├── cs2 aimbot tutorial
    ├── src
    │   ├── main.cpp
    │   ├── math
    │   │   ├── vector.hpp
    │   │   └── vector.cpp
    │   ├── cheat
    │   │   ├── entity.hpp
    │   │   ├── entity.cpp
    │   │   └── aimbot.cpp
    │   └── mem
    │   │   ├── memify.h
    │   │   └── handle_hijack.h
    ├── cs2 aimbot tutorial.vcxproj.filters
    └── cs2 aimbot tutorial.vcxproj
├── README.md
├── cs2 aimbot tutorial.sln
├── .gitattributes
└── .gitignore


/cs2 aimbot tutorial/src/main.cpp:
--------------------------------------------------------------------------------
 1 | #include "cheat/entity.hpp"
 2 | 
 3 | int main()
 4 | {
 5 | 	printf("Starting cheat\n");
 6 | 
 7 | 	// create new thread
 8 | 	std::thread ReadThread(&Reader::ThreadLoop, &reader);
 9 | 	
10 | 	// detach thread so we don't have to care about it anymore.
11 | 	ReadThread.detach();
12 | 
13 | 	while (true)
14 | 	{
15 | 		std::this_thread::sleep_for(std::chrono::milliseconds(1));
16 | 
17 | 		// run aimbot code
18 | 		aimbot.doAimbot();
19 | 	}
20 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Aimify | Aimbot
 2 | 
 3 | A sophisticated aimbot written in C++ with learning in mind. 90% Of lines are commented, except for the memory and vector file.
 4 | 
 5 | ## Features
 6 | 
 7 | Threading🔄 - Uses multiple threads to filter out players.  
 8 | Smoothing 🧲 - Uses smoothing for more legit movement.  
 9 | Reading 📖 - Reads memory to get player positions, and more.  
10 | Targeting 🎯 - Chooses the player closest to the crosshair.
11 | 
12 | ## Note
13 | If the project isn't working, try updating the offsets. If that doesn't work you can open an issue, make sure to include your current offests.
14 | 


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/math/vector.hpp:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | #include <numbers>
 3 | #include <cmath>
 4 | #include <Windows.h>
 5 | 
 6 | struct view_matrix_t
 7 | {
 8 | 	float* operator[](int index)
 9 | 	{
10 | 		return matrix[index];
11 | 	}
12 | 
13 | 	float matrix[4][4];
14 | };
15 | 
16 | class Vector
17 | {
18 | public:
19 | 	constexpr Vector(
20 | 		const float x = 0.f,
21 | 		const float y = 0.f,
22 | 		const float z = 0.f) noexcept :
23 | 		x(x), y(y), z(z) { }
24 | 	
25 | 	constexpr const Vector& operator-(const Vector& other) const noexcept;
26 | 	constexpr const Vector& operator+(const Vector& other) const noexcept;
27 | 	constexpr const Vector& operator/(const float factor) const noexcept;
28 | 	constexpr const Vector& operator*(const float factor) const noexcept;
29 | 
30 | 	// 3d -> 2d, explanations already exist.
31 | 	const static bool world_to_screen(view_matrix_t view_matrix, Vector& in, Vector& out);
32 | 
33 | 	const bool IsZero();
34 | 
35 | 	float x, y, z;
36 | };
37 | 
38 | 


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/cheat/entity.hpp:
--------------------------------------------------------------------------------
 1 | #include "../mem/memify.h"
 2 | #include "../math/vector.hpp"
 3 | 
 4 | #include <vector>
 5 | #include <thread>
 6 | 
 7 | inline memify mem("cs2.exe");
 8 | 
 9 | namespace offset
10 | {
11 | 	constexpr std::ptrdiff_t dwEntityList = 0x19BEED0;
12 | 	constexpr std::ptrdiff_t dwViewMatrix = 0x1A20CF0;
13 | 	constexpr std::ptrdiff_t dwLocalPlayerPawn = 0x1824A18;
14 | 
15 | 	constexpr std::ptrdiff_t m_hPlayerPawn = 0x7DC;
16 | 
17 | 	constexpr std::ptrdiff_t m_iHealth = 0x324;
18 | 	constexpr std::ptrdiff_t m_iTeamNum = 0x3C3;
19 | 
20 | 	constexpr std::ptrdiff_t m_vOldOrigin = 0x1274;
21 | 
22 | 	constexpr std::ptrdiff_t m_entitySpottedState = 0x2288; // 0x8 m_bSpotted
23 | }
24 | 
25 | // create an entity class for our vector, since we need to be able to push_back().
26 | class C_CSPlayerPawn
27 | {
28 | public:
29 | 	int health, team;
30 | 
31 | 	Vector Position;
32 | 
33 | 	uintptr_t pCSPlayerPawn;
34 | };
35 | 
36 | inline C_CSPlayerPawn CCSPlayerPawn;
37 | 
38 | // create a class for filtering players, and our new thread.
