├── CSGO KERNEL HACK.sln
├── CSGO KERNEL HACK
    ├── CSGO KERNEL HACK.vcxproj
    ├── CSGO KERNEL HACK.vcxproj.filters
    ├── CSGOKERNELHACK.inf
    ├── Headers.h
    ├── Main.cpp
    ├── cheat.h
    ├── imports.h
    ├── mem.h
    └── sdk.cpp
└── README.md


/CSGO KERNEL HACK.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.32407.337
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CSGO KERNEL HACK", "CSGO KERNEL HACK\CSGO KERNEL HACK.vcxproj", "{97877169-E347-4BE8-ABB0-3C1781DF6ACF}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|ARM = Debug|ARM
11 | 		Debug|ARM64 = Debug|ARM64
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|ARM = Release|ARM
15 | 		Release|ARM64 = Release|ARM64
16 | 		Release|x64 = Release|x64
17 | 		Release|x86 = Release|x86
18 | 	EndGlobalSection
19 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
20 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|ARM.ActiveCfg = Debug|ARM
21 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|ARM.Build.0 = Debug|ARM
22 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|ARM.Deploy.0 = Debug|ARM
23 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|ARM64.ActiveCfg = Debug|ARM64
24 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|ARM64.Build.0 = Debug|ARM64
25 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|ARM64.Deploy.0 = Debug|ARM64
26 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|x64.Build.0 = Debug|x64
28 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|x64.Deploy.0 = Debug|x64
29 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|x86.Build.0 = Debug|Win32
31 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Debug|x86.Deploy.0 = Debug|Win32
32 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|ARM.ActiveCfg = Release|ARM
33 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|ARM.Build.0 = Release|ARM
34 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|ARM.Deploy.0 = Release|ARM
35 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|ARM64.ActiveCfg = Release|ARM64
36 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|ARM64.Build.0 = Release|ARM64
37 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|ARM64.Deploy.0 = Release|ARM64
38 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|x64.ActiveCfg = Release|x64
39 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|x64.Build.0 = Release|x64
40 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|x64.Deploy.0 = Release|x64
41 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|x86.ActiveCfg = Release|Win32
42 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|x86.Build.0 = Release|Win32
43 | 		{97877169-E347-4BE8-ABB0-3C1781DF6ACF}.Release|x86.Deploy.0 = Release|Win32
44 | 	EndGlobalSection
45 | 	GlobalSection(SolutionProperties) = preSolution
46 | 		HideSolutionNode = FALSE
47 | 	EndGlobalSection
48 | 	GlobalSection(ExtensibilityGlobals) = postSolution
49 | 		SolutionGuid = {2F5706AF-AD87-4ED7-8CB3-4730BCB7E3BE}
50 | 	EndGlobalSection
51 | EndGlobal
52 | 


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/CSGO KERNEL HACK.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |     <ProjectConfiguration Include="Debug|ARM">
 21 |       <Configuration>Debug</Configuration>
 22 |       <Platform>ARM</Platform>
 23 |     </ProjectConfiguration>
 24 |     <ProjectConfiguration Include="Release|ARM">
 25 |       <Configuration>Release</Configuration>
 26 |       <Platform>ARM</Platform>
 27 |     </ProjectConfiguration>
 28 |     <ProjectConfiguration Include="Debug|ARM64">
 29 |       <Configuration>Debug</Configuration>
 30 |       <Platform>ARM64</Platform>
 31 |     </ProjectConfiguration>
 32 |     <ProjectConfiguration Include="Release|ARM64">
 33 |       <Configuration>Release</Configuration>
 34 |       <Platform>ARM64</Platform>
