self.binary.get_section('.got')
194 | 		self.load_segs = [seg for seg in self.binary.segments if seg.type == lief.ELF.SEGMENT_TYPES.LOAD]
195 | 		self.exec_seg = self.load_segs[0]
196 | 		self.read_seg = self.load_segs[1]
197 | 
198 | 	def inject(self, content, offset, end_of_section=True, extend_backwards=False):
199 | 		size = len(content)
200 | 
201 | 		# Adjust the binary before injecting
202 | 		self.update_injection_metadata(offset, size, end_of_section, extend_backwards)
203 | 
204 | 		with open(self.path, 'rb+') as f:
205 | 			f.seek(offset)
206 | 			f.write(content)
207 | 		self.reload()
208 | 
209 | 		self.update_injection_code(offset, size)
210 | 
211 | 	def fix_new_plt_entries(self, injection_start, injection_size, got_start, got_sz):
212 | 		# Minus header and adjust to index 0
213 | 		max_got_index = got_sz//0x8 - 1 - 3
214 | 		#max_got_index = (self.plt_section.size-injection_size)//0x10 - 1
215 | 		injection_end = injection_start + injection_size
216 | 
217 | 		got_end = got_start + got_sz
218 | 		got_end_va = self.va(got_end)
219 | 
220 | 		code_changes = []
221 | 		# Fix our new PLT entries
222 | 		for i, plt_entry in enumerate(range(injection_start, injection_end, 0x10)):
223 | 			delta_from_plt_start = plt_entry - self.plt_section.file_offset
224 | 			plt_entry_va = self.plt_section.virtual_address + delta_from_plt_start
225 | 			got_entry = got_end + i*INT_SZ
226 | 			got_entry_va = got_end_va + i*INT_SZ
227 | 
228 | 			# Fix GOT entry, should hold (PLT_entry + 0x6) initially
229 | 			plt_entry_stub_va = plt_entry_va + 0x6
230 | 			code_changes.append((got_entry, struct.pack("<Q", plt_entry_stub_va)))
231 | 
232 | 			# Fix jmp to GOT
233 | 			got_jmp_delta = got_entry_va - plt_entry_va - 6  # minus instruction size
234 | 			asm, count = ks.asm(f"jmp [rip+{got_jmp_delta}]")
235 | 			code_changes.append((plt_entry, asm))
236 | 
237 | 			# Fix GOT index in PLT stub
238 | 			plt_index_offset = plt_entry + PLT_INDEX_OFFSET
239 | 			max_got_index += 1
240 | 			asm, count = ks.asm(f"push {max_got_index}; nop; nop; nop")
241 | 			assert(len(asm) == 5)
242 | 			code_changes.append((plt_index_offset, asm))
243 | 
244 | 			# Fix jmp to PLT stub
245 | 			plt_jmp_offset = plt_entry_va + PLT_JMP_OFFSET
246 | 			jmp_delta = self.plt_section.offset - plt_jmp_offset
247 | 			asm, count = ks.asm(f"jmp {jmp_delta};")
248 | 			code_changes.append((plt_jmp_offset, asm))
249 | 
250 | 		self.apply_code_changes(code_changes)
251 | 
252 | 	def merge_plt(self, plt_code, binary):
253 | 		plt_end_offset = self.plt_section.offset + self.plt_section.size
254 | 		print("[+] Injecting new PLT")
255 | 		self.inject(plt_code, plt_end_offset)
256 | 		
257 | 		print("[+] Extending GOT for new PLT")
258 | 		got_start = self.got_section.file_offset
259 | 		got_sz = self.got_section.size
260 | 		got_end = got_start + got_sz
261 | 
262 | 		new_entries_count = len(plt_code)//0x10
263 | 		extension_sz = new_entries_count * INT_SZ
264 | 		extension_sz = (extension_sz//0x20)*0x20+0x20  # Align to 0x10
265 | 		self.inject(b'\x00' * extension_sz, got_end)
266 | 
267 | 		print("[+] Fixing injected PLT")
268 | 		self.fix_new_plt_entries(plt_end_offset, len(plt_code), got_start, got_sz)
269 | 
270 | 		self._fix_got_after_injection(plt_end_offset, len(plt_code))
271 | 
272 | 		print("[+] Injecting PLT relocations")
273 | 		self.inject_dynamic_relocations(binary, got_end)
274 | 
275 | 	def inject_dynamic_relocations(self, binary, got_end):
276 | 		got_entry = self.va(got_end)
277 | 		for rel in binary.binary.pltgot_relocations:
278 | 			rel.address = got_entry
279 | 			got_entry += 8
280 | 			self.binary.add_pltgot_relocation(rel)
281 | 		self.lief_write()
282 | 
283 | 	def merge_symbols(self, binary):
284 | 		# TODO: Remove this?