39 | class Reader
40 | {
41 | public:
42 | 	uintptr_t client = 0;
43 | 
44 | 	std::vector<C_CSPlayerPawn> playerList;
45 | 
46 | 	void ThreadLoop();
47 | private:
48 | 	void FilterPlayers();
49 | };
50 | 
51 | inline Reader reader;
52 | 
53 | // aimbot functions
54 | class Aimbot
55 | {
56 | public:
57 | 	void doAimbot();
58 | private:
59 | 	Vector findClosest(const std::vector<Vector> playerPositions);
60 | 	void MoveMouseToPlayer(Vector position);
61 | };
62 | 
63 | inline Aimbot aimbot;


--------------------------------------------------------------------------------
/cs2 aimbot tutorial.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.9.34728.123
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cs2 aimbot tutorial", "cs2 aimbot tutorial\cs2 aimbot tutorial.vcxproj", "{343A942B-D996-42A5-A424-2C309E1A138F}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Debug|x64.Build.0 = Debug|x64
18 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Debug|x86.Build.0 = Debug|Win32
20 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Release|x64.ActiveCfg = Release|x64
21 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Release|x64.Build.0 = Release|x64
22 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Release|x86.ActiveCfg = Release|Win32
23 | 		{343A942B-D996-42A5-A424-2C309E1A138F}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {0C12C22F-74E4-4DFD-869F-B550C82CFEEF}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/math/vector.cpp:
--------------------------------------------------------------------------------
 1 | #include "vector.hpp"
 2 | 
 3 | int screenWidth = GetSystemMetrics(SM_CXSCREEN); // 0
 4 | int screenHeight = GetSystemMetrics(SM_CYSCREEN); // 1
 5 | 
 6 | constexpr const Vector& Vector::operator-(const Vector& other) const noexcept
 7 | {
 8 |     return Vector{ x - other.x, y - other.y, z - other.z };
 9 | }
10 | 
11 | constexpr const Vector& Vector::operator+(const Vector& other) const noexcept
12 | {
13 |     return Vector{ x + other.x, y + other.y, z + other.z };
14 | }
15 | 
16 | constexpr const Vector& Vector::operator/(const float factor) const noexcept
17 | {
18 |     return Vector{ x / factor, y / factor, z / factor };
19 | }
20 | 
21 | constexpr const Vector& Vector::operator*(const float factor) const noexcept
22 | {
23 |     return Vector{ x * factor, y * factor, z * factor };
24 | }
25 | 
26 | // w2s, alot of explanations already exist
27 | const bool Vector::world_to_screen(view_matrix_t vm, Vector& in, Vector& out)
28 | {
29 |     out.x = vm[0][0] * in.x + vm[0][1] * in.y + vm[0][2] * in.z + vm[0][3];
30 |     out.y = vm[1][0] * in.x + vm[1][1] * in.y + vm[1][2] * in.z + vm[1][3];
31 | 
32 |     float width = vm[3][0] * in.x + vm[3][1] * in.y + vm[3][2] * in.z + vm[3][3];
33 | 
34 |     if (width < 0.01f) {
35 |         return false;
36 |     }
37 | 
38 |     float inverseWidth = 1.f / width;
39 | 
40 |     out.x *= inverseWidth;
41 |     out.y *= inverseWidth;
42 | 
43 |     float x = screenWidth / 2;
44 |     float y = screenHeight / 2;
45 | 
46 |     x += 0.5f * out.x * screenWidth + 0.5f;
47 |     y -= 0.5f * out.y * screenHeight + 0.5f;
48 | 
49 |     out.x = x;
50 |     out.y = y;
51 |     
52 |     return true;
53 | }
54 | 
55 | const bool Vector::IsZero() {
56 |     return x == 0.0f && y == 0.0f && z == 0.0f;
57 | }
58 | 


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/cs2 aimbot tutorial.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="src\main.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |     <ClCompile Include="src\math\vector.cpp">
22 |       <Filter>Source Files</Filter>
23 |     </ClCompile>
24 |     <ClCompile Include="src\cheat\entity.cpp">
25 |       <Filter>Source Files</Filter>
26 |     </ClCompile>
27 |     <ClCompile Include="src\cheat\aimbot.cpp">
28 |       <Filter>Source Files</Filter>
29 |     </ClCompile>
30 |   </ItemGroup>
31 |   <ItemGroup>
32 |     <ClInclude Include="src\mem\memify.h">
33 |       <Filter>Header Files</Filter>
34 |     </ClInclude>
35 |     <ClInclude Include="src\mem\handle_hijack.h">
36 |       <Filter>Header Files</Filter>
37 |     </ClInclude>
38 |     <ClInclude Include="src\math\vector.hpp">
39 |       <Filter>Header Files</Filter>
40 |     </ClInclude>
41 |     <ClInclude Include="src\cheat\entity.hpp">
42 |       <Filter>Header Files</Filter>
43 |     </ClInclude>
44 |   </ItemGroup>
45 | </Project>


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/cheat/entity.cpp:
--------------------------------------------------------------------------------
 1 | #include "entity.hpp"
 2 | 
 3 | void Reader::ThreadLoop()
 4 | {
 5 | 	// get client
 6 | 	while (!client) {
 7 | 		std::this_thread::sleep_for(std::chrono::milliseconds(15));
 8 | 
 9 | 		client = mem.GetBase("client.dll");
10 | 
11 | 		std::cout << "client.dll " << std::hex << client << std::endl;
12 | 	}
13 | 
14 | 	while (true)
15 | 	{
16 | 		// The reason I used a loop counter is actually valid, but my old implementation was flawed due to the fact we use multiple threads now.
17 | 		// I'm used to working in a single thread environment, so I needed to count loops to manage other tasks within the loop.
18 | 		// Therefore, I couldn't just sleep for 250ms.
19 | 		//
20 | 		// However, since this is a new thread, we can simply sleep the thread to save performance.
21 | 
22 | 		std::this_thread::sleep_for(std::chrono::milliseconds(250));
23 | 
24 | 		FilterPlayers();
25 | 	}
26 | }
27 | 
28 | void Reader::FilterPlayers()
29 | {
30 | 	// clear playerList
31 | 	playerList.clear();
32 | 
33 | 	auto entityList = mem.Read<uintptr_t>(client + offset::dwEntityList);
34 | 
35 | 	if (!entityList)
36 | 		return;
37 | 
38 | 	auto localPawn = mem.Read<uintptr_t>(client + offset::dwLocalPlayerPawn);
39 | 
40 | 	// check swedz video for an explanation of this, i do not have the patience to write out all those comments :(
41 | 	for (int i = 0; i <= 64; ++i)
42 | 	{
43 | 		uintptr_t list_entry1 = mem.Read<uintptr_t>(entityList + (8 * (i & 0x7FFF) >> 9) + 16);
44 | 
45 | 		uintptr_t playerController = mem.Read<uintptr_t>(list_entry1 + 120 * (i & 0x1FF));
46 | 
47 | 		uint32_t playerPawn = mem.Read<uint32_t>(playerController + offset::m_hPlayerPawn);
48 | 
49 | 		uintptr_t list_entry2 = mem.Read<uintptr_t>(entityList + 0x8 * ((playerPawn & 0x7FFF) >> 9) + 16);
50 | 
51 | 		uintptr_t pCSPlayerPawnPtr = mem.Read<uintptr_t>(list_entry2 + 120 * (playerPawn & 0x1FF));
52 | 
53 | 		int health = mem.Read<int>(pCSPlayerPawnPtr + offset::m_iHealth);
54 | 
55 | 		if (health <= 0 || health > 100)
56 | 			continue;
57 | 
58 | 		int team = mem.Read<int>(pCSPlayerPawnPtr + offset::m_iTeamNum);
59 | 
60 | 		if (team == mem.Read<int>(localPawn + offset::m_iTeamNum))
61 | 			continue;
62 | 
63 | 		// save the address of the pawn we're on for later use, possibly reading positions.
