├── .github ├── image.png └── workflows │ └── update_offsets.yml ├── .gitignore ├── LICENSE ├── README.md ├── cs2-external-esp.sln ├── memory-external ├── classes │ ├── auto_updater.cpp │ ├── auto_updater.hpp │ ├── config.cpp │ ├── config.hpp │ ├── globals.hpp │ ├── json.hpp │ ├── render.hpp │ ├── utils.cpp │ ├── utils.h │ └── vector.hpp ├── hacks │ ├── hack.hpp │ ├── reader.cpp │ └── reader.hpp ├── main.cpp ├── memory-external.vcxproj ├── memory-external.vcxproj.filters └── memory │ ├── handle_hijack.hpp │ ├── memory.cpp │ └── memory.hpp └── offsets ├── offsets.json └── update_offsets.py /.github/image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IMXNOOBX/cs2-external-esp/7040d3757916dbc07f45246602438117c1318844/.github/image.png -------------------------------------------------------------------------------- /.github/workflows/update_offsets.yml: -------------------------------------------------------------------------------- 1 | name: Update Offsets 2 | 3 | on: 4 | schedule: 5 | - cron: '0 * * * *' # Runs every hour 6 | 7 | jobs: 8 | update_offsets: 9 | runs-on: ubuntu-latest 10 | 11 | steps: 12 | - name: Checkout Repository 13 | uses: actions/checkout@v2 14 | 15 | - name: Setup Python 16 | uses: actions/setup-python@v2 17 | with: 18 | python-version: 3.x 19 | 20 | - name: Install Dependencies 21 | run: | 22 | python -m pip install --upgrade pip 23 | pip install requests 24 | shell: bash 25 | 26 | - name: Run Python Script 27 | id: run-python-script 28 | run: | 29 | python ./offsets/update_offsets.py 30 | continue-on-error: true 31 | 32 | - name: Check Python Script Exit Code 33 | if: steps.run-python-script.outcome == 'failure' 34 | run: | 35 | echo "Repository has no updates" 36 | exit 0 37 | 38 | # - name: Commit and push changes 39 | # if: steps.run-python-script.outcome == 'success' 40 | # run: | 41 | # git config --global user.email ${{ secrets.GIT_USER_EMAIL }} 42 | # git config --global user.name ${{ secrets.GIT_USER_NAME }} 43 | # git remote set-url origin https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} 44 | # git add offsets/offsets.json 45 | # git commit -m "Automatically updated offsets from https://github.com/a2x/cs2-dumper" 46 | # git push 47 | # shell: bash 48 | - name: Create Pull Request 49 | id: cpr 50 | uses: peter-evans/create-pull-request@v5 51 | with: 52 | token: ${{ secrets.GITHUB_TOKEN }} 53 | commit-message: Automatically updated offsets from a2x/cs2-dumper 54 | author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> 55 | signoff: false 56 | branch: offset-update 57 | delete-branch: false 58 | title: 'Automatically updated offsets' 59 | body: | 60 | Offsets Updated 61 | - Automatically updated offsets from [cs2-dumper](https://github.com/a2x/cs2-dumper) 62 | labels: | 63 | update-offsets 64 | reviewers: IMXNOOBX 65 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore 5 | 6 | # Ignore all the offsets.json files but the one in the folder offsets for the auto updater 7 | offsets.json 8 | config.json 9 | !offsets/offsets.json 10 | 11 | # User-specific files 12 | *.rsuser 13 | *.suo 14 | *.user 15 | *.userosscache 16 | *.sln.docstates 17 | 18 | # User-specific files (MonoDevelop/Xamarin Studio) 19 | *.userprefs 20 | 21 | # Mono auto generated files 22 | mono_crash.* 23 | 24 | # Build results 25 | [Dd]ebug/ 26 | [Dd]ebugPublic/ 27 | [Rr]elease/ 28 | [Rr]eleases/ 29 | x64/ 30 | x86/ 31 | [Ww][Ii][Nn]32/ 32 | [Aa][Rr][Mm]/ 33 | [Aa][Rr][Mm]64/ 34 | bld/ 35 | [Bb]in/ 36 | [Oo]bj/ 37 | [Ll]og/ 38 | [Ll]ogs/ 39 | 40 | # Visual Studio 2015/2017 cache/options directory 41 | .vs/ 42 | # Uncomment if you have tasks that create the project's static files in wwwroot 43 | #wwwroot/ 44 | 45 | # Visual Studio 2017 auto generated files 46 | Generated\ Files/ 47 | 48 | # MSTest test Results 49 | [Tt]est[Rr]esult*/ 50 | [Bb]uild[Ll]og.* 51 | 52 | # NUnit 53 | *.VisualState.xml 54 | TestResult.xml 55 | nunit-*.xml 56 | 57 | # Build Results of an ATL Project 58 | [Dd]ebugPS/ 59 | [Rr]eleasePS/ 60 | dlldata.c 61 | 62 | # Benchmark Results 63 | BenchmarkDotNet.Artifacts/ 64 | 65 | # .NET Core 66 | project.lock.json 67 | project.fragment.lock.json 68 | artifacts/ 69 | 70 | # ASP.NET Scaffolding 71 | ScaffoldingReadMe.txt 72 | 73 | # StyleCop 74 | StyleCopReport.xml 75 | 76 | # Files built by Visual Studio 77 | *_i.c 78 | *_p.c 79 | *_h.h 80 | *.ilk 81 | *.meta 82 | *.obj 83 | *.iobj 84 | *.pch 85 | *.pdb 86 | *.ipdb 87 | *.pgc 88 | *.pgd 89 | *.rsp 90 | *.sbr 91 | *.tlb 92 | *.tli 93 | *.tlh 94 | *.tmp 95 | *.tmp_proj 96 | *_wpftmp.csproj 97 | *.log 98 | *.tlog 99 | *.vspscc 100 | *.vssscc 101 | .builds 102 | *.pidb 103 | *.svclog 104 | *.scc 105 | 106 | # Chutzpah Test files 107 | _Chutzpah* 108 | 109 | # Visual C++ cache files 110 | ipch/ 111 | *.aps 112 | *.ncb 113 | *.opendb 114 | *.opensdf 115 | *.sdf 116 | *.cachefile 117 | *.VC.db 118 | *.VC.VC.opendb 119 | 120 | # Visual Studio profiler 121 | *.psess 122 | *.vsp 123 | *.vspx 124 | *.sap 125 | 126 | # Visual Studio Trace Files 127 | *.e2e 128 | 129 | # TFS 2012 Local Workspace 130 | $tf/ 131 | 132 | # Guidance Automation Toolkit 133 | *.gpState 134 | 135 | # ReSharper is a .NET coding add-in 136 | _ReSharper*/ 137 | *.[Rr]e[Ss]harper 138 | *.DotSettings.user 139 | 140 | # TeamCity is a build add-in 141 | _TeamCity* 142 | 143 | # DotCover is a Code Coverage Tool 144 | *.dotCover 145 | 146 | # AxoCover is a Code Coverage Tool 147 | .axoCover/* 148 | !.axoCover/settings.json 149 | 150 | # Coverlet is a free, cross platform Code Coverage Tool 151 | coverage*.json 152 | coverage*.xml 153 | coverage*.info 154 | 155 | # Visual Studio code coverage results 156 | *.coverage 157 | *.coveragexml 158 | 159 | # NCrunch 160 | _NCrunch_* 161 | .*crunch*.local.xml 162 | nCrunchTemp_* 163 | 164 | # MightyMoose 165 | *.mm.* 166 | AutoTest.Net/ 167 | 168 | # Web workbench (sass) 169 | .sass-cache/ 170 | 171 | # Installshield output folder 172 | [Ee]xpress/ 173 | 174 | # DocProject is a documentation generator add-in 175 | DocProject/buildhelp/ 176 | DocProject/Help/*.HxT 177 | DocProject/Help/*.HxC 178 | DocProject/Help/*.hhc 179 | DocProject/Help/*.hhk 180 | DocProject/Help/*.hhp 181 | DocProject/Help/Html2 182 | DocProject/Help/html 183 | 184 | # Click-Once directory 185 | publish/ 186 | 187 | # Publish Web Output 188 | *.[Pp]ublish.xml 189 | *.azurePubxml 190 | # Note: Comment the next line if you want to checkin your web deploy settings, 191 | # but database connection strings (with potential passwords) will be unencrypted 192 | *.pubxml 193 | *.publishproj 194 | 195 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 196 | # checkin your Azure Web App publish settings, but sensitive information contained 197 | # in these scripts will be unencrypted 198 | PublishScripts/ 199 | 200 | # NuGet Packages 201 | *.nupkg 202 | # NuGet Symbol Packages 203 | *.snupkg 204 | # The packages folder can be ignored because of Package Restore 205 | **/[Pp]ackages/* 206 | # except build/, which is used as an MSBuild target. 207 | !**/[Pp]ackages/build/ 208 | # Uncomment if necessary however generally it will be regenerated when needed 209 | #!**/[Pp]ackages/repositories.config 210 | # NuGet v3's project.json files produces more ignorable files 211 | *.nuget.props 212 | *.nuget.targets 213 | 214 | # Microsoft Azure Build Output 215 | csx/ 216 | *.build.csdef 217 | 218 | # Microsoft Azure Emulator 219 | ecf/ 220 | rcf/ 221 | 222 | # Windows Store app package directories and files 223 | AppPackages/ 224 | BundleArtifacts/ 225 | Package.StoreAssociation.xml 226 | _pkginfo.txt 227 | *.appx 228 | *.appxbundle 229 | *.appxupload 230 | 231 | # Visual Studio cache files 232 | # files ending in .cache can be ignored 233 | *.[Cc]ache 234 | # but keep track of directories ending in .cache 235 | !?*.[Cc]ache/ 236 | 237 | # Others 238 | ClientBin/ 239 | ~$* 240 | *~ 241 | *.dbmdl 242 | *.dbproj.schemaview 243 | *.jfm 244 | *.pfx 245 | *.publishsettings 246 | orleans.codegen.cs 247 | 248 | # Including strong name files can present a security risk 249 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 250 | #*.snk 251 | 252 | # Since there are multiple workflows, uncomment next line to ignore bower_components 253 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 254 | #bower_components/ 255 | 256 | # RIA/Silverlight projects 257 | Generated_Code/ 258 | 259 | # Backup & report files from converting an old project file 260 | # to a newer Visual Studio version. Backup files are not needed, 261 | # because we have git ;-) 262 | _UpgradeReport_Files/ 263 | Backup*/ 264 | UpgradeLog*.XML 265 | UpgradeLog*.htm 266 | ServiceFabricBackup/ 267 | *.rptproj.bak 268 | 269 | # SQL Server files 270 | *.mdf 271 | *.ldf 272 | *.ndf 273 | 274 | # Business Intelligence projects 275 | *.rdl.data 276 | *.bim.layout 277 | *.bim_*.settings 278 | *.rptproj.rsuser 279 | *- [Bb]ackup.rdl 280 | *- [Bb]ackup ([0-9]).rdl 281 | *- [Bb]ackup ([0-9][0-9]).rdl 282 | 283 | # Microsoft Fakes 284 | FakesAssemblies/ 285 | 286 | # GhostDoc plugin setting file 287 | *.GhostDoc.xml 288 | 289 | # Node.js Tools for Visual Studio 290 | .ntvs_analysis.dat 291 | node_modules/ 292 | 293 | # Visual Studio 6 build log 294 | *.plg 295 | 296 | # Visual Studio 6 workspace options file 297 | *.opt 298 | 299 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 300 | *.vbw 301 | 302 | # Visual Studio 6 auto-generated project file (contains which files were open etc.) 303 | *.vbp 304 | 305 | # Visual Studio 6 workspace and project file (working project files containing files to include in project) 306 | *.dsw 307 | *.dsp 308 | 309 | # Visual Studio 6 technical files 310 | *.ncb 311 | *.aps 312 | 313 | # Visual Studio LightSwitch build output 314 | **/*.HTMLClient/GeneratedArtifacts 315 | **/*.DesktopClient/GeneratedArtifacts 316 | **/*.DesktopClient/ModelManifest.xml 317 | **/*.Server/GeneratedArtifacts 318 | **/*.Server/ModelManifest.xml 319 | _Pvt_Extensions 320 | 321 | # Paket dependency manager 322 | .paket/paket.exe 323 | paket-files/ 324 | 325 | # FAKE - F# Make 326 | .fake/ 327 | 328 | # CodeRush personal settings 329 | .cr/personal 330 | 331 | # Python Tools for Visual Studio (PTVS) 332 | __pycache__/ 333 | *.pyc 334 | 335 | # Cake - Uncomment if you are using it 336 | # tools/** 337 | # !tools/packages.config 338 | 339 | # Tabs Studio 340 | *.tss 341 | 342 | # Telerik's JustMock configuration file 343 | *.jmconfig 344 | 345 | # BizTalk build output 346 | *.btp.cs 347 | *.btm.cs 348 | *.odx.cs 349 | *.xsd.cs 350 | 351 | # OpenCover UI analysis results 352 | OpenCover/ 353 | 354 | # Azure Stream Analytics local run output 355 | ASALocalRun/ 356 | 357 | # MSBuild Binary and Structured Log 358 | *.binlog 359 | 360 | # NVidia Nsight GPU debugger configuration file 361 | *.nvuser 362 | 363 | # MFractors (Xamarin productivity tool) working folder 364 | .mfractor/ 365 | 366 | # Local History for Visual Studio 367 | .localhistory/ 368 | 369 | # Visual Studio History (VSHistory) files 370 | .vshistory/ 371 | 372 | # BeatPulse healthcheck temp database 373 | healthchecksdb 374 | 375 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 376 | MigrationBackup/ 377 | 378 | # Ionide (cross platform F# VS Code tools) working folder 379 | .ionide/ 380 | 381 | # Fody - auto-generated XML schema 382 | FodyWeavers.xsd 383 | 384 | # VS Code files for those working on multiple tools 385 | .vscode/* 386 | !.vscode/settings.json 387 | !.vscode/tasks.json 388 | !.vscode/launch.json 389 | !.vscode/extensions.json 390 | *.code-workspace 391 | 392 | # Local History for Visual Studio Code 393 | .history/ 394 | 395 | # Windows Installer files from build outputs 396 | *.cab 397 | *.msi 398 | *.msix 399 | *.msm 400 | *.msp 401 | 402 | # JetBrains Rider 403 | *.sln.iml 404 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Attribution-NonCommercial 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution-NonCommercial 4.0 International Public 58 | License 59 | 60 | By exercising the Licensed Rights (defined below), You accept and agree 61 | to be bound by the terms and conditions of this Creative Commons 62 | Attribution-NonCommercial 4.0 International Public License ("Public 63 | License"). To the extent this Public License may be interpreted as a 64 | contract, You are granted the Licensed Rights in consideration of Your 65 | acceptance of these terms and conditions, and the Licensor grants You 66 | such rights in consideration of benefits the Licensor receives from 67 | making the Licensed Material available under these terms and 68 | conditions. 69 | 70 | 71 | Section 1 -- Definitions. 72 | 73 | a. Adapted Material means material subject to Copyright and Similar 74 | Rights that is derived from or based upon the Licensed Material 75 | and in which the Licensed Material is translated, altered, 76 | arranged, transformed, or otherwise modified in a manner requiring 77 | permission under the Copyright and Similar Rights held by the 78 | Licensor. For purposes of this Public License, where the Licensed 79 | Material is a musical work, performance, or sound recording, 80 | Adapted Material is always produced where the Licensed Material is 81 | synched in timed relation with a moving image. 82 | 83 | b. Adapter's License means the license You apply to Your Copyright 84 | and Similar Rights in Your contributions to Adapted Material in 85 | accordance with the terms and conditions of this Public License. 86 | 87 | c. Copyright and Similar Rights means copyright and/or similar rights 88 | closely related to copyright including, without limitation, 89 | performance, broadcast, sound recording, and Sui Generis Database 90 | Rights, without regard to how the rights are labeled or 91 | categorized. For purposes of this Public License, the rights 92 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 93 | Rights. 94 | d. Effective Technological Measures means those measures that, in the 95 | absence of proper authority, may not be circumvented under laws 96 | fulfilling obligations under Article 11 of the WIPO Copyright 97 | Treaty adopted on December 20, 1996, and/or similar international 98 | agreements. 99 | 100 | e. Exceptions and Limitations means fair use, fair dealing, and/or 101 | any other exception or limitation to Copyright and Similar Rights 102 | that applies to Your use of the Licensed Material. 103 | 104 | f. Licensed Material means the artistic or literary work, database, 105 | or other material to which the Licensor applied this Public 106 | License. 107 | 108 | g. Licensed Rights means the rights granted to You subject to the 109 | terms and conditions of this Public License, which are limited to 110 | all Copyright and Similar Rights that apply to Your use of the 111 | Licensed Material and that the Licensor has authority to license. 