├── Garhal ├── ntos.h ├── messages.h ├── hide.h ├── garhal.h ├── events.h ├── memory.h ├── data.h ├── vector.h ├── gstructs.h ├── vector.c ├── communication.h ├── Garhal.inf ├── Garhal.vcxproj.filters ├── hide.c ├── memory.c ├── communication.c ├── garhal.c ├── Garhal.vcxproj └── events.c ├── garhallogo.png ├── GarhalController ├── icons.h ├── Engine.hpp ├── utils.hpp ├── settings.json ├── Aimbot.hpp ├── csgo_settings.hpp ├── Entity.hpp ├── icons.cpp ├── Engine.cpp ├── utils.cpp ├── communications.hpp ├── kernelinterface.hpp ├── sdk.hpp ├── GarhalController.vcxproj.filters └── csgo_menu.hpp ├── LEGACY_GarhalController ├── ClientMode.h ├── CInput.h ├── Engine.hpp ├── CUserCmd.h ├── Aimbot.hpp ├── garhal.cfg ├── AntiAim.hpp ├── BSPParser.cpp ├── Entity.hpp ├── BSPParser.hpp ├── Engine.cpp ├── communications.hpp ├── config.hpp ├── TraceRay.hpp ├── GarhalController.vcxproj.filters ├── config.cpp ├── AntiAim.cpp ├── data.hpp ├── kernelinterface.hpp ├── sdk.hpp ├── BSPFile.hpp └── Entity.cpp ├── .github └── ISSUE_TEMPLATE │ ├── feature_request.md │ └── issue-report.md ├── LEGACY_GarhalRankDisplayer ├── data.hpp ├── GarhalRankDisplayer.vcxproj.filters ├── communications.hpp ├── kernelinterface.hpp └── GarhalRankDisplayer.cpp ├── Libraries ├── common │ └── bsp │ │ ├── BSPParser.cpp │ │ ├── BSPParser.hpp │ │ ├── TraceRay.hpp │ │ └── BSPFile.hpp └── imgui │ ├── imgui_impl_dx9.h │ ├── imgui_stdlib.h │ ├── imgui_impl_dx11.h │ ├── InputSystem.h │ ├── imgui_impl_win32_client.h │ ├── imgui_extensions.h │ ├── imgui_impl_win32.h │ ├── imgui_stdlib.cpp │ └── imconfig.h ├── Garhal.sln └── .gitignore /Garhal/ntos.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dretax/GarHal_CSGO/HEAD/Garhal/ntos.h -------------------------------------------------------------------------------- /garhallogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dretax/GarHal_CSGO/HEAD/garhallogo.png -------------------------------------------------------------------------------- /GarhalController/icons.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "Windows.h" 3 | 4 | extern const BYTE GarhalLogo[320]; 5 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/ClientMode.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | class ClientMode 6 | { 7 | 8 | }; 9 | -------------------------------------------------------------------------------- /Garhal/messages.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #define DebugMessageNormal(x, ...) DbgPrintEx(0, 0, x, __VA_ARGS__) 5 | -------------------------------------------------------------------------------- /Garhal/hide.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | 5 | void RemoveLinks(PLIST_ENTRY Current); 6 | 7 | PCHAR HideProcess(UINT32 pid); 8 | 9 | ULONG FindPIDOffset(); -------------------------------------------------------------------------------- /LEGACY_GarhalController/CInput.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | class CInput { 5 | private: 6 | BYTE __pad0x01[0xF1]; 7 | public: 8 | DWORD Commands; 9 | DWORD VerifiedCommands; 10 | }; 11 | -------------------------------------------------------------------------------- /Garhal/garhal.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | PVOID OBRegisterHandle = NULL; 5 | 6 | NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject); 7 | 8 | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath); 9 | 10 | NTSTATUS RegisterOBCallback(); 11 | 12 | NTSTATUS FreeAllocatedMemory(); -------------------------------------------------------------------------------- /GarhalController/Engine.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "data.hpp" 3 | 4 | namespace engine 5 | { 6 | bool worldToScreen(const Vector3& from, Vector3& to); 7 | bool IsInGame(); 8 | GameState GetGameState(uint8_t State); 9 | Vector3 getViewAngles(); 10 | void setViewAngles(Vector3& viewAngles); 11 | } 12 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/Engine.