64 | 		CCSPlayerPawn.pCSPlayerPawn = pCSPlayerPawnPtr;
65 | 
66 | 		// push back the entity we're on now, as in save them for later so we can loop through them.
67 | 		playerList.push_back(CCSPlayerPawn);
68 | 	}
69 | }


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | ###############################################################################
 2 | # Set default behavior to automatically normalize line endings.
 3 | ###############################################################################
 4 | * text=auto
 5 | 
 6 | ###############################################################################
 7 | # Set default behavior for command prompt diff.
 8 | #
 9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs     diff=csharp
14 | 
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following 
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln       merge=binary
26 | #*.csproj    merge=binary
27 | #*.vbproj    merge=binary
28 | #*.vcxproj   merge=binary
29 | #*.vcproj    merge=binary
30 | #*.dbproj    merge=binary
31 | #*.fsproj    merge=binary
32 | #*.lsproj    merge=binary
33 | #*.wixproj   merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj   merge=binary
36 | #*.wwaproj   merge=binary
37 | 
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg   binary
44 | #*.png   binary
45 | #*.gif   binary
46 | 
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | # 
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the 
52 | # entries below.
53 | ###############################################################################
54 | #*.doc   diff=astextplain
55 | #*.DOC   diff=astextplain
56 | #*.docx  diff=astextplain
57 | #*.DOCX  diff=astextplain
58 | #*.dot   diff=astextplain
59 | #*.DOT   diff=astextplain
60 | #*.pdf   diff=astextplain
61 | #*.PDF   diff=astextplain
62 | #*.rtf   diff=astextplain
63 | #*.RTF   diff=astextplain
64 | 


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/cheat/aimbot.cpp:
--------------------------------------------------------------------------------
  1 | #include "entity.hpp"
  2 | 
  3 | void Aimbot::doAimbot()
  4 | {
  5 | 	// sleep for 1ms to save cpu %
  6 | 	std::this_thread::sleep_for(std::chrono::milliseconds(1));
  7 | 
  8 | 	// get our view_matrix
  9 | 	auto view_matrix = mem.Read<view_matrix_t>(reader.client + offset::dwViewMatrix);
 10 | 
 11 | 	// create our playerPositions vector, although i would recommend moving this out of the loop.
 12 | 	std::vector<Vector> playerPositions;
 13 | 
 14 | 	// clear our playerPositions vector to remove old players
 15 | 	playerPositions.clear();
 16 | 
 17 | 	for (const auto& player : reader.playerList)
 18 | 	{
 19 | 		// get the 3D position of the player we're CURRENTLY looping through.
 20 | 		Vector playerPosition = mem.Read<Vector>(player.pCSPlayerPawn + offset::m_vOldOrigin);
 21 | 
 22 | 		// create a headPosition Vector, this is kind of ghetto but it works fine.
 23 | 		Vector headPos = { playerPosition.x += 0.0, playerPosition.y += 0.0, playerPosition.z += 65.0f };
 24 | 
 25 | 		// create our out variables for the world_to_screen function.
 26 | 		Vector f, h;
 27 | 
 28 | 		if (Vector::world_to_screen(view_matrix, playerPosition, f) &&
 29 | 			Vector::world_to_screen(view_matrix, headPos, h))
 30 | 		{
 31 | 			// add the filtered player to our vector
 32 | 			playerPositions.push_back(h);
 33 | 		}
 34 | 	}
 35 | 
 36 | 	// check if the user is holding the right mouse button.
 37 | 	if (GetAsyncKeyState(VK_RBUTTON)) 
 38 | 	{
 39 | 		// find the closest player and store it in a variable
 40 | 		auto closest_player = findClosest(playerPositions);
 41 | 
 42 | 		// move the mouse to the player
 43 | 		MoveMouseToPlayer(closest_player);
 44 | 	}
 45 | }
 46 | 
 47 | Vector Aimbot::findClosest(const std::vector<Vector> playerPositions)
 48 | {
 49 | 	// check if the player positions vector is empty, if it is then just break out of the function.
 50 | 	if (playerPositions.empty())
 51 | 	{
 52 | 		printf("playerPositions vector was empty.\n");
 53 | 		return { 0.0f, 0.0f, 0.0f };
 54 | 	}
 55 | 
 56 | 	// get the center of the screen to be able to subtract the playerPosition by the center of the screen so we know where they are on the screen.
 57 | 	Vector center_of_screen{ (float)GetSystemMetrics(0) / 2, (float)GetSystemMetrics(1) / 2, 0.0f };
 58 | 
 59 | 	// keep track of the lowest distance found
 60 | 	float lowestDistance = 10000;
 61 | 
 62 | 	// find the index of the new lowest distance in the vector and store it (-1 means there wasn't one found)
 63 | 	int index = -1;
 64 | 
 65 | 	// loop through every single vector.
 66 | 	for (int i = 0; i < playerPositions.size(); ++i)
 67 | 	{
 68 | 		// at the current index we're at, check the playerPosition and then calculate its distance from the center.
 69 | 		float distance(std::pow(playerPositions[i].x - center_of_screen.x, 2) + std::pow(playerPositions[i].y - center_of_screen.y, 2));
 70 | 
 71 | 		// if the distance is lower than the last vector we checked, then add it and save the index.
 72 | 		if (distance < lowestDistance) {
 73 | 			lowestDistance = distance;
 74 | 			index = i;
 75 | 		}
 76 | 	}
 77 | 
 78 | 	// check if we even found a player.
 79 | 	if (index == -1) {
 80 | 		return { 0.0f, 0.0f, 0.0f };
 81 | 	}
 82 | 
 83 | 	// return the player at that index.
 84 | 	return { playerPositions[index].x, playerPositions[index].y, 0.0f };
 85 | }
 86 | 
 87 | void Aimbot::MoveMouseToPlayer(Vector position)
 88 | {
 89 | 	// check if the position is valid, make a function for this for better practice. this is also just ugly.
 90 | 	if (position.IsZero())
 91 | 		return;
 92 | 
 93 | 	// get the center of our screen.