112 | 113 | h. Licensor means the individual(s) or entity(ies) granting rights 114 | under this Public License. 115 | 116 | i. NonCommercial means not primarily intended for or directed towards 117 | commercial advantage or monetary compensation. For purposes of 118 | this Public License, the exchange of the Licensed Material for 119 | other material subject to Copyright and Similar Rights by digital 120 | file-sharing or similar means is NonCommercial provided there is 121 | no payment of monetary compensation in connection with the 122 | exchange. 123 | 124 | j. Share means to provide material to the public by any means or 125 | process that requires permission under the Licensed Rights, such 126 | as reproduction, public display, public performance, distribution, 127 | dissemination, communication, or importation, and to make material 128 | available to the public including in ways that members of the 129 | public may access the material from a place and at a time 130 | individually chosen by them. 131 | 132 | k. Sui Generis Database Rights means rights other than copyright 133 | resulting from Directive 96/9/EC of the European Parliament and of 134 | the Council of 11 March 1996 on the legal protection of databases, 135 | as amended and/or succeeded, as well as other essentially 136 | equivalent rights anywhere in the world. 137 | 138 | l. You means the individual or entity exercising the Licensed Rights 139 | under this Public License. Your has a corresponding meaning. 140 | 141 | 142 | Section 2 -- Scope. 143 | 144 | a. License grant. 145 | 146 | 1. Subject to the terms and conditions of this Public License, 147 | the Licensor hereby grants You a worldwide, royalty-free, 148 | non-sublicensable, non-exclusive, irrevocable license to 149 | exercise the Licensed Rights in the Licensed Material to: 150 | 151 | a. reproduce and Share the Licensed Material, in whole or 152 | in part, for NonCommercial purposes only; and 153 | 154 | b. produce, reproduce, and Share Adapted Material for 155 | NonCommercial purposes only. 156 | 157 | 2. Exceptions and Limitations. For the avoidance of doubt, where 158 | Exceptions and Limitations apply to Your use, this Public 159 | License does not apply, and You do not need to comply with 160 | its terms and conditions. 161 | 162 | 3. Term. The term of this Public License is specified in Section 163 | 6(a). 164 | 165 | 4. Media and formats; technical modifications allowed. The 166 | Licensor authorizes You to exercise the Licensed Rights in 167 | all media and formats whether now known or hereafter created, 168 | and to make technical modifications necessary to do so. The 169 | Licensor waives and/or agrees not to assert any right or 170 | authority to forbid You from making technical modifications 171 | necessary to exercise the Licensed Rights, including 172 | technical modifications necessary to circumvent Effective 173 | Technological Measures. For purposes of this Public License, 174 | simply making modifications authorized by this Section 2(a) 175 | (4) never produces Adapted Material. 176 | 177 | 5. Downstream recipients. 178 | 179 | a. Offer from the Licensor -- Licensed Material. Every 180 | recipient of the Licensed Material automatically 181 | receives an offer from the Licensor to exercise the 182 | Licensed Rights under the terms and conditions of this 183 | Public License. 184 | 185 | b. No downstream restrictions. You may not offer or impose 186 | any additional or different terms or conditions on, or 187 | apply any Effective Technological Measures to, the 188 | Licensed Material if doing so restricts exercise of the 189 | Licensed Rights by any recipient of the Licensed 190 | Material. 191 | 192 | 6. No endorsement. Nothing in this Public License constitutes or 193 | may be construed as permission to assert or imply that You 194 | are, or that Your use of the Licensed Material is, connected 195 | with, or sponsored, endorsed, or granted official status by, 196 | the Licensor or others designated to receive attribution as 197 | provided in Section 3(a)(1)(A)(i). 198 | 199 | b. Other rights. 200 | 201 | 1. Moral rights, such as the right of integrity, are not 202 | licensed under this Public License, nor are publicity, 203 | privacy, and/or other similar personality rights; however, to 204 | the extent possible, the Licensor waives and/or agrees not to 205 | assert any such rights held by the Licensor to the limited 206 | extent necessary to allow You to exercise the Licensed 207 | Rights, but not otherwise. 208 | 209 | 2. Patent and trademark rights are not licensed under this 210 | Public License. 211 | 212 | 3. To the extent possible, the Licensor waives any right to 213 | collect royalties from You for the exercise of the Licensed 214 | Rights, whether directly or through a collecting society 215 | under any voluntary or waivable statutory or compulsory 216 | licensing scheme. In all other cases the Licensor expressly 217 | reserves any right to collect such royalties, including when 218 | the Licensed Material is used other than for NonCommercial 219 | purposes. 220 | 221 | 222 | Section 3 -- License Conditions. 223 | 224 | Your exercise of the Licensed Rights is expressly made subject to the 225 | following conditions. 226 | 227 | a. Attribution. 228 | 229 | 1. If You Share the Licensed Material (including in modified 230 | form), You must: 231 | 232 | a. retain the following if it is supplied by the Licensor 233 | with the Licensed Material: 234 | 235 | i. identification of the creator(s) of the Licensed 236 | Material and any others designated to receive 237 | attribution, in any reasonable manner requested by 238 | the Licensor (including by pseudonym if 239 | designated); 240 | 241 | ii. a copyright notice; 242 | 243 | iii. a notice that refers to this Public License; 244 | 245 | iv. a notice that refers to the disclaimer of 246 | warranties; 247 | 248 | v. a URI or hyperlink to the Licensed Material to the 249 | extent reasonably practicable; 250 | 251 | b. indicate if You modified the Licensed Material and 252 | retain an indication of any previous modifications; and 253 | 254 | c. indicate the Licensed Material is licensed under this 255 | Public License, and include the text of, or the URI or 256 | hyperlink to, this Public License. 257 | 258 | 2. You may satisfy the conditions in Section 3(a)(1) in any 259 | reasonable manner based on the medium, means, and context in 260 | which You Share the Licensed Material. For example, it may be 261 | reasonable to satisfy the conditions by providing a URI or 262 | hyperlink to a resource that includes the required 263 | information. 264 | 265 | 3. If requested by the Licensor, You must remove any of the 266 | information required by Section 3(a)(1)(A) to the extent 267 | reasonably practicable. 268 | 269 | 4. If You Share Adapted Material You produce, the Adapter's 270 | License You apply must not prevent recipients of the Adapted 271 | Material from complying with this Public License. 272 | 273 | 274 | Section 4 -- Sui Generis Database Rights. 275 | 276 | Where the Licensed Rights include Sui Generis Database Rights that 277 | apply to Your use of the Licensed Material: 278 | 279 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 280 | to extract, reuse, reproduce, and Share all or a substantial 281 | portion of the contents of the database for NonCommercial purposes 282 | only; 283 | 284 | b. if You include all or a substantial portion of the database 285 | contents in a database in which You have Sui Generis Database 286 | Rights, then the database in which You have Sui Generis Database 287 | Rights (but not its individual contents) is Adapted Material; and 288 | 289 | c. You must comply with the conditions in Section 3(a) if You Share 290 | all or a substantial portion of the contents of the database. 291 | 292 | For the avoidance of doubt, this Section 4 supplements and does not 293 | replace Your obligations under this Public License where the Licensed 294 | Rights include other Copyright and Similar Rights. 295 | 296 | 297 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 298 | 299 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 300 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 301 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 302 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 303 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 304 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 305 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 306 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 307 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 308 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 309 | 310 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 311 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 312 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 313 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 314 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 315 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 316 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 317 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 318 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 319 | 320 | c. The disclaimer of warranties and limitation of liability provided 321 | above shall be interpreted in a manner that, to the extent 322 | possible, most closely approximates an absolute disclaimer and 323 | waiver of all liability. 324 | 325 | 326 | Section 6 -- Term and Termination. 327 | 328 | a. This Public License applies for the term of the Copyright and 329 | Similar Rights licensed here. However, if You fail to comply with 330 | this Public License, then Your rights under this Public License 331 | terminate automatically. 332 | 333 | b. Where Your right to use the Licensed Material has terminated under 334 | Section 6(a), it reinstates: 335 | 336 | 1. automatically as of the date the violation is cured, provided 337 | it is cured within 30 days of Your discovery of the 338 | violation; or 339 | 340 | 2. upon express reinstatement by the Licensor. 341 | 342 | For the avoidance of doubt, this Section 6(b) does not affect any 343 | right the Licensor may have to seek remedies for Your violations 344 | of this Public License. 345 | 346 | c. For the avoidance of doubt, the Licensor may also offer the 347 | Licensed Material under separate terms or conditions or stop 348 | distributing the Licensed Material at any time; however, doing so 349 | will not terminate this Public License. 350 | 351 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 352 | License. 353 | 354 | 355 | Section 7 -- Other Terms and Conditions. 356 | 357 | a. The Licensor shall not be bound by any additional or different 358 | terms or conditions communicated by You unless expressly agreed. 359 | 360 | b. Any arrangements, understandings, or agreements regarding the 361 | Licensed Material not stated herein are separate from and 362 | independent of the terms and conditions of this Public License. 363 | 364 | 365 | Section 8 -- Interpretation. 366 | 367 | a. For the avoidance of doubt, this Public License does not, and 368 | shall not be interpreted to, reduce, limit, restrict, or impose 369 | conditions on any use of the Licensed Material that could lawfully 370 | be made without permission under this Public License. 371 | 372 | b. To the extent possible, if any provision of this Public License is 373 | deemed unenforceable, it shall be automatically reformed to the 374 | minimum extent necessary to make it enforceable. If the provision 375 | cannot be reformed, it shall be severed from this Public License 376 | without affecting the enforceability of the remaining terms and 377 | conditions. 378 | 379 | c. No term or condition of this Public License will be waived and no 380 | failure to comply consented to unless expressly agreed to by the 381 | Licensor. 382 | 383 | d. Nothing in this Public License constitutes or may be interpreted 384 | as a limitation upon, or waiver of, any privileges and immunities 385 | that apply to the Licensor or You, including from the legal 386 | processes of any jurisdiction or authority. 387 | 388 | ======================================================================= 389 | 390 | Creative Commons is not a party to its public 391 | licenses. Notwithstanding, Creative Commons may elect to apply one of 392 | its public licenses to material it publishes and in those instances 393 | will be considered the “Licensor.” The text of the Creative Commons 394 | public licenses is dedicated to the public domain under the CC0 Public 395 | Domain Dedication. Except for the limited purpose of indicating that 396 | material is shared under a Creative Commons public license or as 397 | otherwise permitted by the Creative Commons policies published at 398 | creativecommons.org/policies, Creative Commons does not authorize the 399 | use of the trademark "Creative Commons" or any other trademark or logo 400 | of Creative Commons without its prior written consent including, 401 | without limitation, in connection with any unauthorized modifications 402 | to any of its public licenses or any other arrangements, 403 | understandings, or agreements concerning use of licensed material. For 404 | the avoidance of doubt, this paragraph does not form part of the 405 | public licenses. 406 | 407 | Creative Commons may be contacted at creativecommons.org. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🎡 CS2 External ESP 2 | 3 | Simple external ESP for Counter-Strike 2 using the GDI overlay to render esp boxes on top of CS2, highlighting your enemies and teammates including their health and name. If you want to check out Discord overlay rendering check the [discord-overlay-esp](https://github.com/IMXNOOBX/cs2-external-esp/tree/discord-overlay) tree. 4 | 5 | ### Make sure you 🌟 the project if you like it ❤ 6 | 7 | ## Video Showcase 8 | 9 | [![Cs2ESP](.github/image.png)](https://youtu.be/SV_lddIxQ5w) 10 | ## 🌳 Simple Use 11 | 12 | * Releases have been removed in order to be allowed in UnknownCheats, so the binaries are published there. 13 | 1. Go to the UnknownCheats post [**cs2-external-esp**](https://www.unknowncheats.me/forum/counter-strike-2-a/600259-cs2-external-esp.html) 14 | 2. Click on the binary file you want to download and download it. 15 | 3. Open the binary file and CS2 (Doesn't matter which one goes first (If you are having issues with ESP not showing, wait to open till in game)) 16 | ❗ Make sure your game is in full screen windowed 17 | 18 | ## 💧 Repository Update 19 | 20 | * If you have updated the offsets, and want to share it with everyone follow these steps 21 | 22 | 1. Create a [pull request](https://github.com/IMXNOOBX/cs2-external-esp/pulls) and provide just the `offsets/offsets.json` updated file in the pull request. If there are any other files modified it will be denied. 