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "data.hpp" 3 | 4 | class Engine 5 | { 6 | public: 7 | bool worldToScreen(const Vector3& from, Vector3& to); 8 | bool IsInGame(); 9 | GameState GetGameState(uint8_t State); 10 | Vector3 getViewAngles(); 11 | void setViewAngles(Vector3& viewAngles); 12 | Engine(); 13 | ~Engine(); 14 | }; 15 | -------------------------------------------------------------------------------- /Garhal/events.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | PLOAD_IMAGE_NOTIFY_ROUTINE ImageLoadCallback(PUNICODE_STRING FullImageName, HANDLE ProcessId, PIMAGE_INFO ImageInfo); 5 | 6 | PCREATE_PROCESS_NOTIFY_ROUTINE_EX ProcessNotifyCallbackEx(HANDLE parentId, HANDLE processId, PPS_CREATE_NOTIFY_INFO notifyInfo); 7 | 8 | OB_PREOP_CALLBACK_STATUS OBRegisterCallback(PVOID RegistrationContext, POB_PRE_OPERATION_INFORMATION OperationInformation); -------------------------------------------------------------------------------- /GarhalController/utils.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "..\common\bsp\BSPStructure.hpp" 4 | #include "Entity.hpp" 5 | 6 | namespace utils 7 | { 8 | Entity CreateEntity(uint32_t Address); 9 | std::string GenerateStr(const int len); 10 | std::vector Split(std::string s, std::string delimiter); 11 | bool IsProcessElevated(HANDLE processHandle); 12 | hazedumper::Vector2 toWinPos(hazedumper::Vector2& screenPos, float width, float height); 13 | } -------------------------------------------------------------------------------- /Garhal/memory.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "gstructs.h" 4 | #include "vector.h" 5 | 6 | ULONG GetWindowsBuildNumber(); 7 | 8 | int GetCorrectOffset(CHAR* Name, ULONG BuildNumber); 9 | 10 | NTSTATUS KeReadVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size); 11 | 12 | NTSTATUS KeWriteVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size); 13 | 14 | NTSTATUS FindProcessByName(CHAR* process_name, vector* list); 15 | 16 | MODULEENTRY GetProcessModule(PEPROCESS Process, LPCWSTR ModuleName); -------------------------------------------------------------------------------- /GarhalController/settings.json: -------------------------------------------------------------------------------- 1 | {"AimbotBullets":100,"AimbotKey":88,"AimbotState":1,"AimbotTarget":1,"Bhop":false,"NoFlash":false,"Radar":false,"TriggerBot":false,"TriggerBotDelay":false,"TriggerBotDelayMax":15,"TriggerBotDelayMin":8,"TriggerBotKey":0,"Wallhack":true,"selectedWeaponIds":[false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false],"useVsync":false} 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/CUserCmd.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "data.hpp" 4 | 5 | class CUserCmd { 6 | public: 7 | DWORD Vft; 8 | DWORD CmdNumber; 9 | DWORD TickCount; 10 | Vector3 ViewAngles; 11 | Vector3 AimDirection; 12 | FLOAT Forwardmove; 13 | FLOAT Sidemove; 14 | FLOAT Upmove; 15 | DWORD Buttons; 16 | BYTE Impulse; 17 | 18 | private: 19 | BYTE __pad0x01[0x03]; 20 | 21 | public: 22 | DWORD WeaponSelect; 23 | DWORD WeaponSubtype; 24 | DWORD RandomSeed; 25 | WORD MouseDx; 26 | WORD MouseDy; 27 | BOOLEAN HasBeenPredicted; 28 | 29 | private: 30 | BYTE __pad0x02[0x1B]; 31 | }; 32 | class CVerifiedUserCmd { 33 | public: 34 | CUserCmd Command; 35 | DWORD CRC; 36 | }; -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/issue-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Issue report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the issue** 11 | A clear and concise description of what the bug/issue is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Windows 10 version:** 27 | - My version is.... [Example: 2004] 28 | 29 | **Additional context** 30 | Add any other context about the problem here. 31 | -------------------------------------------------------------------------------- /LEGACY_GarhalRankDisplayer/data.