 94 | 	Vector center_of_screen{ (float)GetSystemMetrics(0) / 2, (float)GetSystemMetrics(1) / 2, 0.0f };
 95 | 
 96 | 	// get our new x and y, by subtracting the position by the center of the screen, giving us a position to move the mouse to.
 97 | 	auto new_x = position.x - center_of_screen.x;
 98 | 	auto new_y = position.y - center_of_screen.y;
 99 | 
100 | 	// move the mouse to said position.
101 | 	mouse_event(MOUSEEVENTF_MOVE, new_x, new_y, 0, 0);
102 | }


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/mem/memify.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | // literally all of these are in handle_hijack.h, so feel free to skip out on including them here and just handle_hijack.h for includes
  3 | // but for simplicity i will include them here too. *except for psapi.h*
  4 | #include <Windows.h> // RPM + WPM
  5 | #include <TlHelp32.h> 
  6 | #include <string> // couldn't get processName.compare to work with char, probably some other method but :shrug:
  7 | #include <Psapi.h> // enumprocessmodules
  8 | 
  9 | #include "handle_hijack.h"
 10 | 
 11 | /*
 12 | Created By https://github.com/carlgwastaken/
 13 | Please Support Open Source and leave this message here if you're using in your own source
 14 | Besides that, enjoy!
 15 | */
 16 | 
 17 | // the ReadProcessMemory is basically just a pointer to this function + some error handling, so we save some performance.
 18 | // 5% according to the post below:
 19 | // unknowncheats.me/forum/general-programming-and-reversing/230813-readprocessmemory-vs-ntreadvirtualmemory-performance-benchmark-comparison.html
 20 | typedef NTSTATUS(WINAPI* pNtReadVirtualMemory)(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG NumberOfBytesToRead, PULONG NumberOfBytesRead);
 21 | typedef NTSTATUS(WINAPI* pNtWriteVirtualMemory)(HANDLE Processhandle, PVOID BaseAddress, PVOID Buffer, ULONG NumberOfBytesToWrite, PULONG NumberOfBytesWritten);
 22 | 
 23 | class memify
 24 | {
 25 | private:
 26 | 	// initalize at 0 so we can check later
 27 | 	HANDLE handle = 0;
 28 | 	DWORD processID = 0;
 29 | 
 30 | 	pNtReadVirtualMemory VRead; // define Virtual Read + Virtual Write
 31 | 	pNtWriteVirtualMemory VWrite;
 32 | 
 33 | 	uintptr_t GetProcessId(std::string_view processName)
 34 | 	{
 35 | 		if (!handle) {
 36 | 			// define processentry32
 37 | 			PROCESSENTRY32 pe;
 38 | 			pe.dwSize = sizeof(PROCESSENTRY32);
 39 | 
 40 | 			// create a snapshot handle
 41 | 			HANDLE ss = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 42 | 
 43 | 			// loop through all process
 44 | 			while (Process32Next(ss, &pe)) {
 45 | 				// compare program names to processName
 46 | 				if (!processName.compare(pe.szExeFile)) {
 47 | 					processID = pe.th32ProcessID;
 48 | 					return processID;
 49 | 				}
 50 | 			}
 51 | 		}
 52 | 
 53 | 		DWORD ids[1024];
 54 | 		DWORD neededId;
 55 | 
 56 | 		if (EnumProcesses(ids, sizeof(ids), &neededId))
 57 | 		{
 58 | 			int processCount = neededId / sizeof(DWORD);
 59 | 
 60 | 			for (int i = 0; i < processCount; ++i)
 61 | 			{
 62 | 				if (handle != 0)
 63 | 				{
 64 | 					char moduleName[MAX_PATH];
 65 | 					if (GetModuleBaseNameA(handle, nullptr, moduleName, sizeof(moduleName)))
 66 | 					{
 67 | 						if (!processName.compare(moduleName)) {
 68 | 							return ids[i];
 69 | 						}
 70 | 					}
 71 | 				}
 72 | 			}
 73 | 		}
 74 | 
 75 | 		return 0;
 76 | 	}
 77 | 
 78 | 	// make BaseModule private since i'd rather shorthen name in public, and just return this function but thats your choice
 79 | 	// move it to public if you want to decrease lines
 80 | 	uintptr_t GetBaseModule(std::string_view moduleName)
 81 | 	{
 82 | 		HMODULE modules[1024];
 83 | 		DWORD neededmodule;
 84 | 
 85 | 		if (EnumProcessModules(handle, modules, sizeof(modules), &neededmodule))
 86 | 		{
 87 | 			int moduleCount = neededmodule / sizeof(HMODULE);
 88 | 
 89 | 			for (int i = 0; i < moduleCount; ++i)
 90 | 			{
 91 | 				char buffer[MAX_PATH];
 92 | 
 93 | 				if (GetModuleBaseNameA(handle, modules[i], buffer, sizeof(buffer)))
 94 | 				{
 95 | 					if (!moduleName.compare(buffer)) {
 96 | 						return reinterpret_cast<uintptr_t>(modules[i]);
 97 | 					}
 98 | 				}
 99 | 			}
100 | 		}
101 | 
102 | 		return 0;
103 | 	}
104 | public:
105 | 
106 | 	// constructor opens handle and you save one line!!!! (will make your spaghetti code 10x better)
107 | 	memify(std::string_view processName)
108 | 	{
109 | 		VRead = (pNtReadVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtReadVirtualMemory");
110 | 		VWrite = (pNtWriteVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtWriteVirtualMemory");
111 | 
112 | 		processID = GetProcessId(processName);
113 | 
114 | 		if (processID != 0)
115 | 		{
116 | 			handle = hj::HijackExistingHandle(processID);
117 | 
118 | 			if (!hj::IsHandleValid(handle))
119 | 			{
120 | 				std::cout << "Failed Handle Hijacking." << std::endl;
121 | 				// open handle with OpenProcess
122 | 			}
123 | 		}
124 | 	}
125 | 
126 | 	// deconstructor, you can just use a void Exit(), which is less to type but whatever
127 | 	~memify()
128 | 	{
129 | 		if (handle)
130 | 			CloseHandle(handle);
131 | 
132 | 		if (hj::HijackedHandle)
133 | 			CloseHandle(hj::HijackedHandle);
134 | 	}
135 | 
136 | 	// shorten name here
137 | 	uintptr_t GetBase(std::string_view moduleName)
138 | 	{
139 | 		return GetBaseModule(moduleName);
140 | 	}
141 | 
142 | 	// read
143 | 	template <typename T> // use types which are defined later on, so it's compatible with alot of shit.