23 | 24 | 2. Provide a valid image that the esp is working on the latest version on the game 25 | 26 | 3. The commit will be merged into the main branch once verified and all the users will be able to update it! 27 | 28 | ## ✔ Manually Update 29 | 30 | * To manually update the ESP offsets I have included an offsets.json file which will be created once opened. 31 | 32 | Currently there are two ways to get the latest offsets. 33 | 1. Manually updating them 34 | 1.1a Go to this [UnknownCheats thread](https://www.unknowncheats.me/forum/counter-strike-2-a/576077-counter-strike-2-reversal-structs-offsets.html) and find the latest offsets posted by the community 35 | 1.1b Or go to the [cs2-dumper](https://github.com/a2x/cs2-dumper) repository and find the latest offsets 36 | 37 | 1.2 You will find something like this 38 | 39 | ```cpp 40 | #define dwLocalPlayer 0x1715418 // This is hexadecimal 41 | ``` 42 | 43 | 1.3 You will have to translate it to decimal and put it in the offsets file next to the ESP executable like so, you can use [**this website**](https://www.rapidtables.com/convert/number/hex-to-decimal.html) 44 | 45 | ```json 46 | { 47 | "dwLocalPlayer": 24204312, // To decimal 48 | ... 49 | } 50 | ``` 51 | 52 | 2. Automatically updating them using a script 53 | 2.1 Download the `update_offsets.py` script and `offsets.json` file from [the offsets folder](https://github.com/IMXNOOBX/cs2-external-esp/tree/main/offsets) in this repository 54 | 2.2 Put the `update_offsets.py` script next to the `offsets.json` file found next to your ESP executable 55 | 2.3 Run `update_offsets.py`, the offsets will be automatically written to `offsets.json` 56 | 57 | ## 📘 Developer Instructions 58 | 59 | 1. Build the program using **Visual Studio 2022** 60 | - Build: **`x64 - Release`** 61 | 62 | 2. Locate your binary file in the folder `/`, e.g., `x64/Release`. 63 | 64 | * ❕ In case the offsets get outdated (Every game update), you could check UnnamedZ03's repository for the updated ones [here](https://github.com/UnnamedZ03/CS2-external-base/blob/58466cd7feba2fbcf5ab49b0dbbdc7bcd6d7df58/source/CSSPlayer.hpp#L3-L15) 65 | 66 | ## 💫 Credits 67 | 68 | * [UnnamedZ03](https://github.com/UnnamedZ03) for providing [offsets](https://www.unknowncheats.me/forum/3846642-post734.html) and guide with his [CS2-external-base](https://github.com/UnnamedZ03/CS2-external-base) 69 | * [a2x](https://github.com/a2x) for his [offset dumper](https://github.com/a2x/cs2-dumper) and constant updates to it 70 | * [ifBars](https://github.com/ifBars) for his [contributions](https://github.com/IMXNOOBX/cs2-external-esp/pull/37) to the project and ideas 71 | * [Bekston](https://github.com/Bekston) for his [contributions](https://github.com/IMXNOOBX/cs2-external-esp/pull/20) to the project and ideas 72 | * [Apxaey](https://github.com/Apxaey) for releasing an easy way to implement [handle hijacking](https://github.com/Apxaey/Handle-Hijacking-Anti-Cheat-Bypass) 73 | * The UnknownCheats comumnity for their research! 74 | 75 | # 🔖 License & Copyright 76 | 77 | This project is licensed under [**CC BY-NC 4.0**](https://creativecommons.org/licenses/by-nc/4.0/). 78 | ```diff 79 | + You are free to: 80 | • Share: Copy and redistribute the material in any medium or format. 81 | • Adapt: Remix, transform, and build upon the material. 82 | + Under the following terms: 83 | • Attribution: You must give appropriate credit, provide a link to the original source repository, and indicate if changes were made. 84 | • Non-Commercial: You may not use the material for commercial purposes. 85 | - You are not allowed to: 86 | • Sell: This license forbids selling original or modified material for commercial purposes. 87 | • Sublicense: This license forbids sublicensing original or modified material. 88 | ``` 89 | ### ©️ Copyright 90 | The content of this project is ©️ by [IMXNOOBX](https://github.com/IMXNOOBX) and the respective contributors. See the [LICENSE.md](LICENSE.md) file for details. 91 | -------------------------------------------------------------------------------- /cs2-external-esp.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.5.33627.172 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cs2-external-esp", "memory-external\memory-external.vcxproj", "{B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|x64 = Debug|x64 11 | Debug|x86 = Debug|x86 12 | Release|x64 = Release|x64 13 | Release|x86 = Release|x86 14 | Unknowncheats|x64 = Unknowncheats|x64 15 | Unknowncheats|x86 = Unknowncheats|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Debug|x64.ActiveCfg = Debug|x64 19 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Debug|x64.Build.0 = Debug|x64 20 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Debug|x86.ActiveCfg = Debug|Win32 21 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Debug|x86.Build.0 = Debug|Win32 22 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Release|x64.ActiveCfg = Release|x64 23 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Release|x64.Build.0 = Release|x64 24 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Release|x86.ActiveCfg = Release|Win32 25 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Release|x86.Build.0 = Release|Win32 26 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Unknowncheats|x64.ActiveCfg = Unknowncheats|x64 27 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Unknowncheats|x64.Build.0 = Unknowncheats|x64 28 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Unknowncheats|x86.ActiveCfg = Unknowncheats|Win32 29 | {B87AB66D-73CC-48A1-9D3A-76B2ECBD3A64}.Unknowncheats|x86.Build.0 = Unknowncheats|Win32 30 | EndGlobalSection 31 | GlobalSection(SolutionProperties) = preSolution 32 | HideSolutionNode = FALSE 33 | EndGlobalSection 34 | GlobalSection(ExtensibilityGlobals) = postSolution 35 | SolutionGuid = {063DD42C-122E-4C4F-8197-C778238B160A} 36 | EndGlobalSection 37 | EndGlobal 38 | -------------------------------------------------------------------------------- /memory-external/classes/auto_updater.cpp: -------------------------------------------------------------------------------- 1 | #include "auto_updater.hpp" 2 | 3 | 4 | namespace updater { 5 | #ifndef _UC 6 | bool check_and_update(bool automatic_update) { 7 | json commit; 8 | if (!get_last_commit_date(commit)) { 9 | std::cout << "[updater] error getting last commit information from GitHub" << std::endl; 10 | return false; 11 | } 12 | 13 | std::string last_commit_date = commit["date"]; 14 | std::string last_commit_author_name = commit["name"]; 15 | 16 | std::cout << "[updater] Last GitHub repository update was made by " << last_commit_author_name << " on " << last_commit_date.substr(0, 10) << std::endl; 17 | 18 | // Parse the GitHub date string and convert it to a std::tm structure 19 | std::tm commit_date = {}; 20 | std::istringstream(last_commit_date) >> std::get_time(&commit_date, "%Y-%m-%dT%H:%M:%SZ"); 21 | 22 | std::chrono::system_clock::time_point commitTimePoint = std::chrono::system_clock::from_time_t(std::mktime(&commit_date)); 23 | 24 | if (file_good("offsets.json")) { 25 | fs::file_time_type lastModifiedTime = fs::last_write_time("offsets.json"); 26 | auto lastModifiedClockTime = std::chrono::time_point_cast( 27 | lastModifiedTime - fs::file_time_type::clock::now() + std::chrono::system_clock::now()); 28 | 29 | // Check if the local file is older than the last GitHub commit 30 | if (lastModifiedClockTime < commitTimePoint) { 31 | std::cout << "[updater] Local file is older than the last GitHub commit." << std::endl; 32 | 33 | char response; 34 | if (!automatic_update) { 35 | std::cout << "[updater] Do you want to download the latest offsets? (y/n): "; 36 | std::cin >> response; 37 | } 38 | 39 | if (automatic_update || (response == 'Y' || response == 'y')) { 40 | if (download_file(raw_updated_offets.c_str(), "offsets.json")) { 41 | std::cout << "[updater] Successfully downloaded latest offsets.json file\n" << std::endl; 42 | return true; 43 | } 44 | else { 45 | std::cout << "[updater] Error: Failed to download file, try downloading manually from " << raw_updated_offets << "\n" << std::endl; 46 | } 47 | } 48 | 49 | } 50 | else { 51 | std::cout << "[updater] Local file is up to date.\n" << std::endl; 52 | } 53 | } 54 | else { 55 | 56 | 57 | char response; 58 | if (!automatic_update) { 59 | std::cout << "[updater] Do you want to download the latest offsets? (y/n): "; 60 | std::cin >> response; 61 | } 62 | 63 | if (automatic_update || (response == 'Y' || response == 'y')) { 64 | if (download_file(raw_updated_offets.c_str(), "offsets.json")) { 65 | std::cout << "[updater] Successfully downloaded latest offsets.json file\n" << std::endl; 66 | return true; 67 | } 68 | else { 69 | std::cout << "[updater] Error: Failed to download file, try downloading manually from " << raw_updated_offets << "\n" << std::endl; 70 | } 71 | } 72 | } 73 | 74 | return false; 75 | } 76 | 77 | bool get_last_commit_date(json& commit) { 78 | HINTERNET hInternet, hConnect; 79 | 80 | hInternet = InternetOpen("AutoUpdater", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 81 | if (!hInternet) { 82 | return false; 83 | } 84 | 85 | hConnect = InternetOpenUrlA(hInternet, github_repo_api.c_str(), NULL, 0, INTERNET_FLAG_RELOAD, 0); 86 | if (!hConnect) { 87 | InternetCloseHandle(hInternet); 88 | return false; 89 | } 90 | 91 | char buffer[4096]; 92 | DWORD bytesRead; 93 | std::string commitData; 94 | 95 | while (InternetReadFile(hConnect, buffer, sizeof(buffer), &bytesRead) && bytesRead > 0) { 96 | commitData.append(buffer, bytesRead); 97 | } 98 | 99 | json data; 100 | try { 101 | data = json::parse(commitData); 102 | } 103 | catch (const std::exception& e) { 104 | std::cout << "[updater] exception while parsing json response from github" << std::endl; 105 | return false; 106 | } 107 | 108 | if (data.empty()) 109 | return false; 110 | 111 | if (data.is_array()) { 112 | json last_commit = data[0]; 113 | json last_commit_author = last_commit["commit"]["author"]; 114 | 115 | commit = last_commit_author; 116 | } 117 | 118 | InternetCloseHandle(hConnect); 119 | InternetCloseHandle(hInternet); 120 | 121 | return true; 122 | } 123 | 124 | bool download_file(const char* url, const char* localPath) { 125 | HINTERNET hInternet, hConnect; 126 | 127 | hInternet = InternetOpen("AutoUpdater", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0); 128 | if (!hInternet) { 129 | std::cerr << "InternetOpen failed." << std::endl; 130 | return false; 131 | } 132 | 133 | hConnect = InternetOpenUrlA(hInternet, url, NULL, 0, INTERNET_FLAG_RELOAD, 0); 134 | if (!hConnect) { 135 | std::cerr << "InternetOpenUrlA failed." << std::endl; 136 | InternetCloseHandle(hInternet); 137 | return false; 138 | } 139 | 140 | std::ofstream outFile(localPath, std::ios::binary); 141 | if (!outFile) { 142 | std::cerr << "Failed to create local file." << std::endl; 143 | InternetCloseHandle(hConnect); 144 | InternetCloseHandle(hInternet); 145 | return false; 146 | } 147 | 148 | char buffer[4096]; 149 | DWORD bytesRead; 150 | 151 | while (InternetReadFile(hConnect, buffer, sizeof(buffer), &bytesRead) && bytesRead > 0) { 152 | outFile.write(buffer, bytesRead); 153 | } 154 | 155 | outFile.close(); 156 | InternetCloseHandle(hConnect); 157 | InternetCloseHandle(hInternet); 158 | 159 | return true; 160 | } 161 | #endif 162 | 163 | bool file_good(const std::string& name) { 164 | std::ifstream f(name.c_str()); 165 | return f.good(); 166 | } 167 | 168 | bool read() { 169 | if (!updater::file_good(file_path)) { 170 | save(); 171 | return false; 172 | } 173 | 174 | std::ifstream f(file_path); 175 | 176 | json data; 177 | try { 178 | data = json::parse(f); 179 | } 180 | catch (const std::exception& e) { 181 | save(); 182 | } 183 | 184 | if (data.empty()) 185 | return false; 186 | 187 | if (data["build_number"].is_number()) 188 | build_number = data["build_number"]; 189 | 190 | /* little cross compatibility with older builds */ 191 | if (data["dwLocalPlayer"].is_number()) 192 | offsets::dwLocalPlayerController = data["dwLocalPlayer"]; 193 | if (data["dwLocalPlayerController"].is_number()) 194 | offsets::dwLocalPlayerController = data["dwLocalPlayerController"]; 195 | if (data["dwEntityList"].is_number()) 196 | offsets::dwEntityList = data["dwEntityList"]; 197 | if (data["dwViewMatrix"].is_number()) 198 | offsets::dwViewMatrix = data["dwViewMatrix"]; 199 | if (data["dwBuildNumber"].is_number()) 200 | offsets::dwBuildNumber = data["dwBuildNumber"]; 201 | if (data["dwPlantedC4"].is_number()) 202 | offsets::dwPlantedC4 = data["dwPlantedC4"]; 203 | 204 | if (data["m_flC4Blow"].is_number()) 205 | offsets::m_flC4Blow = data["m_flC4Blow"]; 206 | if (data["m_flNextBeep"].is_number()) 207 | offsets::m_flNextBeep = data["m_flNextBeep"]; 208 | if (data["m_flTimerLength"].is_number()) 209 | offsets::m_flTimerLength = data["m_flTimerLength"]; 210 | 211 | if (data["m_pInGameMoneyServices"].is_number()) 212 | offsets::m_pInGameMoneyServices = data["m_pInGameMoneyServices"]; 213 | if (data["m_iAccount"].is_number()) 214 | offsets::m_iAccount = data["m_iAccount"]; 215 | if (data["m_vecAbsOrigin"].is_number()) 216 | offsets::m_vecAbsOrigin = data["m_vecAbsOrigin"]; 217 | if (data["m_vOldOrigin"].is_number()) 218 | offsets::m_vOldOrigin = data["m_vOldOrigin"]; 219 | if (data["m_pGameSceneNode"].is_number()) 220 | offsets::m_pGameSceneNode = data["m_pGameSceneNode"]; 221 | if (data["m_flFlashOverlayAlpha"].is_number()) 222 | offsets::m_flFlashOverlayAlpha = data["m_flFlashOverlayAlpha"]; 223 | if (data["m_bIsDefusing"].is_number()) 224 | offsets::m_bIsDefusing = data["m_bIsDefusing"]; 225 | if (data["m_szName"].is_number()) 226 | offsets::m_szName = data["m_szName"]; 227 | if (data["m_pClippingWeapon"].is_number()) 228 | offsets::m_pClippingWeapon = data["m_pClippingWeapon"]; 229 | if (data["m_ArmorValue"].is_number()) 230 | offsets::m_ArmorValue = data["m_ArmorValue"]; 231 | if (data["m_iHealth"].is_number()) 232 | offsets::m_iHealth = data["m_iHealth"]; 233 | if (data["m_hPlayerPawn"].is_number()) 234 | offsets::m_hPlayerPawn = data["m_hPlayerPawn"]; 235 | if (data["dwSanitizedName"].is_number()) 236 | offsets::m_sSanitizedPlayerName = data["m_sSanitizedPlayerName"]; 237 | if (data["m_iTeamNum"].is_number()) 238 | offsets::m_iTeamNum = data["m_iTeamNum"]; 239 | 240 | return true; 241 | } 242 | 243 | void save() { 244 | json data; 245 | 246 | data["build_number"] = build_number; 247 | 248 | data["dwLocalPlayerController"] = offsets::dwLocalPlayerController; 249 | data["dwEntityList"] = offsets::dwEntityList; 250 | data["dwViewMatrix"] = offsets::dwViewMatrix; 251 | data["dwBuildNumber"] = offsets::dwBuildNumber; 252 | data["dwPlantedC4"] = offsets::dwPlantedC4; 253 | 254 | data["m_flNextBeep"] = offsets::m_flNextBeep; 255 | data["m_flC4Blow"] = offsets::m_flC4Blow; 256 | data["m_flTimerLength"] = offsets::m_flTimerLength; 257 | 258 | data["m_pInGameMoneyServices"] = offsets::m_pInGameMoneyServices; 259 | data["m_iAccount"] = offsets::m_iAccount; 260 | data["m_vecAbsOrigin"] = offsets::m_vecAbsOrigin; 261 | data["m_vOldOrigin"] = offsets::m_vOldOrigin; 262 | data["m_pGameSceneNode"] = offsets::m_pGameSceneNode; 263 | data["m_flFlashOverlayAlpha"] = offsets::m_flFlashOverlayAlpha; 264 | data["m_bIsDefusing"] = offsets::m_bIsDefusing; 265 | data["m_szName"] = offsets::m_szName; 266 | data["m_pClippingWeapon"] = offsets::m_pClippingWeapon; 267 | data["m_ArmorValue"] = offsets::m_ArmorValue; 268 | data["m_iHealth"] = offsets::m_iHealth; 269 | data["m_hPlayerPawn"] = offsets::m_hPlayerPawn; 270 | data["m_sSanitizedPlayerName"] = offsets::m_sSanitizedPlayerName; 271 | data["m_iTeamNum"] = offsets::m_iTeamNum; 272 | 273 | std::ofstream output(file_path); 274 | output << std::setw(4) << data << std::endl; 275 | output.close(); 276 | } 277 | } 278 | -------------------------------------------------------------------------------- /memory-external/classes/auto_updater.