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "kernelinterface.hpp" 4 | 5 | inline DWORD ProcessId, ClientAddress, EngineAddress; 6 | inline KeInterface Driver = NULL; 7 | 8 | inline const char* Ranks[] = 9 | { 10 | "UnRanked", 11 | "Silver I", 12 | "Silver II", 13 | "Silver III", 14 | "Silver IV", 15 | "Silver Elite", 16 | "Silver Elite Master", 17 | 18 | "Gold Nova I", 19 | "Gold Nova II", 20 | "Gold Nova III", 21 | "Gold Nova Master", 22 | "Master Guardian I", 23 | "Master Guardian II", 24 | 25 | "Master Guardian Elite", 26 | "Distinguished Master Guardian", 27 | "Legendary Eagle", 28 | "Legendary Eagle Master", 29 | "Supreme Master First Class", 30 | "The Global Elite" 31 | }; -------------------------------------------------------------------------------- /Garhal/data.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include "vector.h" 5 | 6 | // We store every value here. 7 | ULONG CsgoID, ClientAddress, EngineAddress, ClientSize, EngineSize, ControllerID, RankReaderID, ProtectController, ProtectRankReader; 8 | PDEVICE_OBJECT pDeviceObject; 9 | UNICODE_STRING dev, dos; 10 | vector CSRSSList; 11 | BOOLEAN IsManualMapped; 12 | 13 | 14 | // Constants 15 | #define EnableProcessHiding 0 // Used to hide our process. 16 | #define EnableDriverHiding 0 // Used to hide our driver. 17 | 18 | #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 19 | #define PROCESS_VM_OPERATION 0x0008 20 | #define PROCESS_VM_READ 0x0010 21 | #define PROCESS_VM_WRITE 0x0020 22 | #define PROCESS_TERMINATE 0x0001 23 | 24 | typedef struct _OB_REG_CONTEXT { 25 | USHORT Version; 26 | UNICODE_STRING Altitude; 27 | USHORT ulIndex; 28 | OB_OPERATION_REGISTRATION* OperationRegistration; 29 | } REG_CONTEXT, * PREG_CONTEXT; -------------------------------------------------------------------------------- /Garhal/vector.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef VECTOR_H 4 | #define VECTOR_H 5 | 6 | #define VECTOR_INIT_CAPACITY 4 7 | 8 | #define VECTOR_INIT(vec) vector vec; vector_init(&vec) 9 | #define VECTOR_ADD(vec, item) vector_add(&vec, (void *) item) 10 | #define VECTOR_SET(vec, id, item) vector_set(&vec, id, (void *) item) 11 | #define VECTOR_GET(vec, type, id) (type) vector_get(&vec, id) 12 | #define VECTOR_DELETE(vec, id) vector_delete(&vec, id) 13 | #define VECTOR_TOTAL(vec) vector_total(&vec) 14 | #define VECTOR_FREE(vec) vector_free(&vec) 15 | 16 | typedef struct vector { 17 | void** items; 18 | int capacity; 19 | int total; 20 | } vector; 21 | 22 | void vector_init(vector*); 23 | int vector_total(vector*); 24 | static void vector_resize(vector*, int); 25 | void vector_add(vector*, void*); 26 | void vector_set(vector*, int, void*); 27 | void* vector_get(vector*, int); 28 | void vector_delete(vector*, int); 29 | void vector_free(vector*); 30 | 31 | #endif -------------------------------------------------------------------------------- /LEGACY_GarhalController/Aimbot.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "BSPParser.hpp" 3 | #include "data.hpp" 4 | #include "Entity.hpp" 5 | 6 | class Aimbot 7 | { 8 | private: 9 | hazedumper::BSPParser* bspParser; 10 | float defaultSensitivity; 11 | Entity findClosestEnemyToFOV(); 12 | Vector3 angleDifferenceToEntity(Entity& localPlayer, Entity& entity); 13 | Vector3 getViewAngles(); 14 | Vector3 aimAnglesTo(Vector3& entity); 15 | void normalizeAngles(Vector3& angles); 16 | void clampAngles(Vector3& angles); 17 | void setViewAngles(Vector3& viewAngles); 18 | void setSensitivity(float sens); 19 | float getSensitivity(); 20 | bool enemyIsInCrossHair(); 21 | const char* getMapDirectory(); 22 | const char* getGameDirectory(); 23 | public: 24 | Entity localPlayer; 25 | bool aimAssist(); 26 | void aimBot(); 27 | void walkBot(); 28 | void resetSensitivity(); 29 | void TriggerBot(); 30 | bool EnemyIsInCrossHair(); 31 | Aimbot(hazedumper::BSPParser* bspParser); 32 | Aimbot(); 33 | ~Aimbot(); 34 | }; 35 | -------------------------------------------------------------------------------- /GarhalController/Aimbot.