144 | 	T Read(uintptr_t address)
145 | 	{
146 | 		T buffer{ };
147 | 		VRead(handle, (void*)address, &buffer, sizeof(T), 0);
148 | 		return buffer;
149 | 	}
150 | 
151 | 	template <typename T>
152 | 	T Write(uintptr_t address, T value)
153 | 	{
154 | 		VWrite(handle, (void*)address, &value, sizeof(T), NULL);
155 | 		return value;
156 | 	}
157 | 
158 | 	// for reading structs and strings and shit
159 | 	bool ReadRaw(uintptr_t address, void* buffer, size_t size)
160 | 	{
161 | 		SIZE_T bytesRead;
162 | 		if (VRead(handle, (void*)address, buffer, static_cast<ULONG>(size), (PULONG)&bytesRead))
163 | 			return bytesRead = size;
164 | 
165 | 		return false;
166 | 	}
167 | 
168 | 	// utilities, shit that isn't required but nice to have
169 | 
170 | 	bool ProcessIsOpen(const std::string_view processName)
171 | 	{
172 | 		return GetProcessId(processName) != 0;
173 | 	}
174 | 
175 | 	bool InForeground()
176 | 	{
177 | 		// just takes Counter-Strike 2 but change to whatever u want, or implement an input you can do that too
178 | 		// maybe get the foreground window and then compare it to your own window, use processID, anything u want
179 | 		HWND current = GetForegroundWindow();
180 | 
181 | 		char title[256];
182 | 		GetWindowText(current, title, sizeof(title));
183 | 
184 | 		if (strstr(title, "Counter-Strike 2") != nullptr)
185 | 			return true;
186 | 
187 | 		return false;
188 | 	}
189 | };


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/cs2 aimbot tutorial.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{343a942b-d996-42a5-a424-2c309e1a138f}</ProjectGuid>
 25 |     <RootNamespace>cs2aimbottutorial</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>MultiByte</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |       <LanguageStandard>stdcpp20</LanguageStandard>
122 |     </ClCompile>
123 |     <Link>
124 |       <SubSystem>Console</SubSystem>
125 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
126 |       <OptimizeReferences>true</OptimizeReferences>
127 |       <GenerateDebugInformation>true</GenerateDebugInformation>
128 |     </Link>
129 |   </ItemDefinitionGroup>
130 |   <ItemGroup>
131 |     <ClCompile Include="src\cheat\aimbot.cpp" />
132 |     <ClCompile Include="src\cheat\entity.cpp" />
133 |     <ClCompile Include="src\main.cpp" />
134 |     <ClCompile Include="src\math\vector.cpp" />
135 |   </ItemGroup>
136 |   <ItemGroup>
137 |     <ClInclude Include="src\cheat\entity.hpp" />
138 |     <ClInclude Include="src\mem\handle_hijack.h" />
139 |     <ClInclude Include="src\mem\memify.h" />
140 |     <ClInclude Include="src\math\vector.hpp" />
141 |   </ItemGroup>
142 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
143 |   <ImportGroup Label="ExtensionTargets">
144 |   </ImportGroup>
145 | </Project>


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Ww][Ii][Nn]32/
 27 | [Aa][Rr][Mm]/
 28 | [Aa][Rr][Mm]64/
 29 | bld/
 30 | [Bb]in/
 31 | [Oo]bj/
 32 | [Oo]ut/
 33 | [Ll]og/
 34 | [Ll]ogs/
 35 | 
 36 | # Visual Studio 2015/2017 cache/options directory
 37 | .vs/
 38 | # Uncomment if you have tasks that create the project's static files in wwwroot
 39 | #wwwroot/
 40 | 
 41 | # Visual Studio 2017 auto generated files
 42 | Generated\ Files/
 43 | 
 44 | # MSTest test Results
 45 | [Tt]est[Rr]esult*/
 46 | [Bb]uild[Ll]og.*
 47 | 
 48 | # NUnit
 49 | *.VisualState.xml
 50 | TestResult.xml
 51 | nunit-*.xml
 52 | 
 53 | # Build Results of an ATL Project
 54 | [Dd]ebugPS/
 55 | [Rr]eleasePS/
 56 | dlldata.c
 57 | 
 58 | # Benchmark Results
 59 | BenchmarkDotNet.Artifacts/
 60 | 
 61 | # .NET Core
 62 | project.lock.json
 63 | project.fragment.lock.json
 64 | artifacts/
 65 | 
 66 | # ASP.NET Scaffolding
 67 | ScaffoldingReadMe.txt
 68 | 
 69 | # StyleCop
 70 | StyleCopReport.xml
 71 | 
 72 | # Files built by Visual Studio
 73 | *_i.c
 74 | *_p.c
 75 | *_h.h
 76 | *.ilk
 77 | *.meta
 78 | *.obj
 79 | *.iobj
 80 | *.pch
 81 | *.pdb
 82 | *.ipdb
 83 | *.pgc
 84 | *.pgd
 85 | *.rsp
 86 | *.sbr
 87 | *.tlb
 88 | *.tli
 89 | *.tlh
 90 | *.tmp
 91 | *.tmp_proj
 92 | *_wpftmp.csproj
 93 | *.log
 94 | *.vspscc
 95 | *.vssscc
 96 | .builds
 97 | *.pidb
 98 | *.svclog
 99 | *.scc
100 | 
101 | # Chutzpah Test files
102 | _Chutzpah*
103 | 
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 | 
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 | 
121 | # Visual Studio Trace Files
122 | *.e2e
123 | 
124 | # TFS 2012 Local Workspace
125 | $tf/
126 | 
127 | # Guidance Automation Toolkit
128 | *.gpState
129 | 
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 | 
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 | 
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 | 
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 | 
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 | 
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 | 
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 | 
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 | 
163 | # Web workbench (sass)
164 | .sass-cache/
165 | 
166 | # Installshield output folder
167 | [Ee]xpress/
168 | 
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 | 
179 | # Click-Once directory
180 | publish/
181 | 
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 | 
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 | 
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 | # The packages folder can be ignored because of Package Restore
200 | **/[Pp]ackages/*
201 | # except build/, which is used as an MSBuild target.