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include "json.hpp" 12 | 13 | using json = nlohmann::json; 14 | namespace fs = std::filesystem; 15 | 16 | 17 | namespace updater { 18 | const std::string file_path = "offsets.json"; 19 | 20 | #ifndef _UC 21 | bool check_and_update(bool prompt_update); 22 | bool get_last_commit_date(json& commit); 23 | bool download_file(const char* url, const char* localPath); 24 | #endif 25 | bool file_good(const std::string& name); 26 | 27 | extern bool read(); 28 | extern void save(); 29 | 30 | const inline std::string github_repo_api = "https://api.github.com/repos/IMXNOOBX/cs2-external-esp/commits"; 31 | const inline std::string raw_updated_offets = "https://github.com/IMXNOOBX/cs2-external-esp/raw/main/offsets/offsets.json"; 32 | 33 | inline int build_number = 0; 34 | 35 | namespace offsets { 36 | inline std::ptrdiff_t dwLocalPlayerController = 0x0; 37 | inline std::ptrdiff_t dwEntityList = 0x0; 38 | inline std::ptrdiff_t dwViewMatrix = 0x0; 39 | inline std::ptrdiff_t dwBuildNumber = 0x0; 40 | inline std::ptrdiff_t dwPlantedC4 = 0x0; 41 | 42 | inline std::ptrdiff_t m_flC4Blow = 0x0; 43 | inline std::ptrdiff_t m_flNextBeep = 0x0; 44 | inline std::ptrdiff_t m_flTimerLength = 0x0; 45 | 46 | inline std::ptrdiff_t m_pInGameMoneyServices = 0x0; 47 | inline std::ptrdiff_t m_iAccount = 0x0; 48 | inline std::ptrdiff_t m_vecAbsOrigin = 0x0; 49 | inline std::ptrdiff_t m_vOldOrigin = 0x0; 50 | inline std::ptrdiff_t m_pGameSceneNode = 0x0; 51 | inline std::ptrdiff_t m_flFlashOverlayAlpha = 0x0; 52 | inline std::ptrdiff_t m_bIsDefusing = 0x0; 53 | inline std::ptrdiff_t m_szName = 0x0; 54 | inline std::ptrdiff_t m_pClippingWeapon = 0x0; 55 | inline std::ptrdiff_t m_ArmorValue = 0x0; 56 | inline std::ptrdiff_t m_iHealth = 0x0; 57 | inline std::ptrdiff_t m_hPlayerPawn = 0x0; 58 | inline std::ptrdiff_t m_sSanitizedPlayerName = 0x0; 59 | inline std::ptrdiff_t m_iTeamNum = 0x0; 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /memory-external/classes/config.cpp: -------------------------------------------------------------------------------- 1 | #include "config.hpp" 2 | 3 | namespace config { 4 | bool read() { 5 | if (!updater::file_good(file_path)) { 6 | save(); 7 | return false; 8 | } 9 | 10 | std::ifstream f(file_path); 11 | 12 | json data; 13 | try { 14 | data = json::parse(f); 15 | } 16 | catch (const std::exception& e) { 17 | save(); 18 | } 19 | 20 | if (data.empty()) 21 | return false; 22 | 23 | if (data["show_box_esp"].is_boolean()) 24 | show_box_esp = data["show_box_esp"]; 25 | if (data["show_skeleton_esp"].is_boolean()) 26 | show_skeleton_esp = data["show_skeleton_esp"]; 27 | if (data["show_head_tracker"].is_boolean()) 28 | show_head_tracker = data["show_head_tracker"]; 29 | if (data["team_esp"].is_boolean()) 30 | team_esp = data["team_esp"]; 31 | if (data["automatic_update"].is_boolean()) 32 | automatic_update = data["automatic_update"]; 33 | if (data["render_distance"].is_number()) 34 | render_distance = data["render_distance"]; 35 | if (data["flag_render_distance"].is_number()) 36 | flag_render_distance = data["flag_render_distance"]; 37 | if (data["show_extra_flags"].is_boolean()) 38 | show_extra_flags = data["show_extra_flags"]; 39 | 40 | if (data.find("esp_box_color_team") != data.end()) { 41 | esp_box_color_team = { 42 | data["esp_box_color_team"][0].get(), 43 | data["esp_box_color_team"][1].get(), 44 | data["esp_box_color_team"][2].get() 45 | }; 46 | } 47 | 48 | if (data.find("esp_box_color_enemy") != data.end()) { 49 | esp_box_color_enemy = { 50 | data["esp_box_color_enemy"][0].get(), 51 | data["esp_box_color_enemy"][1].get(), 52 | data["esp_box_color_enemy"][2].get() 53 | }; 54 | } 55 | 56 | if (data.find("esp_skeleton_color_team") != data.end()) { 57 | esp_box_color_team = { 58 | data["esp_skeleton_color_team"][0].get(), 59 | data["esp_skeleton_color_team"][1].get(), 60 | data["esp_skeleton_color_team"][2].get() 61 | }; 62 | } 63 | 64 | if (data.find("esp_skeleton_color_enemy") != data.end()) { 65 | esp_box_color_enemy = { 66 | data["esp_skeleton_color_enemy"][0].get(), 67 | data["esp_skeleton_color_enemy"][1].get(), 68 | data["esp_skeleton_color_enemy"][2].get() 69 | }; 70 | } 71 | 72 | if (data.find("esp_name_color") != data.end()) { 73 | esp_name_color = { 74 | data["esp_name_color"][0].get(), 75 | data["esp_name_color"][1].get(), 76 | data["esp_name_color"][2].get() 77 | }; 78 | } 79 | 80 | if (data.find("esp_distance_color") != data.end()) { 81 | esp_distance_color = { 82 | data["esp_distance_color"][0].get(), 83 | data["esp_distance_color"][1].get(), 84 | data["esp_distance_color"][2].get() 85 | }; 86 | } 87 | 88 | //if (data["rainbow"].is_boolean()) 89 | // rainbow = data["rainbow"]; 90 | //if (data["rainbow_speed"].is_number()) 91 | // rainbow_speed = data["rainbow_speed"]; 92 | 93 | return true; 94 | } 95 | 96 | void save() { 97 | json data; 98 | 99 | data["show_box_esp"] = show_box_esp; 100 | data["show_skeleton_esp"] = show_skeleton_esp; 101 | data["show_head_tracker"] = show_head_tracker; 102 | data["team_esp"] = team_esp; 103 | data["automatic_update"] = automatic_update; 104 | data["render_distance"] = render_distance; 105 | data["flag_render_distance"] = flag_render_distance; 106 | data["show_extra_flags"] = show_extra_flags; 107 | 108 | data["esp_box_color_team"] = { esp_box_color_team.r, esp_box_color_team.g, esp_box_color_team.b }; 109 | data["esp_box_color_enemy"] = { esp_box_color_enemy.r, esp_box_color_enemy.g, esp_box_color_enemy.b }; 110 | data["esp_skeleton_color_team"] = { esp_box_color_team.r, esp_box_color_team.g, esp_box_color_team.b }; 111 | data["esp_skeleton_color_enemy"] = { esp_box_color_enemy.r, esp_box_color_enemy.g, esp_box_color_enemy.b }; 112 | data["esp_name_color"] = { esp_name_color.r, esp_name_color.g, esp_name_color.b }; 113 | data["esp_distance_color"] = { esp_distance_color.r, esp_distance_color.g, esp_distance_color.b }; 114 | 115 | //data["rainbow"] = rainbow; 116 | //data["rainbow_speed"] = rainbow_speed; 117 | 118 | std::ofstream output(file_path); 119 | output << std::setw(4) << data << std::endl; 120 | output.close(); 121 | 122 | utils.update_console_title(); 123 | } 124 | } 125 | -------------------------------------------------------------------------------- /memory-external/classes/config.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "utils.h" 4 | #include "json.hpp" 5 | #include "auto_updater.hpp" 6 | 7 | using json = nlohmann::json; 8 | 9 | struct RGB { 10 | int r; 11 | int g; 12 | int b; 13 | 14 | // Conversion function from RGB to COLORREF 15 | operator COLORREF() const { 16 | return RGB(r, g, b); 17 | } 18 | }; 19 | 20 | namespace config { 21 | const std::string file_path = "config.json"; 22 | 23 | extern bool read(); 24 | extern void save(); 25 | 26 | inline bool automatic_update = false; 27 | inline bool team_esp = false; 28 | inline float render_distance = -1.f; 29 | inline int flag_render_distance = 200; 30 | inline bool show_box_esp = true; 31 | inline bool show_skeleton_esp = false; 32 | inline bool show_head_tracker = false; 33 | inline bool show_extra_flags = false; 34 | 35 | inline RGB esp_box_color_team = { 75, 175, 75 }; 36 | inline RGB esp_box_color_enemy = { 225, 75, 75 }; 37 | inline RGB esp_skeleton_color_team = { 75, 175, 75 }; 38 | inline RGB esp_skeleton_color_enemy = { 225, 75, 75 }; 39 | inline RGB esp_name_color = { 75, 75, 175 }; 40 | inline RGB esp_distance_color = { 75, 75, 175 }; 41 | } 42 | -------------------------------------------------------------------------------- /memory-external/classes/globals.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | namespace g { 5 | inline HDC hdcBuffer = NULL; 6 | inline HBITMAP hbmBuffer = NULL; 7 | 8 | RECT gameBounds; 9 | } 10 | -------------------------------------------------------------------------------- /memory-external/classes/render.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | namespace render 5 | { 6 | void DrawLine(HDC hdc, int x1, int y1, int x2, int y2, COLORREF color) 7 | { 8 | HPEN hPen = CreatePen(PS_SOLID, 2, color); 9 | HPEN hOldPen = (HPEN)SelectObject(hdc, hPen); 10 | 11 | MoveToEx(hdc, x1, y1, NULL); 12 | LineTo(hdc, x2, y2); 13 | 14 | SelectObject(hdc, hOldPen); 15 | DeleteObject(hPen); 16 | } 17 | 18 | void DrawCircle(HDC hdc, int x, int y, int radius, COLORREF color) 19 | { 20 | HPEN hPen = CreatePen(PS_SOLID, 2, color); 21 | HPEN hOldPen = (HPEN)SelectObject(hdc, hPen); 22 | 23 | Arc(hdc, x - radius, y - radius, x + radius, y + radius * 1.5, 0, 0, 0, 0); 24 | 25 | SelectObject(hdc, hOldPen); 26 | DeleteObject(hPen); 27 | } 28 | 29 | void DrawBorderBox(HDC hdc, int x, int y, int w, int h, COLORREF borderColor) 30 | { 31 | HBRUSH hBorderBrush = CreateSolidBrush(borderColor); 32 | HBRUSH hOldBrush = (HBRUSH)SelectObject(hdc, hBorderBrush); 33 | 34 | RECT rect = {x, y, x + w, y + h}; 35 | FrameRect(hdc, &rect, hBorderBrush); 36 | 37 | SelectObject(hdc, hOldBrush); // Restore the original brush 38 | DeleteObject(hBorderBrush); // Delete the temporary brush 39 | } 40 | 41 | void DrawFilledBox(HDC hdc, int x, int y, int width, int height, COLORREF color) 42 | { 43 | HBRUSH hBrush = CreateSolidBrush(color); 44 | RECT rect = {x, y, x + width, y + height}; 45 | FillRect(hdc, &rect, hBrush); 46 | DeleteObject(hBrush); 47 | } 48 | 49 | void SetTextSize(HDC hdc, int textSize) 50 | { 51 | LOGFONT lf; 52 | HFONT hFont, hOldFont; 53 | 54 | // Initialize the LOGFONT structure 55 | ZeroMemory(&lf, sizeof(LOGFONT)); 56 | lf.lfHeight = -textSize; // Set the desired text height (negative for height) 57 | lf.lfWeight = FW_NORMAL; // Set the font weight (e.g., FW_NORMAL for normal) 58 | lf.lfQuality = ANTIALIASED_QUALITY; // Enable anti-aliasing 59 | 60 | // Create a new font based on the LOGFONT structure 61 | hFont = CreateFontIndirect(&lf); 62 | 63 | // Select the new font into the device context and save the old font 64 | hOldFont = (HFONT)SelectObject(hdc, hFont); 65 | 66 | // Clean up the old font (when done using it) 67 | DeleteObject(hOldFont); 68 | } 69 | 70 | void RenderText(HDC hdc, int x, int y, const char *text, COLORREF textColor, int textSize) 71 | { 72 | SetTextSize(hdc, textSize); 73 | SetTextColor(hdc, textColor); 74 | 75 | int len = MultiByteToWideChar(CP_UTF8, 0, text, -1, NULL, 0); 76 | wchar_t *wide_text = new wchar_t[len]; 77 | MultiByteToWideChar(CP_UTF8, 0, text, -1, wide_text, len); 78 | 79 | TextOutW(hdc, x, y, wide_text, len - 1); 80 | 81 | delete[] wide_text; 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /memory-external/classes/utils.cpp: -------------------------------------------------------------------------------- 1 | #include "utils.h" 2 | 3 | void Utils::update_console_title() { 4 | std::string title = "cs2-external-esp"; 5 | 6 | config::show_box_esp ? title += " | Box: [O]" : title += " | Box: [X]"; 7 | config::show_skeleton_esp ? title += " | Skeleton: [O]" : title += " | Skeleton: [X]"; 8 | config::show_head_tracker ? title += " | Head Tracker: [O]" : title += " | Head Tracker: [X]"; 9 | config::team_esp ? title += " | Team: [O]" : title += " | Team: [X]"; 10 | config::automatic_update ? title += " | Auto Update: [O]" : title += " | Auto Update: [X]"; 11 | config::show_extra_flags ? title += " | Flags: [O]" : title += " | Flags: [X]"; 12 | 13 | SetConsoleTitle(title.c_str()); 14 | } 15 | 16 | 17 | bool Utils::is_in_bounds(const Vector3& pos, int width, int heigh) { 18 | return pos.x >= 0 && pos.x <= width && pos.y >= 0 && pos.y <= heigh; 19 | } -------------------------------------------------------------------------------- /memory-external/classes/utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | 5 | #include "config.hpp" 6 | #include "vector.hpp" 7 | 8 | class Utils { 9 | private: 10 | public: 11 | void update_console_title(); 12 | bool is_in_bounds(const Vector3& pos, int width, int heigh); 13 | }; 14 | 15 | inline Utils utils; -------------------------------------------------------------------------------- /memory-external/classes/vector.