 35 |     </ProjectConfiguration>
 36 |   </ItemGroup>
 37 |   <PropertyGroup Label="Globals">
 38 |     <ProjectGuid>{97877169-E347-4BE8-ABB0-3C1781DF6ACF}</ProjectGuid>
 39 |     <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
 40 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 41 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 42 |     <Configuration>Debug</Configuration>
 43 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 44 |     <RootNamespace>CSGO_KERNEL_HACK</RootNamespace>
 45 |     <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
 46 |   </PropertyGroup>
 47 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 49 |     <TargetVersion>Windows10</TargetVersion>
 50 |     <UseDebugLibraries>true</UseDebugLibraries>
 51 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 52 |     <ConfigurationType>Driver</ConfigurationType>
 53 |     <DriverType>KMDF</DriverType>
 54 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 55 |   </PropertyGroup>
 56 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 57 |     <TargetVersion>Windows10</TargetVersion>
 58 |     <UseDebugLibraries>false</UseDebugLibraries>
 59 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 60 |     <ConfigurationType>Driver</ConfigurationType>
 61 |     <DriverType>KMDF</DriverType>
 62 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 63 |   </PropertyGroup>
 64 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 65 |     <TargetVersion>Windows10</TargetVersion>
 66 |     <UseDebugLibraries>true</UseDebugLibraries>
 67 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 68 |     <ConfigurationType>Driver</ConfigurationType>
 69 |     <DriverType>KMDF</DriverType>
 70 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 71 |   </PropertyGroup>
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 73 |     <TargetVersion>Windows10</TargetVersion>
 74 |     <UseDebugLibraries>false</UseDebugLibraries>
 75 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 76 |     <ConfigurationType>Driver</ConfigurationType>
 77 |     <DriverType>KMDF</DriverType>
 78 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 79 |     <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
 82 |     <TargetVersion>Windows10</TargetVersion>
 83 |     <UseDebugLibraries>true</UseDebugLibraries>
 84 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 85 |     <ConfigurationType>Driver</ConfigurationType>
 86 |     <DriverType>KMDF</DriverType>
 87 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 88 |   </PropertyGroup>
 89 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
 90 |     <TargetVersion>Windows10</TargetVersion>
 91 |     <UseDebugLibraries>false</UseDebugLibraries>
 92 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 93 |     <ConfigurationType>Driver</ConfigurationType>
 94 |     <DriverType>KMDF</DriverType>
 95 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
 96 |   </PropertyGroup>
 97 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
 98 |     <TargetVersion>Windows10</TargetVersion>
 99 |     <UseDebugLibraries>true</UseDebugLibraries>
100 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
101 |     <ConfigurationType>Driver</ConfigurationType>
102 |     <DriverType>KMDF</DriverType>
103 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
104 |   </PropertyGroup>
105 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
106 |     <TargetVersion>Windows10</TargetVersion>
107 |     <UseDebugLibraries>false</UseDebugLibraries>
108 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
109 |     <ConfigurationType>Driver</ConfigurationType>
110 |     <DriverType>KMDF</DriverType>
111 |     <DriverTargetPlatform>Universal</DriverTargetPlatform>
112 |   </PropertyGroup>
113 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