202 | !**/[Pp]ackages/build/
203 | # Uncomment if necessary however generally it will be regenerated when needed
204 | #!**/[Pp]ackages/repositories.config
205 | # NuGet v3's project.json files produces more ignorable files
206 | *.nuget.props
207 | *.nuget.targets
208 | 
209 | # Microsoft Azure Build Output
210 | csx/
211 | *.build.csdef
212 | 
213 | # Microsoft Azure Emulator
214 | ecf/
215 | rcf/
216 | 
217 | # Windows Store app package directories and files
218 | AppPackages/
219 | BundleArtifacts/
220 | Package.StoreAssociation.xml
221 | _pkginfo.txt
222 | *.appx
223 | *.appxbundle
224 | *.appxupload
225 | 
226 | # Visual Studio cache files
227 | # files ending in .cache can be ignored
228 | *.[Cc]ache
229 | # but keep track of directories ending in .cache
230 | !?*.[Cc]ache/
231 | 
232 | # Others
233 | ClientBin/
234 | ~$*
235 | *~
236 | *.dbmdl
237 | *.dbproj.schemaview
238 | *.jfm
239 | *.pfx
240 | *.publishsettings
241 | orleans.codegen.cs
242 | 
243 | # Including strong name files can present a security risk
244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
245 | #*.snk
246 | 
247 | # Since there are multiple workflows, uncomment next line to ignore bower_components
248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249 | #bower_components/
250 | 
251 | # RIA/Silverlight projects
252 | Generated_Code/
253 | 
254 | # Backup & report files from converting an old project file
255 | # to a newer Visual Studio version. Backup files are not needed,
256 | # because we have git ;-)
257 | _UpgradeReport_Files/
258 | Backup*/
259 | UpgradeLog*.XML
260 | UpgradeLog*.htm
261 | ServiceFabricBackup/
262 | *.rptproj.bak
263 | 
264 | # SQL Server files
265 | *.mdf
266 | *.ldf
267 | *.ndf
268 | 
269 | # Business Intelligence projects
270 | *.rdl.data
271 | *.bim.layout
272 | *.bim_*.settings
273 | *.rptproj.rsuser
274 | *- [Bb]ackup.rdl
275 | *- [Bb]ackup ([0-9]).rdl
276 | *- [Bb]ackup ([0-9][0-9]).rdl
277 | 
278 | # Microsoft Fakes
279 | FakesAssemblies/
280 | 
281 | # GhostDoc plugin setting file
282 | *.GhostDoc.xml
283 | 
284 | # Node.js Tools for Visual Studio
285 | .ntvs_analysis.dat
286 | node_modules/
287 | 
288 | # Visual Studio 6 build log
289 | *.plg
290 | 
291 | # Visual Studio 6 workspace options file
292 | *.opt
293 | 
294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295 | *.vbw
296 | 
297 | # Visual Studio LightSwitch build output
298 | **/*.HTMLClient/GeneratedArtifacts
299 | **/*.DesktopClient/GeneratedArtifacts
300 | **/*.DesktopClient/ModelManifest.xml
301 | **/*.Server/GeneratedArtifacts
302 | **/*.Server/ModelManifest.xml
303 | _Pvt_Extensions
304 | 
305 | # Paket dependency manager
306 | .paket/paket.exe
307 | paket-files/
308 | 
309 | # FAKE - F# Make
310 | .fake/
311 | 
312 | # CodeRush personal settings
313 | .cr/personal
314 | 
315 | # Python Tools for Visual Studio (PTVS)
316 | __pycache__/
317 | *.pyc
318 | 
319 | # Cake - Uncomment if you are using it
320 | # tools/**
321 | # !tools/packages.config
322 | 
323 | # Tabs Studio
324 | *.tss
325 | 
326 | # Telerik's JustMock configuration file
327 | *.jmconfig
328 | 
329 | # BizTalk build output
330 | *.btp.cs
331 | *.btm.cs
332 | *.odx.cs
333 | *.xsd.cs
334 | 
335 | # OpenCover UI analysis results
336 | OpenCover/
337 | 
338 | # Azure Stream Analytics local run output
339 | ASALocalRun/
340 | 
341 | # MSBuild Binary and Structured Log
342 | *.binlog
343 | 
344 | # NVidia Nsight GPU debugger configuration file
345 | *.nvuser
346 | 
347 | # MFractors (Xamarin productivity tool) working folder
348 | .mfractor/
349 | 
350 | # Local History for Visual Studio
351 | .localhistory/
352 | 
353 | # BeatPulse healthcheck temp database
354 | healthchecksdb
355 | 
356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
357 | MigrationBackup/
358 | 
359 | # Ionide (cross platform F# VS Code tools) working folder
360 | .ionide/
361 | 
362 | # Fody - auto-generated XML schema
363 | FodyWeavers.xsd
364 | /README.md
365 | 


--------------------------------------------------------------------------------
/cs2 aimbot tutorial/src/mem/handle_hijack.h:
--------------------------------------------------------------------------------
  1 | /*
  2 | 	This is a stand alone bypass made by Apxaey. Feel free to use this in your cheats but credit me for the bypass as i put alot of time into this.
  3 | 	If you have some brain cells you will be able to incorporate this into your cheats and remain undetected by user-mode anticheats.
  4 | 	Obviously standard cheat 'recommendations' still apply:
  5 | 	1.) Use self-written or not signatured code
  6 | 	2.) Dont write impossible values
  7 | 	3.) If your going internal use a manual map injector
  8 | 
  9 | 	If you follow the guidelines above and use this bypass you will be safe from usermode anticheats like VAC.
 10 | 	Obviously you can build and adapt upon my code to suit your needs.
 11 | 	If I was to make a cheat for myself i would put this bypass into something i call an 'external internal' cheat.
 12 | 	Whereby you make a cheat and inject into a legitimate program like discord and add a check to the this bypass to only hijack a handle from the process you inject into, giving the appearence that nothing is out of the ordinary
 13 | 	However you can implement this bypass into any form of cheat, its your decision.
 14 | 	If you need want some more info i recommend you watch my YT video on this bypass.