285 | 		auxiliary_map = {}
286 | 		for symver in self.binary.symbols_version:
287 | 			if symver.has_auxiliary_version:
288 | 				auxiliary_map[symver.symbol_version_auxiliary.name] = symver.value
289 | 
290 | 		# Skip first null symbol
291 | 		symbols = list(binary.binary.dynamic_symbols)[1:]
292 | 		for sym in symbols:
293 | 			self.binary.add_dynamic_symbol(sym)
294 | 
295 | 		self.lief_write()
296 | 
297 | 	def get_imports(self):
298 | 		"""Map PLT calls"""
299 | 		imports = {}
300 | 		dynamic_symbols = {s.value: s.name for s in self.binary.dynamic_symbols if s.type == lief.ELF.SYMBOL_TYPES.FUNC}
301 | 
302 | 		# To be more precise, we should read the initial value in the GOT entry.
303 | 		# The relocation index will match the PLT index in an untampered binary so this implementation should be fine
304 | 		for i, r in enumerate(self.binary.pltgot_relocations):
305 | 			plt_address = self.plt_section.virtual_address + 0x10 + i * 0x10
306 | 			imports[plt_address] = r.symbol.name
307 | 
308 | 		return imports
309 | 
310 | 	def get_import_callers(self):
311 | 		calls = []
312 | 
313 | 		imports = self.get_imports()
314 | 
315 | 		# Disassemble text section to find calls to imports(PLT)
316 | 		text_start = self.text_section.file_offset
317 | 		text_va = self.text_section.virtual_address
318 | 		text_size = self.text_section.size
319 | 
320 | 		with open(self.path, 'rb') as f:
321 | 			f.seek(text_start)
322 | 			code = f.read(text_size)
323 | 
324 | 		disas = md.disasm(code, text_va)
325 | 		disassembly_index = 0
326 | 		disassembly_va = text_va
327 | 
328 | 		# Look for calls into PLT
329 | 		for i in disas:
330 | 			offset = text_start + disassembly_index
331 | 
332 | 			if i.mnemonic == 'call' and i.operands[0].type == MEMORY_OPERAND:
333 | 				# Capstone resolves imm to the appropriate address, instead of a delta
334 | 				imm = i.operands[0].imm
335 | 
336 | 				if self.plt_section.virtual_address <= imm < (self.plt_section.virtual_address + self.plt_section.size):
337 | 					calls.append([i, offset, imports[imm]])
338 | 
339 | 			disassembly_index += i.size
340 | 
341 | 		return calls
342 | 
343 | 	def replace_named_calls(self, start, end, calls, new_call_map):
344 | 		code_changes = []
345 | 
346 | 		for call in calls:
347 | 			instr, offset, name = call[0], call[1], call[2]
348 | 			if name not in new_call_map:
349 | 				continue
350 | 			
351 | 			# Calculate new jump to the overriding function
352 | 			new_dest = new_call_map[name]
353 | 			new_imm = new_dest - offset
354 | 			asm, count = ks.asm(f'call {new_imm}')
355 | 			assert(len(asm) == instr.size)
356 | 			code_changes.append((offset, asm))
357 | 
358 | 		self.apply_code_changes(code_changes)
359 | 
360 | 	def get_hook_exports(self):
361 | 		exports = {}
362 | 		for e in self.binary.exported_functions:
363 | 			if e.name.startswith('gloryhook_'):
364 | 				new_name = e.name.replace('gloryhook_', '')
365 | 				exports[e.address] = new_name
366 | 		return exports
367 | 
368 | 	def merge_binary_code(self, binary):
369 | 		# Add the new binary's code and read
370 | 		new_code = bytes(binary.exec_seg.content)
371 | 		merged_code_base_addr = self.exec_seg.file_offset + self.exec_seg.physical_size
372 | 
373 | 		self.inject(new_code, merged_code_base_addr)
374 | 		self.lief_write()
375 | 
376 | 		# TODO: Fix code to work with read segment too
377 | 		read_seg_end = self.read_seg.file_offset + self.read_seg.physical_size
378 | 		self.inject(bytes(binary.read_seg.content), read_seg_end)
379 | 		self.lief_write()
380 | 
381 | 		# Fix new code imports
382 | 		new_import_callers = binary.get_import_callers()
383 | 		for nic in new_import_callers:
384 | 			# Adjust address for new binary
385 | 			nic[1] += merged_code_base_addr
386 | 
387 | 		imports = self.get_imports()  # Collect name->PLT addresses
388 | 		imports = {v:k for (k, v) in imports.items()}  # Flip addr:name to name:addr
389 | 		self.replace_named_calls(merged_code_base_addr, merged_code_base_addr + len(new_code), new_import_callers, imports)
390 | 
391 | 		# Replace PLT callers with functions from new binary
392 | 		import_callers = self.get_import_callers()
393 | 		exports = binary.get_hook_exports()
394 | 		exports = {v:k for (k, v) in exports.items()}  # Flip addr:name to name:addr
395 | 		for name, addr in exports.items():
396 | 			# Adjust address for new binary
397 | 			exports[name] += merged_code_base_addr
398 | 
399 | 		self.replace_named_calls(self.text_section.file_offset, self.text_section.file_offset + self.text_section.size, import_callers, exports)
400 | 
401 | class Merger:
402 | 	# TODO: Add support for multiple executable LOAD segments
403 | 	def __init__(self, paths, out_path):
404 | 		self.binaries = [Binary64(p) for p in paths]
405 | 		
406 | 		arch = self.binaries[0].arch
407 | 		if not all([binary.arch == arch for binary in self.binaries]):
408 | 			raise("Inconsistent arch in binaries!")