114 |   <ImportGroup Label="ExtensionSettings">
115 |   </ImportGroup>
116 |   <ImportGroup Label="PropertySheets">
117 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
118 |   </ImportGroup>
119 |   <PropertyGroup Label="UserMacros" />
120 |   <PropertyGroup />
121 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
122 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
123 |   </PropertyGroup>
124 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
125 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
126 |   </PropertyGroup>
127 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
128 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
129 |   </PropertyGroup>
130 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
131 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
132 |   </PropertyGroup>
133 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
134 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
135 |   </PropertyGroup>
136 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
137 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
138 |   </PropertyGroup>
139 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
140 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
141 |   </PropertyGroup>
142 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
143 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
144 |   </PropertyGroup>
145 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
146 |     <DriverSign>
147 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
148 |     </DriverSign>
149 |   </ItemDefinitionGroup>
150 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
151 |     <DriverSign>
152 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
153 |     </DriverSign>
154 |   </ItemDefinitionGroup>
155 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
156 |     <DriverSign>
157 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
158 |     </DriverSign>
159 |   </ItemDefinitionGroup>
160 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
161 |     <DriverSign>
162 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
163 |     </DriverSign>
164 |     <ClCompile>
165 |       <LanguageStandard>stdcpp17</LanguageStandard>
166 |     </ClCompile>
167 |     <Link>
168 |       <AdditionalDependencies>%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)ntoskrnl.lib;$(DDK_LIB_PATH)hal.lib;$(DDK_LIB_PATH)wmilib.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfLdr.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfDriverEntry.lib;$(DDK_LIB_PATH)\libcntpr.lib</AdditionalDependencies>
169 |     </Link>
170 |   </ItemDefinitionGroup>
171 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
172 |     <DriverSign>
173 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
174 |     </DriverSign>
175 |   </ItemDefinitionGroup>
176 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
177 |     <DriverSign>
178 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
179 |     </DriverSign>
180 |   </ItemDefinitionGroup>
181 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
182 |     <DriverSign>
183 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
184 |     </DriverSign>
185 |   </ItemDefinitionGroup>
186 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
187 |     <DriverSign>
188 |       <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
189 |     </DriverSign>
190 |   </ItemDefinitionGroup>
191 |   <ItemGroup>
192 |     <Inf Include="CSGOKERNELHACK.inf" />
193 |   </ItemGroup>
194 |   <ItemGroup>
195 |     <FilesToPackage Include="$(TargetPath)" />
196 |   </ItemGroup>
197 |   <ItemGroup>
198 |     <ClCompile Include="sdk.cpp" />
199 |     <ClCompile Include="Main.cpp" />
200 |   </ItemGroup>
201 |   <ItemGroup>
202 |     <ClInclude Include="Headers.h" />
