A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Kernel Cheat/Hack) All cleaned up, and with updated offsets.
A project that demonstrates how to screw with CSGO from Kernel Space. Project comes with updated offsets, my aim was to create a project with more features achieved using a driver. I tend to hook DirectX, and implement Kernel-level drawing into this project. This has been done by a couple of people already, I mainly wanted to do one myself. The project has a UserMode application which uses IOCTL to control the Kernel Driver. This was something that helped me understand more of how Kernel Drivers work in particular, make a clean project for myself, and go forward.
Side note: No, this project has nothing to do with csgo's released source code or whatever. This project probably has mistakes. Feel free to correct me through PRs.
Simple explanation: It's something that doesn't like kernel manipulation, and triggers a BSOD If detects It. Use something like EfiGuard or UPGDSED or Shark . I prefer the two latter. Doing so will give you sort of full "invisibility", but It's unnecessary (imo).
As long as you do not open a handle to the game you should be fine, but of course there are ways to detect Read/Write memories. It's just harder without a driver, and hence they haven't really done this since 2017 I hardly think they are going to. Here is some information from 2013, and 2016: * Analysis from 2013 by forcon * Write up from Mambda
Both sources talk about that VAC opens handle to processes and searches all volumes with FindFirstVolumeW, FindNextVolumeW and closes handles with FindVolumeClose.
It opens every handle running with QueryInformation, and VMREAD. Denying access with ObRegisterCallbacks to protect the controller would be more than enough to get rid of this scan.
-- After some emails I have decided to clear some things up. The project doesn't open a handle, and obviously doesn't use usermode RPM/WPM. Therefore the only detectable parts should be memory writing It self, and by VAC searching for the driver / usermode application. As stated above you can grant yourself "invisibility" (from VAC) atleast by using the implemented driver / process hiding. The driver also protects the usermode application from VAC's process scanning. (Stated in the VAC section) The project files could be flagged, and can get you banned If VAC detects you are running this certain program (Checking for name / hash, but It's a really bad approach from any anti-cheat)
C if (EnumDeviceDrivers(drivers, sizeof(drivers), &cbNeeded) && cbNeeded < sizeof(drivers))
I have purchased CSGO around April-May on a separate account, which you see in the sample videos. For 80+ hours I have been cheating on that account, for about a month or so. Revisited the game in August last time. I have used wallhack, triggerbot, aimbot without holding back and received countless reports from competetive matches. At this time being the account is still not banned for CSGO. Still, do not use it on your main accounts.
You will need Visual Studio 2017 atleast, and amongs that the WDK. If you don't know how to compile a Kernel Driver, you will need to google a bit, or just click here.
Don't be a loser, dump with GH Dumper
Use -insecure, and dump after.
~~Visit hazedumper for easy usage.~~
If you don't need the csrss.exe check just remove It (memory.c, but not recommended), or update the offsets manually for different windows versions.
Open up CMD as admin mode: ```Bash # Enable testmode and reboot. bcdedit /set testsigning on
# Create service and start it. sc create garhal type= kernel binpath="C:\Users...\Desktop\garhal.sys" sc start garhal
# Stopping the service, bohoho... sc stop garhal
# Disabling testmode... bcdedit /set testsigning off ```