Exploitationhotpatchingdll-injectionprocess-injectionlinuxshared-library

hotpatch

Hotpatch dynamically loads a shared library (.so) into a running Linux process without affecting its execution. It provides a C/C++ API for hot patching executables via the hotpatcher utility.

Description

Hotpatch is a library designed to hot patch Linux executables by injecting .so files into already running processes. This allows for dynamic modification of process behavior without interrupting execution, making it useful for runtime patching, debugging, or introducing new functionality into live applications.

The tool includes the hotpatcher command-line utility, which simplifies the injection process by targeting a specific process ID (PID). It supports options for verbose logging, dry runs, symbol invocation, and execution pointer manipulation, providing flexibility for various patching scenarios.

Use cases include security research, exploit development, and runtime analysis where altering process memory or injecting code is necessary without restarting the target.

How It Works

Hotpatch uses a C API (also C++ compatible) to inject a shared library (.so) into a running process identified by PID. The hotpatcher utility facilitates this by loading the .so file into the target process's memory space. It can invoke specific symbols from the library, reset or set the execution pointer to a symbol, and supports dry-run mode to simulate without modification. The injection occurs without halting the target process, leveraging Linux dynamic linking mechanisms.

Installation

bash
sudo apt install hotpatch

Flags

-hThis help message
-VVersion number.
-v[vvvv]Enable verbose logging. Add more 'v's for more
-NDry run. Do not modify anything in process
-l <.so>Path or name of the .so file to load. Switches off execution pointer reset
-s <name>Symbol to invoke during the dll inject. Optional.
-x <name>Set execution pointer to symbol. Cannot be set with -s option

Examples

Display the help message for hotpatcher
hotpatcher -h
Show the version number of hotpatcher
hotpatcher -V
Patch process 1234 with verbose logging enabled
hotpatcher -v 1234
Perform a dry run patch on process 1234 without modifications
hotpatcher -N 1234
Load specified .so file into process 1234, disabling execution pointer reset
hotpatcher -l /path/to/lib.so 1234
Patch process 1234 and invoke the mysymbol during injection
hotpatcher -s mysymbol 1234
Patch process 1234 and set execution pointer to newsymbol
hotpatcher -x newsymbol 1234
Updated 2026-04-16kali.org ↗