 15 | 	Anyways if you want to see more of my stuff feel free to join my discord server [uc does not approve!]. Here's my YT as well https://www.youtube.com/channel/UCPN6OOLxn1OaBP5jPThIiog.
 16 | 	[support his yt! although he doesn't post anymore...]
 17 | */
 18 | 
 19 | #include <Windows.h> 
 20 | #include <iostream>
 21 | #include <TlHelp32.h>
 22 | #include <string>
 23 | 
 24 | // macros we use. Some can be found in wintrnl.h
 25 | #define SeDebugPriv 20
 26 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
 27 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004)
 28 | #define NtCurrentProcess ( (HANDLE)(LONG_PTR) -1 ) 
 29 | #define ProcessHandleType 0x7
 30 | #define SystemHandleInformation 16 
 31 | 
 32 | /*
 33 | STRUCTURES NEEDED FOR NTOPENPROCESS:
 34 | */
 35 | typedef struct _UNICODE_STRING {
 36 | 	USHORT Length;
 37 | 	USHORT MaximumLength;
 38 | 	PWCH   Buffer;
 39 | } UNICODE_STRING, * PUNICODE_STRING;
 40 | 
 41 | typedef struct _OBJECT_ATTRIBUTES {
 42 | 	ULONG           Length;
 43 | 	HANDLE          RootDirectory;
 44 | 	PUNICODE_STRING ObjectName;
 45 | 	ULONG           Attributes;
 46 | 	PVOID           SecurityDescriptor;
 47 | 	PVOID           SecurityQualityOfService;
 48 | }  OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
 49 | 
 50 | typedef struct _CLIENT_ID
 51 | {
 52 | 	PVOID UniqueProcess;
 53 | 	PVOID UniqueThread;
 54 | } CLIENT_ID, * PCLIENT_ID;
 55 | 
 56 | /*
 57 | STRUCTURES NEEDED FOR HANDLE INFORMATION:
 58 | */
 59 | 
 60 | typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
 61 | {
 62 | 	ULONG ProcessId;
 63 | 	BYTE ObjectTypeNumber;
 64 | 	BYTE Flags;
 65 | 	USHORT Handle;
 66 | 	PVOID Object;
 67 | 	ACCESS_MASK GrantedAccess;
 68 | } SYSTEM_HANDLE, * PSYSTEM_HANDLE; //i shortened it to SYSTEM_HANDLE for the sake of typing
 69 | 
 70 | typedef struct _SYSTEM_HANDLE_INFORMATION
 71 | {
 72 | 	ULONG HandleCount;
 73 | 	SYSTEM_HANDLE Handles[1];
 74 | } SYSTEM_HANDLE_INFORMATION, * PSYSTEM_HANDLE_INFORMATION;
 75 | 
 76 | /*
 77 | FUNCTION PROTOTYPES:
 78 | */
 79 | typedef NTSTATUS(NTAPI* _NtDuplicateObject)(
 80 | 	HANDLE SourceProcessHandle,
 81 | 	HANDLE SourceHandle,
 82 | 	HANDLE TargetProcessHandle,
 83 | 	PHANDLE TargetHandle,
 84 | 	ACCESS_MASK DesiredAccess,
 85 | 	ULONG Attributes,
 86 | 	ULONG Options
 87 | 	);
 88 | 
 89 | typedef NTSTATUS(NTAPI* _RtlAdjustPrivilege)(
 90 | 	ULONG Privilege,
 91 | 	BOOLEAN Enable,
 92 | 	BOOLEAN CurrentThread,
 93 | 	PBOOLEAN Enabled
 94 | 	);
 95 | 
 96 | typedef NTSYSAPI NTSTATUS(NTAPI* _NtOpenProcess)(
 97 | 	PHANDLE            ProcessHandle,
 98 | 	ACCESS_MASK        DesiredAccess,
 99 | 	POBJECT_ATTRIBUTES ObjectAttributes,
100 | 	PCLIENT_ID         ClientId
101 | 	);
102 | 
103 | typedef NTSTATUS(NTAPI* _NtQuerySystemInformation)(
104 | 	ULONG SystemInformationClass, //your supposed to supply the whole class but microsoft kept the enum mostly empty so I just passed 16 instead for handle info. Thats why you get a warning in your code btw
105 | 	PVOID SystemInformation,
106 | 	ULONG SystemInformationLength,
107 | 	PULONG ReturnLength
108 | 	);
109 | 
110 | inline SYSTEM_HANDLE_INFORMATION* hInfo; //holds the handle information
111 | 
112 | //the handles we will need to use later on
113 | 
114 | namespace hj
115 | {
116 | 	inline HANDLE procHandle = NULL;
117 | 	inline HANDLE hProcess = NULL;
118 | 	inline HANDLE HijackedHandle = NULL;
119 | 
120 | 	// simple function i made that will just initialize our Object_Attributes structure as NtOpenProcess will fail otherwise
121 | 	inline OBJECT_ATTRIBUTES InitObjectAttributes(PUNICODE_STRING name, ULONG attributes, HANDLE hRoot, PSECURITY_DESCRIPTOR security)
122 | 	{
123 | 		OBJECT_ATTRIBUTES object;
124 | 
125 | 		object.Length = sizeof(OBJECT_ATTRIBUTES);
126 | 		object.ObjectName = name;
127 | 		object.Attributes = attributes;
128 | 		object.RootDirectory = hRoot;
129 | 		object.SecurityDescriptor = security;
130 | 
131 | 		return object;
132 | 	}
133 | 
134 | 	inline bool IsHandleValid(HANDLE handle) // i made this to simply check if a handle is valid rather than repeating the if statments
135 | 	{
136 | 		if (handle && handle != INVALID_HANDLE_VALUE)
137 | 			return true;
138 | 		else
139 | 			return false;
140 | 
141 | 	}
142 | 
143 | 	inline HANDLE HijackExistingHandle(DWORD dwTargetProcessId)
144 | 	{
145 | 		HMODULE Ntdll = GetModuleHandleA("ntdll"); // get the base address of ntdll.dll
146 | 
147 | 		//get the address of RtlAdjustPrivilege in ntdll.dll so we can grant our process the highest permission possible
148 | 		_RtlAdjustPrivilege RtlAdjustPrivilege = (_RtlAdjustPrivilege)GetProcAddress(Ntdll, "RtlAdjustPrivilege");
149 | 
150 | 		boolean OldPriv; //store the old privileges
151 | 
152 | 		// Give our program SeDeugPrivileges whcih allows us to get a handle to every process, even the highest privileged SYSTEM level processes.