203 |     <ClInclude Include="mem.h" />
204 |     <ClInclude Include="cheat.h" />
205 |     <ClInclude Include="imports.h" />
206 |   </ItemGroup>
207 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
208 |   <ImportGroup Label="ExtensionTargets">
209 |   </ImportGroup>
210 | </Project>


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/CSGO KERNEL HACK.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |     <Filter Include="Driver Files">
17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
19 |     </Filter>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <Inf Include="CSGOKERNELHACK.inf">
23 |       <Filter>Driver Files</Filter>
24 |     </Inf>
25 |   </ItemGroup>
26 |   <ItemGroup>
27 |     <ClCompile Include="Main.cpp">
28 |       <Filter>Source Files</Filter>
29 |     </ClCompile>
30 |     <ClCompile Include="sdk.cpp">
31 |       <Filter>Source Files</Filter>
32 |     </ClCompile>
33 |   </ItemGroup>
34 |   <ItemGroup>
35 |     <ClInclude Include="Headers.h">
36 |       <Filter>Header Files</Filter>
37 |     </ClInclude>
38 |     <ClInclude Include="imports.h">
39 |       <Filter>Header Files</Filter>
40 |     </ClInclude>
41 |     <ClInclude Include="cheat.h">
42 |       <Filter>Header Files</Filter>
43 |     </ClInclude>
44 |     <ClInclude Include="mem.h">
45 |       <Filter>Header Files</Filter>
46 |     </ClInclude>
47 |   </ItemGroup>
48 | </Project>


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/CSGOKERNELHACK.inf:
--------------------------------------------------------------------------------
 1 | ;
 2 | ; CSGOKERNELHACK.inf
 3 | ;
 4 | 
 5 | [Version]
 6 | Signature="$WINDOWS NT$"
 7 | Class=System ; TODO: specify appropriate Class
 8 | ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
 9 | Provider=%ManufacturerName%
10 | CatalogFile=CSGOKERNELHACK.cat
11 | DriverVer= ; TODO: set DriverVer in stampinf property pages
12 | PnpLockdown=1
13 | 
14 | [DestinationDirs]
15 | DefaultDestDir = 12
16 | CSGOKERNELHACK_Device_CoInstaller_CopyFiles = 11
17 | 
18 | [SourceDisksNames]
19 | 1 = %DiskName%,,,""
20 | 
21 | [SourceDisksFiles]
22 | CSGOKERNELHACK.sys  = 1,,
23 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
24 | 
25 | ;*****************************************
26 | ; Install Section
27 | ;*****************************************
28 | 
29 | [Manufacturer]
30 | %ManufacturerName%=Standard,NT$ARCH$
31 | 
32 | [Standard.NT$ARCH$]
33 | %CSGOKERNELHACK.DeviceDesc%=CSGOKERNELHACK_Device, Root\CSGOKERNELHACK ; TODO: edit hw-id
34 | 
35 | [CSGOKERNELHACK_Device.NT]
36 | CopyFiles=Drivers_Dir
37 | 
38 | [Drivers_Dir]
39 | CSGOKERNELHACK.sys
40 | 
41 | ;-------------- Service installation
42 | [CSGOKERNELHACK_Device.NT.Services]
43 | AddService = CSGOKERNELHACK,%SPSVCINST_ASSOCSERVICE%, CSGOKERNELHACK_Service_Inst
44 | 
45 | ; -------------- CSGOKERNELHACK driver install sections
46 | [CSGOKERNELHACK_Service_Inst]
47 | DisplayName    = %CSGOKERNELHACK.SVCDESC%
48 | ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
49 | StartType      = 3               ; SERVICE_DEMAND_START
50 | ErrorControl   = 1               ; SERVICE_ERROR_NORMAL
51 | ServiceBinary  = %12%\CSGOKERNELHACK.sys
52 | 
53 | ;
54 | ;--- CSGOKERNELHACK_Device Coinstaller installation ------
55 | ;
56 | 
57 | [CSGOKERNELHACK_Device.NT.CoInstallers]
58 | AddReg=CSGOKERNELHACK_Device_CoInstaller_AddReg
59 | CopyFiles=CSGOKERNELHACK_Device_CoInstaller_CopyFiles
60 | 
61 | [CSGOKERNELHACK_Device_CoInstaller_AddReg]
62 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
63 | 
64 | [CSGOKERNELHACK_Device_CoInstaller_CopyFiles]
65 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
66 | 
67 | [CSGOKERNELHACK_Device.NT.Wdf]
68 | KmdfService =  CSGOKERNELHACK, CSGOKERNELHACK_wdfsect
69 | [CSGOKERNELHACK_wdfsect]
70 | KmdfLibraryVersion = $KMDFVERSION$