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #ifndef _VECTOR_ESP_ 3 | #define _VECTOR_ESP_ 4 | #include 5 | #include 6 | 7 | struct Vector3 8 | { 9 | // constructor 10 | constexpr Vector3( 11 | const float x = 0.f, 12 | const float y = 0.f, 13 | const float z = 0.f) noexcept : 14 | x(x), y(y), z(z) { } 15 | 16 | // operator overloads 17 | constexpr const Vector3& operator-(const Vector3& other) const noexcept 18 | { 19 | return Vector3{ x - other.x, y - other.y, z - other.z }; 20 | } 21 | 22 | constexpr const Vector3& operator+(const Vector3& other) const noexcept 23 | { 24 | return Vector3{ x + other.x, y + other.y, z + other.z }; 25 | } 26 | 27 | constexpr const Vector3& operator/(const float factor) const noexcept 28 | { 29 | return Vector3{ x / factor, y / factor, z / factor }; 30 | } 31 | 32 | constexpr const Vector3& operator*(const float factor) const noexcept 33 | { 34 | return Vector3{ x * factor, y * factor, z * factor }; 35 | } 36 | 37 | constexpr const bool operator>(const Vector3& other) const noexcept { 38 | return x > other.x && y > other.y && z > other.z; 39 | } 40 | 41 | constexpr const bool operator>=(const Vector3& other) const noexcept { 42 | return x >= other.x && y >= other.y && z >= other.z; 43 | } 44 | 45 | constexpr const bool operator<(const Vector3& other) const noexcept { 46 | return x < other.x && y < other.y && z < other.z; 47 | } 48 | 49 | constexpr const bool operator<=(const Vector3& other) const noexcept { 50 | return x <= other.x && y <= other.y && z <= other.z; 51 | } 52 | 53 | // utils 54 | constexpr const Vector3& ToAngle() const noexcept 55 | { 56 | return Vector3{ 57 | std::atan2(-z, std::hypot(x, y)) * (180.0f / std::numbers::pi_v), 58 | std::atan2(y, x) * (180.0f / std::numbers::pi_v), 59 | 0.0f }; 60 | } 61 | 62 | float length() const { 63 | return std::sqrt(x * x + y * y + z * z); 64 | } 65 | 66 | float length2d() const { 67 | return std::sqrt(x * x + y * y); 68 | } 69 | 70 | constexpr const bool IsZero() const noexcept 71 | { 72 | return x == 0.f && y == 0.f && z == 0.f; 73 | } 74 | 75 | float calculate_distance(const Vector3& point) const { 76 | float dx = point.x - x; 77 | float dy = point.y - y; 78 | float dz = point.z - z; 79 | 80 | return std::sqrt(dx * dx + dy * dy + dz * dz); 81 | } 82 | 83 | // struct data 84 | float x, y, z; 85 | }; 86 | #endif -------------------------------------------------------------------------------- /memory-external/hacks/hack.hpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "reader.hpp" 4 | #include "../classes/render.hpp" 5 | #include "../classes/config.hpp" 6 | #include "../classes/globals.hpp" 7 | 8 | namespace hack { 9 | std::vector> boneConnections = { 10 | {"neck_0", "spine_1"}, 11 | {"spine_1", "spine_2"}, 12 | {"spine_2", "pelvis"}, 13 | {"spine_1", "arm_upper_L"}, 14 | {"arm_upper_L", "arm_lower_L"}, 15 | {"arm_lower_L", "hand_L"}, 16 | {"spine_1", "arm_upper_R"}, 17 | {"arm_upper_R", "arm_lower_R"}, 18 | {"arm_lower_R", "hand_R"}, 19 | {"pelvis", "leg_upper_L"}, 20 | {"leg_upper_L", "leg_lower_L"}, 21 | {"leg_lower_L", "ankle_L"}, 22 | {"pelvis", "leg_upper_R"}, 23 | {"leg_upper_R", "leg_lower_R"}, 24 | {"leg_lower_R", "ankle_R"} 25 | }; 26 | 27 | void loop() { 28 | 29 | std::lock_guard lock(reader_mutex); 30 | 31 | if (g_game.isC4Planted) 32 | { 33 | Vector3 c4Origin = g_game.c4.get_origin(); 34 | const Vector3 c4ScreenPos = g_game.world_to_screen(&c4Origin); 35 | 36 | if (c4ScreenPos.z >= 0.01f) { 37 | float c4Distance = g_game.localOrigin.calculate_distance(c4Origin); 38 | float c4RoundedDistance = std::round(c4Distance / 500.f); 39 | 40 | float height = 10 - c4RoundedDistance; 41 | float width = height * 1.4f; 42 | 43 | render::DrawFilledBox( 44 | g::hdcBuffer, 45 | c4ScreenPos.x - (width / 2), 46 | c4ScreenPos.y - (height / 2), 47 | width, 48 | height, 49 | config::esp_box_color_enemy 50 | ); 51 | 52 | render::RenderText( 53 | g::hdcBuffer, 54 | c4ScreenPos.x + (width / 2 + 5), 55 | c4ScreenPos.y, 56 | "C4", 57 | config::esp_name_color, 58 | 10 59 | ); 60 | } 61 | } 62 | 63 | int playerIndex = 0; 64 | uintptr_t list_entry; 65 | 66 | /** 67 | * Loop through all the players in the entity list 68 | * 69 | * (This could have been done by getting a entity list count from the engine, but I'm too lazy to do that) 70 | **/ 71 | for (auto player = g_game.players.begin(); player < g_game.players.end(); player++) { 72 | const Vector3 screenPos = g_game.world_to_screen(&player->origin); 73 | const Vector3 screenHead = g_game.world_to_screen(&player->head); 74 | 75 | if ( 76 | screenPos.z < 0.01f || 77 | !utils.is_in_bounds(screenPos, g_game.game_bounds.right, g_game.game_bounds.bottom) 78 | ) 79 | continue; 80 | 81 | const float height = screenPos.y - screenHead.y; 82 | const float width = height / 2.4f; 83 | 84 | float distance = g_game.localOrigin.calculate_distance(player->origin); 85 | int roundedDistance = std::round(distance / 10.f); 86 | 87 | if (config::show_head_tracker) { 88 | render::DrawCircle( 89 | g::hdcBuffer, 90 | player->bones.bonePositions["head"].x, 91 | player->bones.bonePositions["head"].y - width / 12, 92 | width / 5, 93 | (g_game.localTeam == player->team ? config::esp_skeleton_color_team : config::esp_skeleton_color_enemy) 94 | ); 95 | } 96 | 97 | if (config::show_skeleton_esp) { 98 | for (const auto& connection : boneConnections) { 99 | const std::string& boneFrom = connection.first; 100 | const std::string& boneTo = connection.second; 101 | 102 | render::DrawLine( 103 | g::hdcBuffer, 104 | player->bones.bonePositions[boneFrom].x, player->bones.bonePositions[boneFrom].y, 105 | player->bones.bonePositions[boneTo].x, player->bones.bonePositions[boneTo].y, 106 | g_game.localTeam == player->team ? config::esp_skeleton_color_team : config::esp_skeleton_color_enemy 107 | ); 108 | } 109 | } 110 | 111 | if (config::show_box_esp) 112 | { 113 | render::DrawBorderBox( 114 | g::hdcBuffer, 115 | screenHead.x - width / 2, 116 | screenHead.y, 117 | width, 118 | height, 119 | (g_game.localTeam == player->team ? config::esp_box_color_team : config::esp_box_color_enemy) 120 | ); 121 | } 122 | 123 | render::DrawBorderBox( 124 | g::hdcBuffer, 125 | screenHead.x - (width / 2 + 10), 126 | screenHead.y + (height * (100 - player->armor) / 100), 127 | 2, 128 | height - (height * (100 - player->armor) / 100), 129 | RGB(0, 185, 255) 130 | ); 131 | 132 | render::DrawBorderBox( 133 | g::hdcBuffer, 134 | screenHead.x - (width / 2 + 5), 135 | screenHead.y + (height * (100 - player->health) / 100), 136 | 2, 137 | height - (height * (100 - player->health) / 100), 138 | RGB( 139 | (255 - player->health), 140 | (55 + player->health * 2), 141 | 75 142 | ) 143 | ); 144 | 145 | render::RenderText( 146 | g::hdcBuffer, 147 | screenHead.x + (width / 2 + 5), 148 | screenHead.y, 149 | player->name.c_str(), 150 | config::esp_name_color, 151 | 10 152 | ); 153 | 154 | /** 155 | * I know is not the best way but a simple way to not saturate the screen with a ton of information 156 | */ 157 | if (roundedDistance > config::flag_render_distance) 158 | continue; 159 | 160 | render::RenderText( 161 | g::hdcBuffer, 162 | screenHead.x + (width / 2 + 5), 163 | screenHead.y + 10, 164 | (std::to_string(player->health) + "hp").c_str(), 165 | RGB( 166 | (255 - player->health), 167 | (55 + player->health * 2), 168 | 75 169 | ), 170 | 10 171 | ); 172 | 173 | render::RenderText( 174 | g::hdcBuffer, 175 | screenHead.x + (width / 2 + 5), 176 | screenHead.y + 20, 177 | (std::to_string(player->armor) + "armor").c_str(), 178 | RGB( 179 | (255 - player->armor), 180 | (55 + player->armor * 2), 181 | 75 182 | ), 183 | 10 184 | ); 185 | 186 | if (config::show_extra_flags) 187 | { 188 | render::RenderText( 189 | g::hdcBuffer, 190 | screenHead.x + (width / 2 + 5), 191 | screenHead.y + 30, 192 | player->weapon.c_str(), 193 | config::esp_distance_color, 194 | 10 195 | ); 196 | 197 | render::RenderText( 198 | g::hdcBuffer, 199 | screenHead.x + (width / 2 + 5), 200 | screenHead.y + 40, 201 | (std::to_string(roundedDistance) + "m away").c_str(), 202 | config::esp_distance_color, 203 | 10 204 | ); 205 | 206 | render::RenderText( 207 | g::hdcBuffer, 208 | screenHead.x + (width / 2 + 5), 209 | screenHead.y + 50, 210 | ("$" + std::to_string(player->money)).c_str(), 211 | RGB(0, 125, 0), 212 | 10 213 | ); 214 | 215 | if (player->flashAlpha > 100) 216 | { 217 | render::RenderText( 218 | g::hdcBuffer, 219 | screenHead.x + (width / 2 + 5), 220 | screenHead.y + 60, 221 | "Player is flashed", 222 | config::esp_distance_color, 223 | 10 224 | ); 225 | } 226 | 227 | if (player->is_defusing) 228 | { 229 | const std::string defuText = "Player is defusing"; 230 | render::RenderText( 231 | g::hdcBuffer, 232 | screenHead.x + (width / 2 + 5), 233 | screenHead.y + 60, 234 | defuText.c_str(), 235 | config::esp_distance_color, 236 | 10 237 | ); 238 | } 239 | } 240 | } 241 | // std::this_thread::sleep_for(std::chrono::milliseconds(1)); 242 | } 243 | } 244 | 245 | -------------------------------------------------------------------------------- /memory-external/hacks/reader.cpp: -------------------------------------------------------------------------------- 1 | #include "reader.hpp" 2 | #include 3 | #include 4 | #include 5 | #include "../classes/auto_updater.hpp" 6 | #include "../classes/config.hpp" 7 | 8 | std::map boneMap = { 9 | {"head", 6}, 10 | {"neck_0", 5}, 11 | {"spine_1", 4}, 12 | {"spine_2", 2}, 13 | {"pelvis", 0}, 14 | {"arm_upper_L", 8}, 15 | {"arm_lower_L", 9}, 16 | {"hand_L", 10}, 17 | {"arm_upper_R", 13}, 18 | {"arm_lower_R", 14}, 19 | {"hand_R", 15}, 20 | {"leg_upper_L", 22}, 21 | {"leg_lower_L", 23}, 22 | {"ankle_L", 24}, 23 | {"leg_upper_R", 25}, 24 | {"leg_lower_R", 26}, 25 | {"ankle_R", 27} 26 | }; 27 | 28 | // CC4 29 | uintptr_t CC4::get_planted() { 30 | return g_game.process->read(g_game.process->read(g_game.base_client.base + updater::offsets::dwPlantedC4)); 31 | } 32 | 33 | uintptr_t CC4::get_node() { 34 | return g_game.process->read(get_planted() + updater::offsets::m_pGameSceneNode); 35 | } 36 | 37 | Vector3 CC4::get_origin() { 38 | return g_game.process->read(get_node() + updater::offsets::m_vecAbsOrigin); 39 | } 40 | 41 | // CGame 42 | void CGame::init() { 43 | std::cout << "[cs2] Waiting for cs2.exe..." << std::endl; 44 | 45 | process = std::make_shared(); 46 | while (!process->AttachProcess("cs2.exe")) 47 | std::this_thread::sleep_for(std::chrono::seconds(1)); 48 | 49 | std::cout << "[cs2] Attached to cs2.exe\n" << std::endl; 50 | 51 | do { 52 | base_client = process->GetModule("client.dll"); 53 | base_engine = process->GetModule("engine2.dll"); 54 | if (base_client.base == 0 || base_engine.base == 0) { 55 | std::this_thread::sleep_for(std::chrono::seconds(1)); 56 | std::cout << "[cs2] Failed to find module client.dll/engine2.dll, waiting for the game to load it..." << std::endl; 57 | } 58 | } while (base_client.base == 0 || base_engine.base == 0); 59 | 60 | GetClientRect(process->hwnd_, &game_bounds); 61 | 62 | buildNumber = process->read(base_engine.base + updater::offsets::dwBuildNumber); 63 | } 64 | 65 | void CGame::close() { 66 | std::cout << "[cs2] Deatachig from process" << std::endl; 67 | process->Close(); 68 | } 69 | 70 | void CGame::loop() { 71 | std::lock_guard lock(reader_mutex); 72 | 73 | if (updater::offsets::dwLocalPlayerController == 0x0) 74 | throw std::runtime_error("Offsets have not been corretly set, cannot proceed."); 75 | 76 | inGame = false; 77 | isC4Planted = false; 78 | 79 | localPlayer = process->read(base_client.base + updater::offsets::dwLocalPlayerController); 80 | if (!localPlayer) return; 81 | 82 | localPlayerPawn = process->read(localPlayer + updater::offsets::m_hPlayerPawn); 83 | if (!localPlayerPawn) return; 84 | 85 | entity_list = process->read(base_client.base + updater::offsets::dwEntityList); 86 | 87 | localList_entry2 = process->read(entity_list + 0x8 * ((localPlayerPawn & 0x7FFF) >> 9) + 16); 88 | localpCSPlayerPawn = process->read(localList_entry2 + 120 * (localPlayerPawn & 0x1FF)); 89 | if (!localpCSPlayerPawn) return; 90 | 91 | view_matrix = process->read(base_client.base + updater::offsets::dwViewMatrix); 92 | 93 | localTeam = process->read(localPlayer + updater::offsets::m_iTeamNum); 94 | localOrigin = process->read(localpCSPlayerPawn + updater::offsets::m_vOldOrigin); 95 | isC4Planted = process->read(base_client.base + updater::offsets::dwPlantedC4 - 0x8); 96 | 97 | inGame = true; 98 | int playerIndex = 0; 99 | std::vector list; 100 | CPlayer player; 101 | uintptr_t list_entry, list_entry2, playerPawn, playerMoneyServices, clippingWeapon, weaponData, playerNameData; 102 | 103 | while (true) { 104 | playerIndex++; 105 | list_entry = process->read(entity_list + (8 * (playerIndex & 0x7FFF) >> 9) + 16); 106 | if (!list_entry) break; 107 | 108 | player.entity = process->read(list_entry + 120 * (playerIndex & 0x1FF)); 109 | if (!player.entity) continue; 110 | 111 | /** 112 | * Skip rendering your own character and teammates 113 | * 114 | * If you really want you can exclude your own character from the check but 115 | * since you are in the same team as yourself it will be excluded anyway 116 | **/ 117 | player.team = process->read(player.entity + updater::offsets::m_iTeamNum); 118 | if (config::team_esp && (player.team == localTeam)) continue; 119 | 120 | playerPawn = process->read(player.entity + updater::offsets::m_hPlayerPawn); 121 | 122 | list_entry2 = process->read(entity_list + 0x8 * ((playerPawn & 0x7FFF) >> 9) + 16); 123 | if (!list_entry2) continue; 124 | 125 | player.pCSPlayerPawn = process->read(list_entry2 + 120 * (playerPawn & 0x1FF)); 126 | if (!player.pCSPlayerPawn) continue; 127 | 128 | player.health = process->read(player.pCSPlayerPawn + updater::offsets::m_iHealth); 129 | player.armor = process->read(player.pCSPlayerPawn + updater::offsets::m_ArmorValue); 130 | if (player.health <= 0 || player.health > 100) continue; 131 | 132 | if (config::team_esp && (player.pCSPlayerPawn == localPlayer)) continue; 133 | 134 | /* 135 | * Unused for now, but for a vis check 136 | * 137 | * player.spottedState = process->read(player.pCSPlayerPawn + 0x1630); 138 | * player.is_spotted = process->read(player.spottedState + 0xC); // bSpottedByMask 139 | * player.is_spotted = process->read(player.spottedState + 0x8); // bSpotted 140 | */ 141 | 142 | playerNameData = process->read(player.entity + updater::offsets::m_sSanitizedPlayerName); 143 | char buffer[256]; 144 | process->read_raw(playerNameData, buffer, sizeof(buffer)); 145 | std::string name = std::string(buffer); 146 | player.name = name; 147 | 148 | player.gameSceneNode = process->read(player.pCSPlayerPawn + updater::offsets::m_pGameSceneNode); 149 | player.origin = process->read(player.pCSPlayerPawn + updater::offsets::m_vOldOrigin); 150 | player.head = { player.origin.x, player.origin.y, player.origin.z + 75.f }; 151 | 152 | if (player.origin.x == localOrigin.x && player.origin.y == localOrigin.y && player.origin.z == localOrigin.z) 153 | continue; 154 | 155 | if (config::render_distance != -1 && (localOrigin - player.origin).length2d() > config::render_distance) continue; 156 | if (player.origin.x == 0 && player.origin.y == 0) continue; 157 | 158 | if (config::show_skeleton_esp) { 159 | player.gameSceneNode = process->read(player.pCSPlayerPawn + updater::offsets::m_pGameSceneNode); 160 | player.boneArray = process->read(player.gameSceneNode + 0x1F0); 161 | player.ReadBones(); 162 | } 163 | 164 | if (config::show_head_tracker && !config::show_skeleton_esp) { 165 | player.gameSceneNode = process->read(player.pCSPlayerPawn + updater::offsets::m_pGameSceneNode); 166 | player.boneArray = process->read(player.gameSceneNode + 0x1F0); 167 | player.ReadHead(); 168 | } 169 | 170 | if (config::show_extra_flags) { 171 | /* 172 | * Reading values for extra flags is now seperated from the other reads 173 | * This removes unnecessary memory reads, improving performance when not showing extra flags 174 | */ 175 | player.is_defusing = process->read(player.pCSPlayerPawn + updater::offsets::m_bIsDefusing); 176 | 177 | playerMoneyServices = process->read(player.entity + updater::offsets::m_pInGameMoneyServices); 178 | player.money = process->read(playerMoneyServices + updater::offsets::m_iAccount); 