409 | 
410 | 		# Setup the new merged file
411 | 		shutil.copy(self.binaries[0].path, out_path)
412 | 		self.new_binary = Binary64(out_path)
413 | 
414 | 	def merge(self):
415 | 		# Merge loadable segments
416 | 		for binary in self.binaries[1:]:
417 | 			try:
418 | 				binary.binary.get_section('.got.plt')
419 | 			except:
420 | 				pass
421 | 			else:
422 | 				print("[!] Currently we do not support injecting binaries with .got.plt. Recompile it with -zrelro -znow")
423 | 				exit(1)
424 | 
425 | 			offset = binary.plt_section.offset + PLT_STUB_SIZE  # Skip PLT stub
426 | 			size = binary.plt_section.size - PLT_STUB_SIZE
427 | 			with open(binary.path, 'rb') as f:
428 | 				f.seek(offset)
429 | 				plt_code = f.read(size)
430 | 
431 | 			self.new_binary.merge_symbols(binary)	
432 | 			self.new_binary.merge_plt(plt_code, binary)
433 | 			self.new_binary.merge_binary_code(binary)
434 | 
435 | 		print('[+] Done!')
436 | 
437 | if __name__ == "__main__":
438 | 	# TODO: Add a check that we're on a good LIEF release
439 | 	# TODO: Add support for more than 2 binaries(?)
440 | 
441 | 	parser = argparse.ArgumentParser(description='GLORYHook')
442 | 	parser.add_argument('file1', help='path to file to install hooks on')
443 | 	parser.add_argument('file2', help='file with gloryhooks')
444 | 	parser.add_argument('-o', '--output', help='output path', required=True)
445 | 
446 | 	args = parser.parse_args()
447 | 
448 | 	path1 = args.file1
449 | 	path2 = args.file2
450 | 	out_path = args.output
451 | 
452 | 	if not (path.exists(path1) and path.exists(path2)):
453 | 		print("[!] ERR: One of the supplied input paths does not exist!")
454 | 		exit(1)
455 | 
456 | 	print('[+] Beginning merge!')
457 | 	merger = Merger([path1, path2], out_path)
458 | 	md_arch = CS_MODE_64 if merger.binaries[0].arch == lief.ELF.ARCH.x86_64 else CS_MODE_32
459 | 	ks_arch = KS_MODE_64 if md_arch == CS_MODE_64 else KS_MODE_32
460 | 	md = Cs(CS_ARCH_X86, md_arch) 
461 | 	ks = Ks(KS_ARCH_X86, ks_arch)
462 | 	md.detail = True
463 | 	merger.merge()
464 | 	
465 | 


--------------------------------------------------------------------------------
/hook.c:
--------------------------------------------------------------------------------
 1 | #include <stdio.h>
 2 | #include <stdlib.h>
 3 | #include <string.h>
 4 | 
 5 | char *gloryhook_strrchr(const char *s, int c){
 6 | 	printf("STRRCHR HOOKED!\n");
 7 | 	return strrchr(s, c);
 8 | }
 9 | 
10 | char *gloryhook_getenv(const char *name) {
11 | 	printf("GETENV HOOKED!\n");
12 | 	return getenv(name);
13 | }
14 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | capstone==4.0.2
2 | keystone-engine==0.9.2
3 | 


--------------------------------------------------------------------------------
/usage.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tsarpaul/GLORYHook/109c90d0be4c2bba9f4e3a03e2e41cb406bc57c1/usage.png


--------------------------------------------------------------------------------