71 | 
72 | [Strings]
73 | SPSVCINST_ASSOCSERVICE= 0x00000002
74 | ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
75 | DiskName = "CSGOKERNELHACK Installation Disk"
76 | CSGOKERNELHACK.DeviceDesc = "CSGOKERNELHACK Device"
77 | CSGOKERNELHACK.SVCDESC = "CSGOKERNELHACK Service"
78 | 


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/Headers.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <ntifs.h>
 3 | #include "imports.h"
 4 | 
 5 | inline void kernel_sleep(int ms)
 6 | {
 7 |     LARGE_INTEGER time;
 8 |     time.QuadPart = -(ms) * 10 * 1000;
 9 |     KeDelayExecutionThread(KernelMode, TRUE, &time);
10 | }


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/Main.cpp:
--------------------------------------------------------------------------------
  1 | #include "Headers.h"
  2 | #include "cheat.h"
  3 | 
  4 | HANDLE game_process_id = 0;
  5 | PEPROCESS game_eprocess = NULL;
  6 | 
  7 | PVOID m_client = 0;
  8 | PVOID m_engine = 0;
  9 | 
 10 | KEVENT driver_unload_event;
 11 | 
 12 | HANDLE g_work_thread;
 13 | 
 14 | client g_client;
 15 | 
 16 | void reduce_recoil()
 17 | {
 18 | 	auto clamp_angle = [](Vector3 qaAng) noexcept -> Vector3
 19 | 	{
 20 | 		if (qaAng.x > 89.0f)
 21 | 			qaAng.x = 89.0f;
 22 | 		if (qaAng.x < -89.0f)
 23 | 			qaAng.x = -89.0f;
 24 | 		while (qaAng.y > 180.0f)
 25 | 			qaAng.y -= 360.0f;
 26 | 		while (qaAng.y < -180.0f)
 27 | 			qaAng.y += 360.0f;
 28 | 		qaAng.z = 0;
 29 | 		return qaAng;
 30 | 	};
 31 | 
 32 | 	static Vector3 old_punch_angle;
 33 | 	Vector3 aim_punch_angle = g_client.get_local().get_aim_punch();
 34 | 	Vector3 view_angles = g_client.get_view_angles();
 35 | 
 36 | 	float totalPunch = aim_punch_angle.x + aim_punch_angle.y;
 37 | 	if (totalPunch != 0.f)
 38 | 	{
 39 | 		auto compensatedAngle = Vector3{
 40 | 			((view_angles.x + old_punch_angle.x) - (aim_punch_angle.x * 2.f)),
 41 | 			((view_angles.y + old_punch_angle.y) - (aim_punch_angle.y * 2.f)),0.f
 42 | 		};
 43 | 		auto newAngle = clamp_angle(compensatedAngle);
 44 | 		old_punch_angle = Vector3{ aim_punch_angle.x * 2.f, aim_punch_angle.y * 2.f, 0.f };
 45 | 		g_client.set_view_angles(newAngle);
 46 | 	}
 47 | 	else
 48 | 	{
 49 | 		old_punch_angle = Vector3{ 0.f,0.f,0.f };
 50 | 	}
 51 | }
 52 | 
 53 | 
 54 | void trigger_bot()
 55 | {
 56 | 	ULONG crosshair_id = g_client.get_local().get_crosshair_id();
 57 | 	if (crosshair_id <= 0 || crosshair_id > 65)
 58 | 		return;
 59 | 
 60 | 	crosshair_id -= 1;
 61 | 
 62 | 	entity target = g_client.get_entity(crosshair_id);
 63 | 
 64 | 	if (!target.is_valid_palyer())
 65 | 		return;
 66 | 
 67 | 	if (target.get_team() == g_client.get_local().get_team())
 68 | 		return;
 69 | 
 70 | 	if (target.get_health() <= NULL)
 71 | 		return;
 72 | 
 73 | 	if (g_client.get_force_attack() == 4)
 74 | 		g_client.set_force_attack(6);
 75 | 
 76 | }
 77 | 
 78 | void glow_hack()
 79 | {
 80 | 	entity local = g_client.get_local();
 81 | 
 82 | 	if (!local.is_valid_palyer())
 83 | 		return;
 84 | 
 85 | 	for (ULONG n = 0; n <= 32; n++)
 86 | 	{
 87 | 		entity player = g_client.get_entity(n);
 88 | 
 89 | 		if (!player.is_valid_palyer())
 90 | 			continue;
 91 | 
 92 | 		if (player.get_team() == local.get_team())
 93 | 			continue;
 94 | 
 95 | 		if (player.get_health() <= NULL)
 96 | 			continue;
 97 | 
 98 | 		player.get_glow_mananger().set_glow();
 99 | 	}
100 | 
101 | }
102 | 
103 | 
104 | 
105 | 
106 | VOID work_thread(void* context [[maybe_unused]] )
107 | {
108 | 	while (true)
109 | 	{
110 | 		kernel_sleep(2);
111 | 		if (KeReadStateEvent(&driver_unload_event))
112 | 			break;
113 | 		if (!game_eprocess)
114 | 			continue;
115 | 		if (!m_client || !m_engine)
116 | 			continue;
117 | 		KAPC_STATE apc_state;
118 | 		KeStackAttachProcess(game_eprocess, &apc_state);
119 | 
120 | 		glow_hack();