179 | 180 | player.flashAlpha = process->read(player.pCSPlayerPawn + updater::offsets::m_flFlashOverlayAlpha); 181 | 182 | clippingWeapon = process->read(player.pCSPlayerPawn + updater::offsets::m_pClippingWeapon); 183 | std::uint64_t firstLevel = process->read(clippingWeapon + 0x10); // First offset 184 | weaponData = process->read(firstLevel + 0x20); // Final offset 185 | /*weaponData = process->read(clippingWeapon + 0x10); 186 | weaponData = process->read(weaponData + updater::offsets::m_szName);*/ 187 | char buffer[MAX_PATH]; 188 | process->read_raw(weaponData, buffer, sizeof(buffer)); 189 | std::string weaponName = std::string(buffer); 190 | if (weaponName.compare(0, 7, "weapon_") == 0) 191 | player.weapon = weaponName.substr(7, weaponName.length()); // Remove weapon_ prefix 192 | else 193 | player.weapon = "Invalid Weapon Name"; 194 | } 195 | 196 | list.push_back(player); 197 | } 198 | 199 | players.clear(); 200 | players.assign(list.begin(), list.end()); 201 | } 202 | 203 | uintptr_t boneAddress; 204 | Vector3 bonePosition; 205 | int boneIndex; 206 | void CPlayer::ReadHead() { 207 | boneAddress = boneArray + 6 * 32; 208 | bonePosition = g_game.process->read(boneAddress); 209 | bones.bonePositions["head"] = g_game.world_to_screen(&bonePosition); 210 | 211 | } 212 | 213 | void CPlayer::ReadBones() { 214 | for (const auto& entry : boneMap) { 215 | const std::string& boneName = entry.first; 216 | boneIndex = entry.second; 217 | boneAddress = boneArray + boneIndex * 32; 218 | bonePosition = g_game.process->read(boneAddress); 219 | bones.bonePositions[boneName] = g_game.world_to_screen(&bonePosition); 220 | } 221 | } 222 | 223 | Vector3 CGame::world_to_screen(Vector3* v) { 224 | float _x = view_matrix[0][0] * v->x + view_matrix[0][1] * v->y + view_matrix[0][2] * v->z + view_matrix[0][3]; 225 | float _y = view_matrix[1][0] * v->x + view_matrix[1][1] * v->y + view_matrix[1][2] * v->z + view_matrix[1][3]; 226 | 227 | float w = view_matrix[3][0] * v->x + view_matrix[3][1] * v->y + view_matrix[3][2] * v->z + view_matrix[3][3]; 228 | 229 | float inv_w = 1.f / w; 230 | _x *= inv_w; 231 | _y *= inv_w; 232 | 233 | float x = game_bounds.right * .5f; 234 | float y = game_bounds.bottom * .5f; 235 | 236 | x += 0.5f * _x * game_bounds.right + 0.5f; 237 | y -= 0.5f * _y * game_bounds.bottom + 0.5f; 238 | 239 | return { x, y, w }; 240 | } 241 | -------------------------------------------------------------------------------- /memory-external/hacks/reader.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "../memory/memory.hpp" 3 | #include "../classes/vector.hpp" 4 | #include 5 | #include 6 | #include 7 | 8 | struct view_matrix_t { 9 | float* operator[ ](int index) { 10 | return matrix[index]; 11 | } 12 | 13 | float matrix[4][4]; 14 | }; 15 | 16 | class CBones { 17 | public: 18 | std::map bonePositions; 19 | }; 20 | 21 | class CC4 { 22 | public: 23 | uintptr_t get_planted(); 24 | uintptr_t get_node(); 25 | Vector3 get_origin(); 26 | }; 27 | 28 | class CPlayer { 29 | public: 30 | uintptr_t entity; 31 | int team; 32 | uintptr_t pCSPlayerPawn; 33 | uintptr_t gameSceneNode; 34 | uintptr_t boneArray; 35 | uintptr_t spottedState; 36 | int health; 37 | int armor; 38 | std::string name; 39 | Vector3 origin; 40 | Vector3 head; 41 | CBones bones; 42 | bool is_defusing; 43 | bool is_spotted; 44 | int32_t money; 45 | float flashAlpha; 46 | std::string weapon; 47 | void ReadBones(); 48 | void ReadHead(); 49 | }; 50 | 51 | class CGame 52 | { 53 | public: 54 | std::shared_ptr process; 55 | ProcessModule base_client; 56 | ProcessModule base_engine; 57 | RECT game_bounds; 58 | uintptr_t buildNumber; 59 | bool inGame; 60 | Vector3 localOrigin; 61 | bool isC4Planted; 62 | int localTeam; 63 | CC4 c4; 64 | std::vector players = {}; 65 | void init(); 66 | void loop(); 67 | void close(); 68 | Vector3 world_to_screen(Vector3* v); 69 | private: 70 | view_matrix_t view_matrix; 71 | uintptr_t entity_list; 72 | uintptr_t localPlayer; 73 | uintptr_t localpCSPlayerPawn; 74 | std::uint32_t localPlayerPawn; 75 | uintptr_t localList_entry2; 76 | }; 77 | 78 | inline CGame g_game; 79 | 80 | inline std::mutex reader_mutex; -------------------------------------------------------------------------------- /memory-external/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "classes/utils.h" 7 | #include "memory/memory.hpp" 8 | #include "classes/vector.hpp" 9 | #include "hacks/reader.hpp" 10 | #include "hacks/hack.hpp" 11 | #include "classes/globals.hpp" 12 | #include "classes/render.hpp" 13 | #include "classes/auto_updater.hpp" 14 | 15 | bool finish = false; 16 | 17 | LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) 18 | { 19 | switch (message) 20 | { 21 | case WM_CREATE: 22 | { 23 | g::hdcBuffer = CreateCompatibleDC(NULL); 24 | g::hbmBuffer = CreateCompatibleBitmap(GetDC(hWnd), g::gameBounds.right, g::gameBounds.bottom); 25 | SelectObject(g::hdcBuffer, g::hbmBuffer); 26 | 27 | SetWindowLong(hWnd, GWL_EXSTYLE, GetWindowLong(hWnd, GWL_EXSTYLE) | WS_EX_LAYERED); 28 | 29 | SetLayeredWindowAttributes(hWnd, RGB(255, 255, 255), 0, LWA_COLORKEY); 30 | 31 | std::cout << "[overlay] Window created successfully" << std::endl; 32 | Beep(500, 100); 33 | break; 34 | } 35 | case WM_ERASEBKGND: // We handle this message to avoid flickering 36 | return TRUE; 37 | case WM_PAINT: 38 | { 39 | PAINTSTRUCT ps; 40 | HDC hdc = BeginPaint(hWnd, &ps); 41 | 42 | //DOUBLE BUFFERING 43 | FillRect(g::hdcBuffer, &ps.rcPaint, (HBRUSH)GetStockObject(WHITE_BRUSH)); 44 | 45 | 46 | if (GetForegroundWindow() == g_game.process->hwnd_) { 47 | //render::RenderText(g::hdcBuffer, 10, 10, "cs2 | ESP", RGB(75, 175, 175), 15); 48 | hack::loop(); 49 | } 50 | 51 | BitBlt(hdc, 0, 0, g::gameBounds.right, g::gameBounds.bottom, g::hdcBuffer, 0, 0, SRCCOPY); 52 | 53 | EndPaint(hWnd, &ps); 54 | InvalidateRect(hWnd, NULL, TRUE); 55 | break; 56 | } 57 | case WM_DESTROY: 58 | DeleteDC(g::hdcBuffer); 59 | DeleteObject(g::hbmBuffer); 60 | 61 | PostQuitMessage(0); 62 | break; 63 | default: 64 | return DefWindowProc(hWnd, message, wParam, lParam); 65 | } 66 | return 0; 67 | } 68 | 69 | void read_thread() { 70 | while (!finish) { 71 | g_game.loop(); 72 | std::this_thread::sleep_for(std::chrono::milliseconds(2)); 73 | } 74 | } 75 | 76 | int main() { 77 | utils.update_console_title(); 78 | 79 | std::cout << "[info] Github Repository: https://github.com/IMXNOOBX/cs2-external-esp" << std::endl; 80 | std::cout << "[info] Unknowncheats thread: https://www.unknowncheats.me/forum/counter-strike-2-releases/600259-cs2-external-esp.html\n" << std::endl; 81 | 82 | std::cout << "[config] Reading configuration." << std::endl; 83 | if (config::read()) 84 | std::cout << "[updater] Sucessfully read configuration file\n" << std::endl; 85 | else 86 | std::cout << "[updater] Error reading config file, reseting to the default state\n" << std::endl; 87 | 88 | #ifndef _UC 89 | updater::check_and_update(config::automatic_update); 90 | #endif 91 | 92 | std::cout << "[updater] Reading offsets from file offsets.json." << std::endl; 93 | if (updater::read()) 94 | std::cout << "[updater] Sucessfully read offsets file\n" << std::endl; 95 | else 96 | std::cout << "[updater] Error reading offsets file, reseting to the default state\n" << std::endl; 97 | 98 | g_game.init(); 99 | 100 | if (g_game.buildNumber != updater::build_number) { 101 | std::cout << "[cs2] Build number doesnt match, the game has been updated and this esp most likely wont work." << std::endl; 102 | std::cout << "[warn] If the esp doesnt work, consider updating offsets manually in the file offsets.json" << std::endl; 103 | std::cout << "[cs2] Press any key to continue" << std::endl; 104 | std::cin.get(); 105 | } 106 | else { 107 | std::cout << "[cs2] Offsets seem to be up to date! have fun!" << std::endl; 108 | } 109 | 110 | std::cout << "[overlay] Waiting to focus game to create the overlay..." << std::endl; 111 | std::cout << "[overlay] Make sure your game is in \"Full Screen Windowed\"" << std::endl; 112 | while (GetForegroundWindow() != g_game.process->hwnd_) { 113 | std::this_thread::sleep_for(std::chrono::seconds(1)); 114 | g_game.process->UpdateHWND(); 115 | ShowWindow(g_game.process->hwnd_, TRUE); 116 | } 117 | std::cout << "[overlay] Creating window overlay..." << std::endl; 118 | 119 | WNDCLASSEXA wc = { 0 }; 120 | wc.cbSize = sizeof(WNDCLASSEXA); 121 | wc.lpfnWndProc = WndProc; 122 | wc.style = CS_HREDRAW | CS_VREDRAW; 123 | wc.hbrBackground = WHITE_BRUSH; 124 | wc.hInstance = reinterpret_cast(GetWindowLongA(g_game.process->hwnd_, (-6))); // GWL_HINSTANCE)); 125 | wc.lpszMenuName = " "; 126 | wc.lpszClassName = " "; 127 | 128 | RegisterClassExA(&wc); 129 | 130 | GetClientRect(g_game.process->hwnd_, &g::gameBounds); 131 | 132 | // Create the window 133 | HINSTANCE hInstance = NULL; 134 | HWND hWnd = CreateWindowExA(WS_EX_TRANSPARENT | WS_EX_TOPMOST | WS_EX_LAYERED | WS_EX_TOOLWINDOW, " ", "cs2-external-esp", WS_POPUP, 135 | g::gameBounds.left, g::gameBounds.top, g::gameBounds.right - g::gameBounds.left, g::gameBounds.bottom + g::gameBounds.left, NULL, NULL, hInstance, NULL); // NULL, NULL); 136 | 137 | if (hWnd == NULL) 138 | return 0; 139 | 140 | SetWindowPos(hWnd, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE); 141 | ShowWindow(hWnd, TRUE); 142 | //SetActiveWindow(hack::process->hwnd_); 143 | 144 | // Launch game memory reading thread 145 | std::thread read(read_thread); 146 | 147 | #ifndef _UC 148 | std::cout << "\n[settings] In Game keybinds:\n\t[F4] enable/disable Box ESP\n\t[F5] enable/disable Team ESP\n\t[F6] enable/disable automatic updates\n\t[F7] enable/disable extra flags\n\t[F8] enable/disable skeleton esp\n\t[F9] enable/disable head tracker\n\t[end] Unload esp.\n" << std::endl; 149 | #else 150 | std::cout << "\n[settings] In Game keybinds:\n\t[F4] enable/disable Box ESP\n\t[F5] enable/disable Team ESP\n\t[F7] enable/disable extra flags\n\t[F8] enable/disable skeleton esp\n\t[F9] enable/disable head tracker\n\t[end] Unload esp.\n" << std::endl; 151 | #endif 152 | std::cout << "[settings] Make sure you check the config for additional settings!" << std::endl; 153 | 154 | // Message loop 155 | MSG msg; 156 | while (GetMessage(&msg, NULL, 0, 0) && !finish) 157 | { 158 | if (GetAsyncKeyState(VK_END) & 0x8000) finish = true; 159 | 160 | if (GetAsyncKeyState(VK_F4) & 0x8000) { config::show_box_esp = !config::show_box_esp; config::save(); Beep(700, 100); }; 161 | 162 | if (GetAsyncKeyState(VK_F5) & 0x8000) { config::team_esp = !config::team_esp; config::save(); Beep(700, 100); }; 163 | #ifndef _UC 164 | if (GetAsyncKeyState(VK_F6) & 0x8000) { config::automatic_update = !config::automatic_update; config::save(); Beep(700, 100); } 165 | #endif 166 | if (GetAsyncKeyState(VK_F7) & 0x8000) { config::show_extra_flags = !config::show_extra_flags; config::save(); Beep(700, 100); }; 167 | 168 | if (GetAsyncKeyState(VK_F8) & 0x8000) { config::show_skeleton_esp = !config::show_skeleton_esp; config::save(); Beep(700, 100); }; 169 | 170 | if (GetAsyncKeyState(VK_F9) & 0x8000) { config::show_head_tracker = !config::show_head_tracker; config::save(); Beep(700, 100); }; 171 | 172 | TranslateMessage(&msg); 173 | DispatchMessage(&msg); 174 | 175 | std::this_thread::sleep_for(std::chrono::milliseconds(1)); 176 | } 177 | 178 | read.detach(); 179 | 180 | Beep(700, 100); Beep(700, 100); 181 | 182 | std::cout << "[overlay] Destroying overlay window." << std::endl; 183 | DeleteDC(g::hdcBuffer); 184 | DeleteObject(g::hbmBuffer); 185 | 186 | DestroyWindow(hWnd); 187 | 188 | g_game.close(); 189 | 190 | #ifdef NDEBUG 191 | std::cout << "[cs2] Press any key to close" << std::endl; 192 | std::cin.get(); 193 | #endif 194 | 195 | return 1; 196 | } 197 | -------------------------------------------------------------------------------- /memory-external/memory-external.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | Unknowncheats 22 | Win32 23 | 24 | 25 | Unknowncheats 26 | x64 27 | 28 | 29 | 30 | 16.0 31 | Win32Proj 32 | {b87ab66d-73cc-48a1-9d3a-76b2ecbd3a64} 33 | memoryexternal 34 | 10.0 35 | cs2-external-esp 36 | 37 | 38 | 39 | Application 40 | true 41 | v143 42 | MultiByte 43 | 44 | 45 | Application 46 | false 47 | v143 48 | true 49 | MultiByte 50 | 51 | 52 | Application 53 | false 54 | v143 55 | true 56 | MultiByte 57 | 58 | 59 | Application 60 | true 61 | v143 62 | MultiByte 63 | 64 | 65 | Application 66 | false 67 | v143 68 | true 69 | MultiByte 70 | 71 | 72 | Application 73 | false 74 | v143 75 | true 76 | MultiByte 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | $(ProjectName) 104 | 105 | 106 | $(ProjectName) 107 | 108 | 109 | 110 | Level3 111 | true 112 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 113 | true 114 | 115 | 116 | Windows 117 | true 118 | gdiplus.lib;%(AdditionalDependencies) 119 | 120 | 121 | 122 | 123 | Level3 124 | true 125 | true 126 | true 127 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 128 | true 129 | stdcpp20 130 | 131 | 132 | Windows 133 | true 134 | true 135 | true 136 | gdiplus.lib;%(AdditionalDependencies) 137 | 138 | 139 | 140 | 141 | Level3 142 | true 143 | true 144 | true 145 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 146 | true 147 | stdcpp20 148 | 149 | 150 | Windows 151 | true 152 | true 153 | true 154 | gdiplus.lib;%(AdditionalDependencies) 155 | 156 | 157 | 158 | 159 | Level3 160 | true 161 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 162 | true 163 | stdcpp20 164 | stdc17 165 | 166 | 167 | Console 168 | true 169 | gdiplus.lib;wininet.lib;Gdi32.lib;User32.lib 170 | 171 | 172 | 173 | 174 | Level3 175 | true 176 | true 177 | true 178 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 179 | true 180 | stdcpp20 181 | true 182 | MultiThreaded 183 | stdc17 184 | 185 | 186 | Console 187 | true 188 | true 189 | false 190 | gdiplus.lib;wininet.lib;Gdi32.lib;User32.lib 191 | 192 | 193 | 194 | 195 | Level3 196 | true 197 | true 198 | true 199 | NDEBUG;_UC;_CONSOLE;%(PreprocessorDefinitions) 200 | true 201 | stdcpp20 202 | MultiThreaded 203 | true 204 | stdc17 205 | 206 | 207 | Console 208 | true 209 | true 210 | false 211 | gdiplus.lib;wininet.lib;Gdi32.lib;User32.lib 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | -------------------------------------------------------------------------------- /memory-external/memory-external.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | 38 | 39 | Header Files 40 | 41 | 42 | Header Files 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files 49 | 50 | 51 | Header Files 52 | 53 | 54 | Header Files 55 | 56 | 57 | Header Files 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files 64 | 65 | 66 | Header Files 67 | 68 | 69 | Header Files 70 | 71 | 72 | -------------------------------------------------------------------------------- /memory-external/memory/handle_hijack.