153 | 		RtlAdjustPrivilege(SeDebugPriv, TRUE, FALSE, &OldPriv);
154 | 
155 | 		//get the address of NtQuerySystemInformation in ntdll.dll so we can find all the open handles on our system
156 | 		_NtQuerySystemInformation NtQuerySystemInformation = (_NtQuerySystemInformation)GetProcAddress(Ntdll, "NtQuerySystemInformation");
157 | 
158 | 		//get the address of NtDuplicateObject in ntdll.dll so we can duplicate an existing handle into our cheat, basically performing the hijacking
159 | 		_NtDuplicateObject NtDuplicateObject = (_NtDuplicateObject)GetProcAddress(Ntdll, "NtDuplicateObject");
160 | 
161 | 		//get the address of NtOpenProcess in ntdll.dll so wecan create a Duplicate handle
162 | 		_NtOpenProcess NtOpenProcess = (_NtOpenProcess)GetProcAddress(Ntdll, "NtOpenProcess");
163 | 
164 | 
165 | 		//initialize the Object Attributes structure, you can just set each member to NULL rather than create a function like i did
166 | 		OBJECT_ATTRIBUTES Obj_Attribute = InitObjectAttributes(NULL, NULL, NULL, NULL);
167 | 
168 | 		//clientID is a PDWORD or DWORD* of the process id to create a handle to
169 | 		CLIENT_ID clientID = { 0 };
170 | 
171 | 
172 | 		//the size variable is the amount of bytes allocated to store all the open handles
173 | 		DWORD size = sizeof(SYSTEM_HANDLE_INFORMATION);
174 | 
175 | 		//we allocate the memory to store all the handles on the heap rather than the stack becuase of the large amount of data
176 | 		hInfo = (SYSTEM_HANDLE_INFORMATION*) new byte[size];
177 | 
178 | 		//zero the memory handle info
179 | 		ZeroMemory(hInfo, size);
180 | 
181 | 		//we use this for checking if the Native functions succeed
182 | 		NTSTATUS NtRet = NULL;
183 | 
184 | 		do
185 | 		{
186 | 			// delete the previously allocated memory on the heap because it wasn't large enough to store all the handles
187 | 			delete[] hInfo;
188 | 
189 | 			//increase the amount of memory allocated by 50%
190 | 			size *= 1.5;
191 | 			try
192 | 			{
193 | 				//set and allocate the larger size on the heap
194 | 				hInfo = (PSYSTEM_HANDLE_INFORMATION) new byte[size];
195 | 			}
196 | 			catch (std::bad_alloc) //catch a bad heap allocation.
197 | 			{
198 | 				procHandle ? CloseHandle(procHandle) : 0;
199 | 			}
200 | 			Sleep(1); //sleep for the cpu
201 | 
202 | 			//we continue this loop until all the handles have been stored
203 | 		} while ((NtRet = NtQuerySystemInformation(SystemHandleInformation, hInfo, size, NULL)) == STATUS_INFO_LENGTH_MISMATCH);
204 | 
205 | 		//check if we got all the open handles on our system
206 | 		if (!NT_SUCCESS(NtRet))
207 | 			procHandle ? CloseHandle(procHandle) : 0;
208 | 
209 | 
210 | 		//loop through each handle on our system, and filter out handles that are invalid or cant be hijacked
211 | 		for (unsigned int i = 0; i < hInfo->HandleCount; ++i)
212 | 		{
213 | 			//a variable to store the number of handles OUR cheat has open.
214 | 			static DWORD NumOfOpenHandles;
215 | 
216 | 			//get the amount of outgoing handles OUR cheat has open
217 | 			GetProcessHandleCount(GetCurrentProcess(), &NumOfOpenHandles);
218 | 
219 | 			//you can do a higher number if this is triggering false positives. Its just to make sure we dont fuck up and create thousands of handles
220 | 			if (NumOfOpenHandles > 50)
221 | 				procHandle ? CloseHandle(procHandle) : 0;
222 | 
223 | 			//check if the current handle is valid, otherwise increment i and check the next handle
224 | 			if (!IsHandleValid((HANDLE)hInfo->Handles[i].Handle))
225 | 				continue;
226 | 
227 | 			//check the handle type is 0x7 meaning a process handle so we dont hijack a file handle for example
228 | 			if (hInfo->Handles[i].ObjectTypeNumber != ProcessHandleType)
229 | 				continue;
230 | 
231 | 			//set clientID to a pointer to the process with the handle to out target
232 | 			clientID.UniqueProcess = (DWORD*)hInfo->Handles[i].ProcessId;
233 | 
234 | 			//if procHandle is open, close it
235 | 			procHandle ? CloseHandle(procHandle) : 0;
236 | 
237 | 			//create a a handle with duplicate only permissions to the process with a handle to our target. NOT OUR TARGET.
238 | 			NtRet = NtOpenProcess(&procHandle, PROCESS_DUP_HANDLE, &Obj_Attribute, &clientID);
239 | 			if (!IsHandleValid(procHandle) || !NT_SUCCESS(NtRet)) //check is the funcions succeeded and check the handle is valid
240 | 				continue;
241 | 
242 | 			//we duplicate the handle another process has to our target into our cheat with whatever permissions we want. I did all access.
243 | 			NtRet = NtDuplicateObject(procHandle, (HANDLE)hInfo->Handles[i].Handle, NtCurrentProcess, &HijackedHandle, PROCESS_ALL_ACCESS, 0, 0);
244 | 			if (!IsHandleValid(HijackedHandle) || !NT_SUCCESS(NtRet))//check is the funcions succeeded and check the handle is valid
245 | 				continue;
246 | 
247 | 			//get the process id of the handle we duplicated and check its to our target
248 | 			if (GetProcessId(HijackedHandle) != dwTargetProcessId) {
249 | 				CloseHandle(HijackedHandle);
250 | 				continue;
251 | 			}
252 | 
253 | 			hProcess = HijackedHandle;
254 | 
255 | 			break;
256 | 		}
257 | 
258 | 		procHandle ? CloseHandle(procHandle) : 0;
259 | 
260 | 		return hProcess;
261 | 	}
262 | }


--------------------------------------------------------------------------------