121 | 
122 | 		trigger_bot();
123 | 
124 | 		reduce_recoil();
125 | 
126 | 		KeUnstackDetachProcess(&apc_state);
127 | 	}
128 | 	PsTerminateSystemThread(0);
129 | }
130 | 
131 | 
132 | VOID load_image_notify([[maybe_unused]] PUNICODE_STRING FullImageName, [[maybe_unused]] HANDLE ProcessId, [[maybe_unused]] PIMAGE_INFO ImageInfo)
133 | {
134 | 	if (game_process_id == ProcessId)
135 | 	{
136 | 		if (wcsstr(FullImageName->Buffer, L"\\csgo\\bin\\client.dll")) {
137 | 			DbgPrintEx(77, 0, "[+] Loaded Name: %ws \n", FullImageName->Buffer);
138 | 			DbgPrintEx(77, 0, "[+] Loaded Base: 0x%llx \n", ImageInfo->ImageBase);
139 | 			DbgPrintEx(77, 0, "[+] Loaded To Process: %d \n", ProcessId);
140 | 			m_client = ImageInfo->ImageBase;
141 | 		}
142 | 		if (wcsstr(FullImageName->Buffer, L"\\bin\\engine.dll")) {
143 | 			DbgPrintEx(77, 0, "[+] Loaded Name: %ws \n", FullImageName->Buffer);
144 | 			DbgPrintEx(77, 0, "[+] Loaded Base: 0x%llx \n", ImageInfo->ImageBase);
145 | 			DbgPrintEx(77, 0, "[+] Loaded To Process: %d \n", ProcessId);
146 | 			m_engine = ImageInfo->ImageBase;
147 | 		}
148 | 
149 | 	}
150 | }
151 | 
152 | VOID create_process_notify(PEPROCESS process, HANDLE process_id, PPS_CREATE_NOTIFY_INFO create_info)
153 | {
154 | 	if (create_info)
155 | 	{
156 | 		PCHAR process_name = PsGetProcessImageFileName(process);
157 | 		if (0 == _stricmp(process_name, "csgo.exe"))
158 | 		{
159 | 			DbgPrintEx(77, 0, "[+] game_process_id: %d \n", process_id);
160 | 			DbgPrintEx(77, 0, "[+] game_eprocess: 0x%llx \n", process);
161 | 			game_process_id = process_id;
162 | 			game_eprocess = process;
163 | 		}
164 | 	}
165 | 	else
166 | 	{
167 | 		if (game_process_id == process_id)
168 | 		{
169 | 			game_process_id = 0;
170 | 			game_eprocess = NULL;
171 | 			m_client = 0;
172 | 			m_engine = 0;
173 | 			DbgPrintEx(77, 0, "[+] game client exit! \n");
174 | 		}
175 | 	}
176 | }
177 | 
178 | EXTERN_C NTSTATUS DriverEntry([[maybe_unused]] PDRIVER_OBJECT drv_obj, [[maybe_unused]] PUNICODE_STRING registry_path)
179 | {
180 | 	drv_obj->DriverUnload = []([[maybe_unused]] PDRIVER_OBJECT drv_obj) noexcept -> VOID
181 | 	{
182 | 
183 | 		KeSetEvent(&driver_unload_event, IO_NO_INCREMENT, FALSE);
184 | 
185 | 		ZwWaitForSingleObject(g_work_thread, FALSE, NULL);
186 | 
187 | 		ZwClose(g_work_thread);
188 | 
189 | 		PsRemoveLoadImageNotifyRoutine(&load_image_notify);
190 | 
191 | 		PsSetCreateProcessNotifyRoutineEx(create_process_notify, TRUE);
192 | 
193 | 		DbgPrintEx(77, 0, "[+] Driver Unload!\n");
194 | 
195 | 		return;
196 | 	};
197 | 	*((ULONG*)drv_obj->DriverSection + 26) |= 0x20ul;
198 | 
199 | 	KeInitializeEvent(&driver_unload_event, NotificationEvent, FALSE);
200 | 
201 | 	PsCreateSystemThread(&g_work_thread, THREAD_ALL_ACCESS, NULL, NULL, NULL, work_thread, NULL);
202 | 
203 | 	PsSetCreateProcessNotifyRoutineEx(create_process_notify, FALSE);
204 | 
205 | 	PsSetLoadImageNotifyRoutine(&load_image_notify);
206 | 
207 | 	DbgPrintEx(77, 0, "[+] Driver Load!\n");
208 | 
209 | 	return STATUS_SUCCESS;
210 | }


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/cheat.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | #include <ntifs.h>
  3 | #include <float.h>
  4 | #include "mem.h"
  5 | 
  6 | constexpr auto dwEntityList = 0x4DDB92C;
  7 | constexpr auto dwLocalPlayer = 0xDBF4CC;
  8 | constexpr auto dwForceAttack = 0x320BE10;
  9 | constexpr auto dwGlowObjectManager = 0x5324588;
 10 | constexpr auto m_iHealth = 0x100;
 11 | constexpr auto m_iTeamNum = 0xF4;
 12 | constexpr auto m_iCrosshairId = 0x11838;
 13 | constexpr auto m_iGlowIndex = 0x10488;
 14 | constexpr auto m_aimPunchAngle = 0x303C;
 15 | constexpr auto dwClientState = 0x58CFDC;
 16 | constexpr auto dwClientState_ViewAngles = 0x4D90;
 17 | 
 18 | struct Vector3
 19 | {
 20 | 	float x = 0; float y = 0; float z = 0;