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Credits to: https://github.com/Apxaey/Handle-Hijacking-Anti-Cheat-Bypass for the source and public sharing! 3 | 4 | Its a little bit messy as i tried to make it asap. All comments below this are from the original creator! 5 | */ 6 | 7 | /* 8 | This is a stand alone bypass made by Apxaey. Feel free to use this in your cheats but credit me for the bypass as i put alot of time into this. 9 | If you have some brain cells you will be able to incorporate this into your cheats and remain undetected by user-mode anticheats. 10 | Obviously standard cheat 'recommendations' still apply: 11 | 1.) Use self-written or not signatured code 12 | 2.) Dont write impossible values 13 | 3.) If your going internal use a manual map injector 14 | 15 | If you follow the guidelines above and use this bypass you will be safe from usermode anticheats like VAC. 16 | Obviously you can build and adapt upon my code to suit your needs. 17 | If I was to make a cheat for myself i would put this bypass into something i call an 'external internal' cheat. 18 | Whereby you make a cheat and inject into a legitimate program like discord and add a check to the this bypass to only hijack a handle from the process you inject into, giving the appearence that nothing is out of the ordinary 19 | However you can implement this bypass into any form of cheat, its your decision. 20 | If you need want some more info i recommend you watch my YT video on this bypass. 21 | Anyways if you want to see more of my stuff feel free to join my discord server discord.gg/********. Here's my YT as well https://www.youtube.com/channel/UCPN6OOLxn1OaBP5jPThIiog. 22 | */ 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | // macros we use.Some can be found in wintrnl.h 30 | #define SeDebugPriv 20 31 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) 32 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004) 33 | #define NtCurrentProcess ( (HANDLE)(LONG_PTR) -1 ) 34 | #define ProcessHandleType 0x7 35 | #define SystemHandleInformation 16 36 | 37 | /* 38 | STRUCTURES NEEDED FOR NTOPENPROCESS: 39 | */ 40 | typedef struct _UNICODE_STRING { 41 | USHORT Length; 42 | USHORT MaximumLength; 43 | PWCH Buffer; 44 | } UNICODE_STRING, * PUNICODE_STRING; 45 | 46 | typedef struct _OBJECT_ATTRIBUTES { 47 | ULONG Length; 48 | HANDLE RootDirectory; 49 | PUNICODE_STRING ObjectName; 50 | ULONG Attributes; 51 | PVOID SecurityDescriptor; 52 | PVOID SecurityQualityOfService; 53 | } OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES; 54 | 55 | typedef struct _CLIENT_ID 56 | { 57 | PVOID UniqueProcess; 58 | PVOID UniqueThread; 59 | } CLIENT_ID, * PCLIENT_ID; 60 | 61 | /* 62 | STRUCTURES NEEDED FOR HANDLE INFORMATION: 63 | */ 64 | 65 | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO 66 | { 67 | ULONG ProcessId; 68 | BYTE ObjectTypeNumber; 69 | BYTE Flags; 70 | USHORT Handle; 71 | PVOID Object; 72 | ACCESS_MASK GrantedAccess; 73 | } SYSTEM_HANDLE, * PSYSTEM_HANDLE; //i shortened it to SYSTEM_HANDLE for the sake of typing 74 | 75 | typedef struct _SYSTEM_HANDLE_INFORMATION 76 | { 77 | ULONG HandleCount; 78 | SYSTEM_HANDLE Handles[1]; 79 | } SYSTEM_HANDLE_INFORMATION, * PSYSTEM_HANDLE_INFORMATION; 80 | 81 | /* 82 | FUNCTION PROTOTYPES: 83 | */ 84 | typedef NTSTATUS(NTAPI* _NtDuplicateObject)( 85 | HANDLE SourceProcessHandle, 86 | HANDLE SourceHandle, 87 | HANDLE TargetProcessHandle, 88 | PHANDLE TargetHandle, 89 | ACCESS_MASK DesiredAccess, 90 | ULONG Attributes, 91 | ULONG Options 92 | ); 93 | 94 | typedef NTSTATUS(NTAPI* _RtlAdjustPrivilege)( 95 | ULONG Privilege, 96 | BOOLEAN Enable, 97 | BOOLEAN CurrentThread, 98 | PBOOLEAN Enabled 99 | ); 100 | 101 | typedef NTSYSAPI NTSTATUS(NTAPI* _NtOpenProcess)( 102 | PHANDLE ProcessHandle, 103 | ACCESS_MASK DesiredAccess, 104 | POBJECT_ATTRIBUTES ObjectAttributes, 105 | PCLIENT_ID ClientId 106 | ); 107 | 108 | typedef NTSTATUS(NTAPI* _NtQuerySystemInformation)( 109 | ULONG SystemInformationClass, //your supposed to supply the whole class but microsoft kept the enum mostly empty so I just passed 16 instead for handle info. Thats why you get a warning in your code btw 110 | PVOID SystemInformation, 111 | ULONG SystemInformationLength, 112 | PULONG ReturnLength 113 | ); 114 | 115 | SYSTEM_HANDLE_INFORMATION* hInfo; //holds the handle information 116 | 117 | //the handles we will need to use later on 118 | 119 | namespace hj { 120 | HANDLE procHandle = NULL; 121 | HANDLE hProcess = NULL; 122 | HANDLE HijackedHandle = NULL; 123 | 124 | // simple function i made that will just initialize our Object_Attributes structure as NtOpenProcess will fail otherwise 125 | OBJECT_ATTRIBUTES InitObjectAttributes(PUNICODE_STRING name, ULONG attributes, HANDLE hRoot, PSECURITY_DESCRIPTOR security) 126 | { 127 | OBJECT_ATTRIBUTES object; 128 | 129 | object.Length = sizeof(OBJECT_ATTRIBUTES); 130 | object.ObjectName = name; 131 | object.Attributes = attributes; 132 | object.RootDirectory = hRoot; 133 | object.SecurityDescriptor = security; 134 | 135 | return object; 136 | } 137 | 138 | bool IsHandleValid(HANDLE handle) // i made this to simply check if a handle is valid rather than repeating the if statments 139 | { 140 | if (handle && handle != INVALID_HANDLE_VALUE) 141 | { 142 | return true; 143 | } 144 | else 145 | { 146 | return false; 147 | } 148 | } 149 | 150 | HANDLE HijackExistingHandle(DWORD dwTargetProcessId) 151 | { 152 | HMODULE Ntdll = GetModuleHandleA("ntdll"); // get the base address of ntdll.dll 153 | 154 | //get the address of RtlAdjustPrivilege in ntdll.dll so we can grant our process the highest permission possible 155 | _RtlAdjustPrivilege RtlAdjustPrivilege = (_RtlAdjustPrivilege)GetProcAddress(Ntdll, "RtlAdjustPrivilege"); 156 | 157 | boolean OldPriv; //store the old privileges 158 | 159 | // Give our program SeDeugPrivileges whcih allows us to get a handle to every process, even the highest privileged SYSTEM level processes. 160 | RtlAdjustPrivilege(SeDebugPriv, TRUE, FALSE, &OldPriv); 161 | 162 | //get the address of NtQuerySystemInformation in ntdll.dll so we can find all the open handles on our system 163 | _NtQuerySystemInformation NtQuerySystemInformation = (_NtQuerySystemInformation)GetProcAddress(Ntdll, "NtQuerySystemInformation"); 164 | 165 | //get the address of NtDuplicateObject in ntdll.dll so we can duplicate an existing handle into our cheat, basically performing the hijacking 166 | _NtDuplicateObject NtDuplicateObject = (_NtDuplicateObject)GetProcAddress(Ntdll, "NtDuplicateObject"); 167 | 168 | //get the address of NtOpenProcess in ntdll.dll so wecan create a Duplicate handle 169 | _NtOpenProcess NtOpenProcess = (_NtOpenProcess)GetProcAddress(Ntdll, "NtOpenProcess"); 170 | 171 | 172 | //initialize the Object Attributes structure, you can just set each member to NULL rather than create a function like i did 173 | OBJECT_ATTRIBUTES Obj_Attribute = InitObjectAttributes(NULL, NULL, NULL, NULL); 174 | 175 | //clientID is a PDWORD or DWORD* of the process id to create a handle to 176 | CLIENT_ID clientID = { 0 }; 177 | 178 | 179 | //the size variable is the amount of bytes allocated to store all the open handles 180 | DWORD size = sizeof(SYSTEM_HANDLE_INFORMATION); 181 | 182 | //we allocate the memory to store all the handles on the heap rather than the stack becuase of the large amount of data 183 | hInfo = (SYSTEM_HANDLE_INFORMATION*) new byte[size]; 184 | 185 | //zero the memory handle info 186 | ZeroMemory(hInfo, size); 187 | 188 | //we use this for checking if the Native functions succeed 189 | NTSTATUS NtRet = NULL; 190 | 191 | do 192 | { 193 | // delete the previously allocated memory on the heap because it wasn't large enough to store all the handles 194 | delete[] hInfo; 195 | 196 | //increase the amount of memory allocated by 50% 197 | size *= 1.5; 198 | try 199 | { 200 | //set and allocate the larger size on the heap 201 | hInfo = (PSYSTEM_HANDLE_INFORMATION) new byte[size]; 202 | } 203 | catch (std::bad_alloc) //catch a bad heap allocation. 204 | { 205 | procHandle ? CloseHandle(procHandle) : 0; 206 | } 207 | Sleep(1); //sleep for the cpu 208 | 209 | //we continue this loop until all the handles have been stored 210 | } while ((NtRet = NtQuerySystemInformation(SystemHandleInformation, hInfo, size, NULL)) == STATUS_INFO_LENGTH_MISMATCH); 211 | 212 | //check if we got all the open handles on our system 213 | if (!NT_SUCCESS(NtRet)) 214 | { 215 | procHandle ? CloseHandle(procHandle) : 0; 216 | } 217 | 218 | 219 | //loop through each handle on our system, and filter out handles that are invalid or cant be hijacked 220 | for (unsigned int i = 0; i < hInfo->HandleCount; ++i) 221 | { 222 | //a variable to store the number of handles OUR cheat has open. 223 | static DWORD NumOfOpenHandles; 224 | 225 | //get the amount of outgoing handles OUR cheat has open 226 | GetProcessHandleCount(GetCurrentProcess(), &NumOfOpenHandles); 227 | 228 | //you can do a higher number if this is triggering false positives. Its just to make sure we dont fuck up and create thousands of handles 229 | if (NumOfOpenHandles > 50) 230 | { 231 | procHandle ? CloseHandle(procHandle) : 0; 232 | } 233 | 234 | //check if the current handle is valid, otherwise increment i and check the next handle 235 | if (!IsHandleValid((HANDLE)hInfo->Handles[i].Handle)) 236 | { 237 | continue; 238 | } 239 | 240 | //check the handle type is 0x7 meaning a process handle so we dont hijack a file handle for example 241 | if (hInfo->Handles[i].ObjectTypeNumber != ProcessHandleType) 242 | { 243 | continue; 244 | } 245 | 246 | 247 | //set clientID to a pointer to the process with the handle to out target 248 | clientID.UniqueProcess = (DWORD*)hInfo->Handles[i].ProcessId; 249 | 250 | //if procHandle is open, close it 251 | procHandle ? CloseHandle(procHandle) : 0; 252 | 253 | //create a a handle with duplicate only permissions to the process with a handle to our target. NOT OUR TARGET. 254 | NtRet = NtOpenProcess(&procHandle, PROCESS_DUP_HANDLE, &Obj_Attribute, &clientID); 255 | if (!IsHandleValid(procHandle) || !NT_SUCCESS(NtRet)) //check is the funcions succeeded and check the handle is valid 256 | { 257 | continue; 258 | } 259 | 260 | 261 | //we duplicate the handle another process has to our target into our cheat with whatever permissions we want. I did all access. 262 | NtRet = NtDuplicateObject(procHandle, (HANDLE)hInfo->Handles[i].Handle, NtCurrentProcess, &HijackedHandle, PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_DUP_HANDLE, 0, 0); 263 | if (!IsHandleValid(HijackedHandle) || !NT_SUCCESS(NtRet))//check is the funcions succeeded and check the handle is valid 264 | { 265 | 266 | continue; 267 | } 268 | 269 | //get the process id of the handle we duplicated and check its to our target 270 | if (GetProcessId(HijackedHandle) != dwTargetProcessId) { 271 | CloseHandle(HijackedHandle); 272 | continue; 273 | } 274 | 275 | 276 | 277 | hProcess = HijackedHandle; 278 | 279 | break; 280 | } 281 | 282 | procHandle ? CloseHandle(procHandle) : 0; 283 | 284 | return hProcess; 285 | } 286 | } 287 | -------------------------------------------------------------------------------- /memory-external/memory/memory.cpp: -------------------------------------------------------------------------------- 1 | #include "memory.hpp" 2 | #include 3 | #include "handle_hijack.hpp" 4 | 5 | uint32_t pProcess::FindProcessIdByProcessName(const char* ProcessName) 6 | { 7 | std::wstring wideProcessName; 8 | int wideCharLength = MultiByteToWideChar(CP_UTF8, 0, ProcessName, -1, nullptr, 0); 9 | if (wideCharLength > 0) 10 | { 11 | wideProcessName.resize(wideCharLength); 12 | MultiByteToWideChar(CP_UTF8, 0, ProcessName, -1, &wideProcessName[0], wideCharLength); 13 | } 14 | 15 | HANDLE hPID = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); 16 | PROCESSENTRY32W process_entry_{ }; 17 | process_entry_.dwSize = sizeof(PROCESSENTRY32W); 18 | 19 | DWORD pid = 0; 20 | if (Process32FirstW(hPID, &process_entry_)) 21 | { 22 | do 23 | { 24 | if (!wcscmp(process_entry_.szExeFile, wideProcessName.c_str())) 25 | { 26 | pid = process_entry_.th32ProcessID; 27 | break; 28 | } 29 | } while (Process32NextW(hPID, &process_entry_)); 30 | } 31 | CloseHandle(hPID); 32 | return pid; 33 | } 34 | 35 | uint32_t pProcess::FindProcessIdByWindowName(const char* WindowName) 36 | { 37 | DWORD process_id = 0; 38 | HWND windowHandle = FindWindowA(nullptr, WindowName); 39 | if (windowHandle) 40 | GetWindowThreadProcessId(windowHandle, &process_id); 41 | return process_id; 42 | } 43 | 44 | HWND pProcess::GetWindowHandleFromProcessId(DWORD ProcessId) { 45 | HWND hwnd = NULL; 46 | do { 47 | hwnd = FindWindowEx(NULL, hwnd, NULL, NULL); 48 | DWORD pid = 0; 49 | GetWindowThreadProcessId(hwnd, &pid); 50 | if (pid == ProcessId) { 51 | TCHAR windowTitle[MAX_PATH]; 52 | GetWindowText(hwnd, windowTitle, MAX_PATH); 53 | if (IsWindowVisible(hwnd) && windowTitle[0] != '\0') { 54 | return hwnd; 55 | } 56 | } 57 | } while (hwnd != NULL); 58 | return NULL; // No main window found for the given process ID 59 | } 60 | 61 | HANDLE OpenProcessNt(DWORD dwDesiredAccess, BOOL bInheritHandle, 62 | DWORD dwProcessId) { 63 | // At last is same with "OpenProcess", but we call NativeAPI instead of WindowsAPI directly. 