 21 | 	Vector3 operator+(const Vector3& pos)
 22 | 	{
 23 | 		Vector3 ret;
 24 | 		ret.x = x + pos.x;
 25 | 		ret.y = y + pos.y;
 26 | 		ret.z = z + pos.z;
 27 | 		return ret;
 28 | 	}
 29 | 	Vector3 operator-(const Vector3& pos)
 30 | 	{
 31 | 		Vector3 ret;
 32 | 		ret.x = x - pos.x;
 33 | 		ret.y = y - pos.y;
 34 | 		ret.z = z - pos.z;
 35 | 		return ret;
 36 | 	}
 37 | 	bool operator==(const Vector3& pos)
 38 | 	{
 39 | 		if (pos.x == x && pos.y == y && pos.z == z)
 40 | 			return true;
 41 | 		return false;
 42 | 	}
 43 | 
 44 | 	Vector3() {};
 45 | 
 46 | 	Vector3(float _x, float _y, float _z) noexcept : x{ _x }, y{ _y }, z{ _z } {}
 47 | 
 48 | };
 49 | 
 50 | class glow_mananger
 51 | {
 52 | private:
 53 | 	ULONG64 base;
 54 | 
 55 | public:
 56 | 	glow_mananger() { base = 0; };
 57 | 
 58 | 	glow_mananger(ULONG64 _base) :base(_base) {};
 59 | 
 60 | 	~glow_mananger() {};
 61 | public:
 62 | 	void set_glow();
 63 | };
 64 | 
 65 | class entity
 66 | {
 67 | 
 68 | private:
 69 | 	ULONG64 base;
 70 | 
 71 | public:
 72 | 	entity() { base = 0; };
 73 | 	entity(ULONG64 entitybase) :base(entitybase) {};
 74 | 	~entity() {};
 75 | 
 76 | public:
 77 | 	BOOLEAN is_valid_palyer();
 78 | 
 79 | 	ULONG64 get_base();
 80 | 
 81 | 	ULONG get_health();
 82 | 
 83 | 	ULONG get_team();
 84 | 
 85 | 	ULONG get_crosshair_id();
 86 | 
 87 | 	Vector3 get_aim_punch();
 88 | 
 89 | 	glow_mananger get_glow_mananger();
 90 | };
 91 | 
 92 | class client
 93 | {
 94 | public:
 95 | 	entity get_entity(int index);
 96 | 
 97 | 	entity get_local();
 98 | 
 99 | 	Vector3 get_view_angles();
100 | 
101 | 	void set_view_angles(Vector3 new_view_angles);
102 | 
103 | 	void set_force_attack(int val = 6);
104 | 
105 | 	int get_force_attack();
106 | };
107 | 


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/imports.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include<ntifs.h>
 3 | EXTERN_C NTKERNELAPI
 4 | PIMAGE_NT_HEADERS
 5 | RtlImageNtHeader(
 6 | 	PVOID Base);
 7 | 
 8 | EXTERN_C NTKERNELAPI
 9 | NTSTATUS
10 | MmCopyVirtualMemory(
11 | 	PEPROCESS SourceProcess,
12 | 	PVOID SourceAddress,
13 | 	PEPROCESS TargetProcess,
14 | 	PVOID TargetAddress,
15 | 	SIZE_T BufferSize,
16 | 	KPROCESSOR_MODE PreviousMode,
17 | 	PSIZE_T ReturnSize);
18 | 
19 | EXTERN_C NTKERNELAPI
20 | PVOID
21 | PsGetProcessWow64Process(_In_ PEPROCESS Process);
22 | 
23 | EXTERN_C NTKERNELAPI
24 | PVOID
25 | PsGetProcessPeb(_In_ PEPROCESS Process);
26 | 
27 | EXTERN_C NTKERNELAPI
28 | PVOID
29 | RtlFindExportedRoutineByName(
30 | 	_In_ PVOID ImageBase,
31 | 	_In_ PCCH RoutineName);
32 | 
33 | EXTERN_C NTKERNELAPI
34 | PCHAR
35 | PsGetProcessImageFileName(PEPROCESS Process);


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/mem.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <ntifs.h>
 3 | #include <intrin.h>
 4 | 
 5 | namespace memory
 6 | {
 7 | 	template <typename T>
 8 | 	inline auto read(void* address) -> T
 9 | 	{
10 | 		if(MmIsAddressValid(address))
11 | 		{
12 | 			return *reinterpret_cast<T*>(address);
13 | 		}
14 | 		T ZeroVal;
15 | 		RtlZeroMemory(&ZeroVal, sizeof(T));
16 | 		return ZeroVal;
17 | 	}
18 | 
19 | 	template <typename T>
20 | 	inline void write(void* address,T val)
21 | 	{
22 | 		if (MmIsAddressValid(address))
23 | 		{
24 | 			 *reinterpret_cast<T*>(address) = val;
25 | 		}
26 | 	}
27 | 
28 | 	template <typename T>
29 | 	inline auto read(ULONG64 address) -> T
30 | 	{
31 | 		if (MmIsAddressValid((void*)address))
32 | 		{
33 | 			return *reinterpret_cast<T*>(address);
34 | 		}
35 | 		T ZeroVal;
36 | 		RtlZeroMemory(&ZeroVal,sizeof(T));
37 | 		return ZeroVal;
38 | 	}
39 | 
40 | 	template <typename T>
41 | 	inline void write(ULONG64 address, T val)
42 | 	{
43 | 		if (MmIsAddressValid((void*)address))
44 | 		{
45 | 			*reinterpret_cast<T*>(address) = val;
46 | 		}
47 | 	}
48 | 
49 | 
50 | 	inline bool read(void* address,void* buffer,size_t len)
51 | 	{
52 | 		if (MmIsAddressValid(address) && MmIsAddressValid(buffer))
53 | 		{
54 | 			RtlCopyMemory(buffer, address, len);
55 | 			return true;
56 | 		}
57 | 		return false;
58 | 	}
59 | 
60 | 	inline bool write(void* address, void* buffer, size_t len)
61 | 	{
62 | 		if (MmIsAddressValid(address) && MmIsAddressValid(buffer))
63 | 		{
64 | 			RtlCopyMemory(address, buffer,len);
65 | 			return true;
66 | 		}
67 | 		return false;
68 | 	}
69 | 
70 | }
71 | 


--------------------------------------------------------------------------------
/CSGO KERNEL HACK/sdk.cpp:
--------------------------------------------------------------------------------
 1 | #include "cheat.h"
 2 | extern PVOID m_client;
 3 | extern PVOID m_engine;
 4 | 
 5 | void glow_mananger::set_glow()
 6 | {
 7 | 	if (!base) return;
 8 | 	memory::write<float>((base + 0xC), 1.f);
 9 | 	memory::write<float>((base + 0x14), 1.f);
10 | 	memory::write<bool>((base + 0x28), true);
11 | 	memory::write<bool>((base + 0x29), false);
12 | }
13 | 
14 | BOOLEAN entity::is_valid_palyer()
15 | {
16 | 	return (base != NULL);
17 | }
18 | 
19 | ULONG64 entity::get_base() {
20 | 	return base;
21 | }
22 | 
23 | ULONG entity::get_health() {
24 | 	if (!base) return NULL;
25 | 	return memory::read<ULONG>(base + m_iHealth);
26 | }
27 | 
28 | ULONG entity::get_team() {
29 | 	if (!base) return NULL;
30 | 	return memory::read<ULONG>(base + m_iTeamNum);
31 | }
32 | 
33 | ULONG entity::get_crosshair_id() {
34 | 	if (!base) return NULL;
35 | 	return memory::read<ULONG>(base + m_iCrosshairId);
36 | }
37 | 
38 | Vector3 entity::get_aim_punch() {
39 | 	if (!base) return {0,0,0};
40 | 	Vector3 aimPunch = memory::read<Vector3>(base + m_aimPunchAngle);
41 | 	return aimPunch;
42 | }
43 | 
44 | glow_mananger entity::get_glow_mananger()
45 | {
46 | 	if (!base) glow_mananger(NULL);
47 | 	ULONG GLPOINTR = memory::read<ULONG>(ULONG64(m_client) + (DWORD64)dwGlowObjectManager);
48 | 	ULONG GLcpg = memory::read<ULONG>(base + (DWORD64)m_iGlowIndex);
49 | 	ULONG64 addr = GLPOINTR + (GLcpg * 0x38);
50 | 	return glow_mananger(addr);
51 | }
52 | 
53 | entity client::get_entity(int index)
54 | {
55 | 	auto base = memory::read<ULONG>(ULONG64(m_client) + dwEntityList + index * 0x10);
56 | 	return entity(base);
57 | }
58 | 
59 | entity client::get_local()
60 | {
61 | 	auto base = memory::read<ULONG>(ULONG64(m_client) + dwLocalPlayer);
62 | 	return entity(base);
63 | }
64 | 
65 | Vector3 client::get_view_angles() {
66 | 	ULONG addr = memory::read<ULONG>(ULONG64(m_engine) + dwClientState) + dwClientState_ViewAngles;
67 | 	return memory::read<Vector3>(addr);
68 | }
69 | 
70 | void client::set_view_angles(Vector3 new_view_angles) {
71 | 	if (!_isnan(new_view_angles.y) && !_isnan(new_view_angles.x))
72 | 	{
73 | 		ULONG addr = memory::read<ULONG>(ULONG64(m_engine) + dwClientState) + dwClientState_ViewAngles;
74 | 		memory::write<Vector3>(addr, new_view_angles);
75 | 	}
76 | }
77 | 
78 | void client::set_force_attack(int val)
79 | {
80 | 	memory::write<int>(ULONG64(m_client) + dwForceAttack, val);
81 | }
82 | 
83 | int client::get_force_attack()
84 | {
85 | 	return memory::read<int>(ULONG64(m_client) + dwForceAttack);
86 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CSGO-Kernel-Hack
 2 | 
 3 | Full kernel cheat without user mode client    
 4 | 
 5 | How to use:  
 6 | Using vs2019 + WDK to compile,signing .sys with leaked certs,then start the driver in the way you like
 7 | 
 8 | Features：  
 9 | Glow esp  
10 | Trigger bot  
11 | Reduce recoil
12 | 
13 | Notice:  
14 | Driver may makes the PC bluescreen (system exception),use in your own risk
15 | 
16 | 
17 | 


--------------------------------------------------------------------------------