64 | HANDLE hProcess = 0; 65 | _NtOpenProcess NtOpenProcess = (_NtOpenProcess)GetProcAddress( 66 | GetModuleHandleA("ntdll.dll"), "NtOpenProcess"); 67 | CLIENT_ID clientId = {(HANDLE)dwProcessId, NULL}; 68 | OBJECT_ATTRIBUTES objAttr = hj::InitObjectAttributes(NULL, 0, NULL, NULL); 69 | NtOpenProcess(&hProcess, dwDesiredAccess, 70 | &objAttr, &clientId); 71 | return hProcess; 72 | } 73 | 74 | bool pProcess::AttachProcess(const char* ProcessName) 75 | { 76 | this->pid_ = this->FindProcessIdByProcessName(ProcessName); 77 | 78 | if (pid_) 79 | { 80 | HMODULE modules[0xFF]; 81 | MODULEINFO module_info; 82 | DWORD _; 83 | 84 | handle_ = OpenProcessNt(PROCESS_QUERY_INFORMATION |PROCESS_VM_OPERATION | 85 | PROCESS_VM_READ,FALSE, pid_); 86 | 87 | EnumProcessModulesEx(this->handle_, modules, sizeof(modules), &_, LIST_MODULES_64BIT); 88 | base_client_.base = (uintptr_t)modules[0]; 89 | 90 | GetModuleInformation(this->handle_, modules[0], &module_info, sizeof(module_info)); 91 | base_client_.size = module_info.SizeOfImage; 92 | 93 | hwnd_ = this->GetWindowHandleFromProcessId(pid_); 94 | 95 | return true; 96 | } 97 | 98 | return false; 99 | } 100 | 101 | bool pProcess::AttachProcessHj(const char* ProcessName) 102 | { 103 | this->pid_ = this->FindProcessIdByProcessName(ProcessName); 104 | 105 | if (pid_) 106 | { 107 | HMODULE modules[0xFF]; 108 | MODULEINFO module_info; 109 | DWORD _; 110 | 111 | 112 | // Using Apxaey's handle hijack function to safely open a handle 113 | handle_ = hj::HijackExistingHandle(pid_); 114 | 115 | if (!hj::IsHandleValid(handle_)) 116 | { 117 | std::cout << "[cheat] Handle Hijack failed, falling back to OpenProcess method." << std::endl; 118 | return pProcess::AttachProcess(ProcessName); // Handle hijacking failed, so we fall back to the normal OpenProcess method 119 | } 120 | 121 | EnumProcessModulesEx(this->handle_, modules, sizeof(modules), &_, LIST_MODULES_64BIT); 122 | base_client_.base = (uintptr_t)modules[0]; 123 | 124 | GetModuleInformation(this->handle_, modules[0], &module_info, sizeof(module_info)); 125 | base_client_.size = module_info.SizeOfImage; 126 | 127 | hwnd_ = this->GetWindowHandleFromProcessId(pid_); 128 | 129 | return true; 130 | } 131 | 132 | return false; 133 | } 134 | 135 | 136 | bool pProcess::AttachWindow(const char* WindowName) 137 | { 138 | this->pid_ = this->FindProcessIdByWindowName(WindowName); 139 | 140 | if (pid_) 141 | { 142 | HMODULE modules[0xFF]; 143 | MODULEINFO module_info; 144 | DWORD _; 145 | 146 | handle_ = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid_); 147 | 148 | EnumProcessModulesEx(this->handle_, modules, sizeof(modules), &_, LIST_MODULES_64BIT); 149 | base_client_.base = (uintptr_t)modules[0]; 150 | 151 | GetModuleInformation(this->handle_, modules[0], &module_info, sizeof(module_info)); 152 | base_client_.size = module_info.SizeOfImage; 153 | 154 | hwnd_ = this->GetWindowHandleFromProcessId(pid_); 155 | 156 | return true; 157 | } 158 | return false; 159 | } 160 | 161 | bool pProcess::UpdateHWND() 162 | { 163 | hwnd_ = this->GetWindowHandleFromProcessId(pid_); 164 | return hwnd_ == nullptr; 165 | } 166 | 167 | ProcessModule pProcess::GetModule(const char* lModule) 168 | { 169 | std::wstring wideModule; 170 | int wideCharLength = MultiByteToWideChar(CP_UTF8, 0, lModule, -1, nullptr, 0); 171 | if (wideCharLength > 0) 172 | { 173 | wideModule.resize(wideCharLength); 174 | MultiByteToWideChar(CP_UTF8, 0, lModule, -1, &wideModule[0], wideCharLength); 175 | } 176 | 177 | HANDLE handle_module = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid_); 178 | MODULEENTRY32W module_entry_{}; 179 | module_entry_.dwSize = sizeof(MODULEENTRY32W); 180 | 181 | do 182 | { 183 | if (!wcscmp(module_entry_.szModule, wideModule.c_str())) 184 | { 185 | CloseHandle(handle_module); 186 | return { (DWORD_PTR)module_entry_.modBaseAddr, module_entry_.dwSize }; 187 | } 188 | } while (Module32NextW(handle_module, &module_entry_)); 189 | 190 | CloseHandle(handle_module); 191 | return { 0, 0 }; 192 | } 193 | 194 | LPVOID pProcess::Allocate(size_t size_in_bytes) 195 | { 196 | return VirtualAllocEx(this->handle_, NULL, size_in_bytes, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 197 | } 198 | 199 | uintptr_t pProcess::FindSignature(std::vector signature) 200 | { 201 | std::unique_ptr data; 202 | data = std::make_unique(this->base_client_.size); 203 | 204 | if (!ReadProcessMemory(this->handle_, (void*)(this->base_client_.base), data.get(), this->base_client_.size, NULL)) { 205 | return 0x0; 206 | } 207 | 208 | for (uintptr_t i = 0; i < this->base_client_.size; i++) 209 | { 210 | for (uintptr_t j = 0; j < signature.size(); j++) 211 | { 212 | if (signature.at(j) == 0x00) 213 | continue; 214 | 215 | if (*reinterpret_cast(reinterpret_cast(&data[i + j])) == signature.at(j)) 216 | { 217 | if (j == signature.size() - 1) 218 | return this->base_client_.base + i; 219 | continue; 220 | } 221 | break; 222 | } 223 | } 224 | return 0x0; 225 | } 226 | 227 | uintptr_t pProcess::FindSignature(ProcessModule target_module, std::vector signature) 228 | { 229 | std::unique_ptr data; 230 | data = std::make_unique(0xFFFFFFF); 231 | 232 | if (!ReadProcessMemory(this->handle_, (void*)(target_module.base), data.get(), 0xFFFFFFF, NULL)) { 233 | return NULL; 234 | } 235 | 236 | for (uintptr_t i = 0; i < 0xFFFFFFF; i++) 237 | { 238 | for (uintptr_t j = 0; j < signature.size(); j++) 239 | { 240 | if (signature.at(j) == 0x00) 241 | continue; 242 | 243 | if (*reinterpret_cast(reinterpret_cast(&data[i + j])) == signature.at(j)) 244 | { 245 | if (j == signature.size() - 1) 246 | return this->base_client_.base + i; 247 | continue; 248 | } 249 | break; 250 | } 251 | } 252 | return 0x0; 253 | } 254 | 255 | uintptr_t pProcess::FindCodeCave(uint32_t length_in_bytes) 256 | { 257 | std::vector cave_pattern = {}; 258 | 259 | for (uint32_t i = 0; i < length_in_bytes; i++) { 260 | cave_pattern.push_back(0x00); 261 | } 262 | 263 | return FindSignature(cave_pattern); 264 | } 265 | 266 | void pProcess::Close() 267 | { 268 | CloseHandle(handle_); 269 | } -------------------------------------------------------------------------------- /memory-external/memory/memory.hpp: -------------------------------------------------------------------------------- 1 | #ifndef _PPROCESS_HPP_ 2 | #define _PPROCESS_HPP_ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | typedef NTSTATUS(WINAPI* pNtReadVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG NumberOfBytesToRead, PULONG NumberOfBytesRead); 13 | typedef NTSTATUS(WINAPI* pNtWriteVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG NumberOfBytesToWrite, PULONG NumberOfBytesWritten); 14 | 15 | class pMemory { 16 | 17 | public: 18 | pMemory() { 19 | pfnNtReadVirtualMemory = (pNtReadVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtReadVirtualMemory"); 20 | pfnNtWriteVirtualMemory = (pNtWriteVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtWriteVirtualMemory"); 21 | } 22 | 23 | pNtReadVirtualMemory pfnNtReadVirtualMemory; 24 | pNtWriteVirtualMemory pfnNtWriteVirtualMemory; 25 | }; 26 | 27 | struct ProcessModule 28 | { 29 | uintptr_t base, size; 30 | }; 31 | 32 | class pProcess 33 | { 34 | public: 35 | DWORD pid_; // process id 36 | HANDLE handle_; // handle to process 37 | HWND hwnd_; // window handle 38 | ProcessModule base_client_; 39 | 40 | public: 41 | bool AttachProcess(const char* process_name); 42 | bool AttachProcessHj(const char* process_name); 43 | bool AttachWindow(const char* window_name); 44 | bool UpdateHWND(); 45 | void Close(); 46 | 47 | public: 48 | ProcessModule GetModule(const char* module_name); 49 | LPVOID Allocate(size_t size_in_bytes); 50 | uintptr_t FindCodeCave(uint32_t length_in_bytes); 51 | uintptr_t FindSignature(std::vector signature); 52 | uintptr_t FindSignature(ProcessModule target_module, std::vector signature); 53 | 54 | template 55 | uintptr_t ReadOffsetFromSignature(std::vector signature, uint8_t offset) // offset example: "FF 05 ->22628B01<-" offset is 2 56 | { 57 | uintptr_t pattern_address = this->FindSignature(signature); 58 | if (!pattern_address) 59 | return 0x0; 60 | 61 | T offset_value = this->read(pattern_address + offset); 62 | return pattern_address + offset_value + offset + sizeof(T); 63 | } 64 | 65 | bool read_raw(uintptr_t address, void* buffer, size_t size) 66 | { 67 | SIZE_T bytesRead; 68 | pMemory cMemory; 69 | 70 | if (cMemory.pfnNtReadVirtualMemory(this->handle_, (PVOID)(address), buffer, static_cast(size), (PULONG)&bytesRead)) 71 | { 72 | return bytesRead == size; 73 | } 74 | return false; 75 | } 76 | 77 | template 78 | void write(uintptr_t address, T value) 79 | { 80 | pMemory cMemory; 81 | cMemory.pfnNtWriteVirtualMemory(handle_, (void*)address, &value, sizeof(T), 0); 82 | } 83 | 84 | template 85 | T read(uintptr_t address) 86 | { 87 | T buffer{}; 88 | pMemory cMemory; 89 | 90 | cMemory.pfnNtReadVirtualMemory(handle_, (void*)address, &buffer, sizeof(T), 0); 91 | return buffer; 92 | } 93 | 94 | void write_bytes(uintptr_t addr, std::vector patch) 95 | { 96 | pMemory cMemory; 97 | cMemory.pfnNtWriteVirtualMemory(handle_, (void*)addr, &patch[0], patch.size(), 0); 98 | } 99 | 100 | uintptr_t read_multi_address(uintptr_t ptr, std::vector offsets) 101 | { 102 | uintptr_t buffer = ptr; 103 | for (int i = 0; i < offsets.size(); i++) 104 | buffer = this->read(buffer + offsets[i]); 105 | 106 | return buffer; 107 | } 108 | 109 | template 110 | T read_multi(uintptr_t base, std::vector offsets) { 111 | uintptr_t buffer = base; 112 | for (int i = 0; i < offsets.size() - 1; i++) 113 | { 114 | buffer = this->read(buffer + offsets[i]); 115 | } 116 | return this->read(buffer + offsets.back()); 117 | } 118 | 119 | private: 120 | uint32_t FindProcessIdByProcessName(const char* process_name); 121 | uint32_t FindProcessIdByWindowName(const char* window_name); 122 | HWND GetWindowHandleFromProcessId(DWORD ProcessId); 123 | }; 124 | #endif -------------------------------------------------------------------------------- /offsets/offsets.json: -------------------------------------------------------------------------------- 1 | { 2 | "build_number": 14083, 3 | "dwBuildNumber": 5512164, 4 | "dwEntityList": 27262536, 5 | "dwLocalPlayer": 25510096, 6 | "dwPlantedC4": 27713688, 7 | "dwViewMatrix": 27693008, 8 | "m_ArmorValue": 9244, 9 | "m_bIsDefusing": 9194, 10 | "m_flC4Blow": 4032, 11 | "m_flFlashOverlayAlpha": 5120, 12 | "m_flNextBeep": 4028, 13 | "m_flTimerLength": 4040, 14 | "m_hPlayerPawn": 2084, 15 | "m_iAccount": 64, 16 | "m_iHealth": 836, 17 | "m_iTeamNum": 995, 18 | "m_pClippingWeapon": 5024, 19 | "m_pGameSceneNode": 808, 20 | "m_pInGameMoneyServices": 1824, 21 | "m_sSanitizedPlayerName": 1912, 22 | "m_szName": 3360, 23 | "m_vOldOrigin": 4900, 24 | "m_vecAbsOrigin": 208, 25 | "dwLocalPlayerController": 27584624 26 | } -------------------------------------------------------------------------------- /offsets/update_offsets.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | import json 4 | import re 5 | import os 6 | 7 | urls = { 8 | "commits": "https://api.github.com/repos/a2x/cs2-dumper/commits", 9 | "offsets": "https://raw.githubusercontent.com/a2x/cs2-dumper/main/output/offsets.json", 10 | "client_dll": "https://github.com/a2x/cs2-dumper/raw/refs/heads/main/output/client_dll.json", 11 | } 12 | 13 | def get_build_number(): 14 | response = requests.get(urls["commits"]) 15 | if response.status_code == 200: 16 | commit_data = response.json() 17 | if commit_data: 18 | for commit in commit_data: 19 | commit_message = commit['commit']['message'] 20 | build_match = re.search(r'\bGame [Uu]pdate \((\d+)(?: \(\d+\))?\b', commit_message) 21 | if build_match: 22 | return int(build_match.group(1)) 23 | return 0 24 | 25 | def get_raw_file(url): 26 | response = requests.get(url) 27 | if response.status_code == 200: 28 | return response.json() 29 | return None 30 | 31 | def get_path(): 32 | if os.path.isfile("./offsets/offsets.json"): 33 | return "./offsets/offsets.json" 34 | elif os.path.isfile("./offsets.json"): 35 | return "./offsets.json" 36 | else: 37 | return None 38 | 39 | dest_path = get_path() 40 | 41 | if not dest_path: 42 | print("Invalid path for 'offsets.json'") 43 | exit(1) 44 | 45 | build_number = get_build_number() 46 | 47 | if build_number == 0: 48 | print("Could not find the latest build number.") 49 | exit(1) 50 | 51 | offsets = get_raw_file(urls["offsets"]) 52 | 53 | if not offsets: 54 | print("Could not find the latest offsets.") 55 | exit(1) 56 | 57 | with open(dest_path, 'r') as dest_file: 58 | offsets_json = json.load(dest_file) 59 | 60 | print(f"Current build number: {offsets_json['build_number']} vs Latest build number: {build_number}") 61 | 62 | if offsets_json["build_number"] == int(build_number): 63 | print(f"There are no updates in the remote repository after {build_number}.") 64 | print("Comparing the offsets in the local offsets (dwLocalPlayer/dwViewMatrix) with the remote repository.") 65 | 66 | valid = offsets_json["dwLocalPlayer"] == offsets["client.dll"]["dwLocalPlayerPawn"] and \ 67 | offsets_json["dwViewMatrix"] == offsets["client.dll"]["dwViewMatrix"] 68 | 69 | # Exit so we know that there hasnt been any updates and the current offsets are up to date 70 | if valid: 71 | print("Local offsets are up to date.") 72 | exit(1) 73 | 74 | print("Local offsets (dwLocalPlayer/dwViewMatrix) are outdated, pulling the latest offsets.") 75 | 76 | offsets_json["build_number"] = int(build_number) 77 | 78 | offsets_json["dwBuildNumber"] = offsets["engine2.dll"]["dwBuildNumber"] 79 | offsets_json["dwLocalPlayer"] = offsets["client.dll"]["dwLocalPlayerPawn"] 80 | offsets_json["dwLocalPlayerController"] = offsets["client.dll"]["dwLocalPlayerController"] 81 | offsets_json["dwEntityList"] = offsets["client.dll"]["dwEntityList"] 82 | offsets_json["dwViewMatrix"] = offsets["client.dll"]["dwViewMatrix"] 83 | offsets_json["dwPlantedC4"] = offsets["client.dll"]["dwPlantedC4"] 84 | 85 | client = get_raw_file(urls["client_dll"]) 86 | 87 | if not client: 88 | print("Could not find the latest client.dll.") 89 | exit(1) 90 | 91 | client_json_base = client["client.dll"]["classes"] 92 | 93 | offsets_json["m_bIsDefusing"] = client_json_base["C_CSPlayerPawn"]["fields"]["m_bIsDefusing"] 94 | offsets_json["m_ArmorValue"] = client_json_base["C_CSPlayerPawn"]["fields"]["m_ArmorValue"] 95 | 96 | offsets_json["m_pClippingWeapon"] = client_json_base["C_CSPlayerPawnBase"]["fields"]["m_pClippingWeapon"] 97 | offsets_json["m_flFlashOverlayAlpha"] = client_json_base["C_CSPlayerPawnBase"]["fields"]["m_flFlashOverlayAlpha"] 98 | 99 | offsets_json["m_flC4Blow"] = client_json_base["C_PlantedC4"]["fields"]["m_flC4Blow"] 100 | offsets_json["m_flNextBeep"] = client_json_base["C_PlantedC4"]["fields"]["m_flNextBeep"] 101 | offsets_json["m_flTimerLength"] = client_json_base["C_PlantedC4"]["fields"]["m_flTimerLength"] 102 | 103 | offsets_json["m_hPlayerPawn"] = client_json_base["CCSPlayerController"]["fields"]["m_hPlayerPawn"] 104 | offsets_json["m_iAccount"] = client_json_base["CCSPlayerController_InGameMoneyServices"]["fields"]["m_iAccount"] 105 | offsets_json["m_pInGameMoneyServices"] = client_json_base["CCSPlayerController"]["fields"]["m_pInGameMoneyServices"] 106 | offsets_json["m_sSanitizedPlayerName"] = client_json_base["CCSPlayerController"]["fields"]["m_sSanitizedPlayerName"] 107 | 108 | offsets_json["m_iHealth"] = client_json_base["C_BaseEntity"]["fields"]["m_iHealth"] 109 | offsets_json["m_iTeamNum"] = client_json_base["C_BaseEntity"]["fields"]["m_iTeamNum"] 110 | offsets_json["m_pGameSceneNode"] = client_json_base["C_BaseEntity"]["fields"]["m_pGameSceneNode"] 111 | 112 | offsets_json["m_szName"] = client_json_base["CCSWeaponBaseVData"]["fields"]["m_szName"] 113 | offsets_json["m_vOldOrigin"] = client_json_base["C_BasePlayerPawn"]["fields"]["m_vOldOrigin"] 114 | offsets_json["m_vecAbsOrigin"] = client_json_base["CGameSceneNode"]["fields"]["m_vecAbsOrigin"] 115 | 116 | with open(dest_path, 'w') as dest_file: 117 | json.dump(offsets_json, dest_file, indent=4) 118 | 119 | print("Offsets updated in the local file.") # We dont exit so we know that the game has been updated and that we have to commit the new offsets 120 | --------------------------------------------------------------------------------