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "..\common\bsp\BSPParser.hpp" 3 | #include "data.hpp" 4 | #include "Entity.hpp" 5 | 6 | class Aimbot 7 | { 8 | private: 9 | hazedumper::BSPParser* bspParser; 10 | float defaultSensitivity; 11 | Entity findClosestEnemyToFOV(); 12 | Vector3 angleDifferenceToEntity(Entity& localPlayer, Entity& entity); 13 | Vector3 getViewAngles(); 14 | Vector3 aimAnglesTo(Vector3& entity); 15 | void normalizeAngles(Vector3& angles); 16 | void clampAngles(Vector3& angles); 17 | void setViewAngles(Vector3& viewAngles); 18 | void setSensitivity(float sens); 19 | float getSensitivity(); 20 | bool enemyIsInCrossHair(); 21 | const char* getMapDirectory(); 22 | const char* getGameDirectory(); 23 | public: 24 | Entity localPlayer; 25 | bool aimAssist(); 26 | void aimBot(); 27 | void walkBot(); 28 | void resetSensitivity(); 29 | void TriggerBot(); 30 | bool EnemyIsInCrossHair(); 31 | Aimbot(hazedumper::BSPParser* bspParser); 32 | Aimbot(); 33 | ~Aimbot(); 34 | }; 35 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/garhal.cfg: -------------------------------------------------------------------------------- 1 | #Aimbot Type 0=Disabled, 1=Smooth, 2=Direct 2 | AimbotS = 0 3 | #Aimbot Key (https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes) 4 | AimbotKey = 0x58 5 | #Aimbot Target Head = 1, Body = 2, or both = 3? (Both = hp >= 50 -> head, below body) 0 to disable. 6 | AimbotTarget = 0 7 | #Aimbot Assist begins at Nth bullet. (Used when AimbotS is 1) 8 | AimbotBullets = 3 9 | #Use Bhop? 10 | Bhop = true 11 | #Enable Wallhack 12 | Wallhack = true 13 | #Enable NoFlash 14 | NoFlash = true 15 | #Enable Triggerbot 16 | TriggerBot = false 17 | #Key to use triggerbot, set to 0 to make It automatic. (https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes) 18 | TriggerBotKey = 0 19 | #TriggerBot Allowed Weapon IDs (If you enter 0 everything is allowed) Refer to data.hpp file on github. 20 | TriggerBotAllowed = 9,40 21 | #Enable Triggerbot delay? 22 | TriggerBotDelay = false 23 | #Triggerbot random delay (8,15) means we are delaying randomby between 8-15 millisecs. 0 is good to use at minimum. 24 | TriggerBotDelayNum = 8,15 25 | #Enable Radar mark? 26 | Radar = false -------------------------------------------------------------------------------- /LEGACY_GarhalController/AntiAim.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include "data.hpp" 4 | 5 | class AntiAim 6 | { 7 | public: 8 | AntiAim(); 9 | ~AntiAim(); 10 | void DoAntiAim(); 11 | void SetUserCMDViewAngles(Vector3 viewAngles); 12 | void Hook(DWORD Instance, int Index, DWORD HookFunc); 13 | void HookCreateMove(); 14 | void SetUserCmd(UserCMD_ShellCode cmd); 15 | void Enable(); 16 | Vector3 getLocalViewAngles(); 17 | Vector3 getUserCMDViewAngles(); 18 | DWORD GetVFunc(DWORD inst, int Index); 19 | 20 | private: 21 | HANDLE ProcessHandle; 22 | bool ShouldSetViewAnglesThisTick = false; 23 | 24 | // Should set angle "pointer" (technically a pointer but it points to a "bool" in another address space) 25 | // If true, the game will rely on us to provide viewangles for the userCMD structure (if we don't, they are never changed) 26 | // If false, the game does the viewangles for the userCMD itself 27 | DWORD shouldSetAngles; 28 | //userCMD viewangle x "pointer" 29 | DWORD cmdAngleX; 30 | //userCMD viewangle y "pointer" 31 | DWORD cmdAngleY; 32 | //userCMD viewangle z "pointer" 33 | DWORD cmdAngleZ; 34 | }; 35 | -------------------------------------------------------------------------------- /GarhalController/csgo_settings.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "fifo_map.hpp" 8 | 9 | namespace csgo_settings 10 | { 11 | void ReadConfig(const char* filename); 12 | void WriteConfig(const char* filename); 13 | 14 | extern int AimbotState; 15 | extern int AimbotKey; 16 | extern int AimbotTarget; 17 | extern int AimbotBullets; 18 | extern bool Bhop; 19 | extern bool Wallhack; 20 | extern bool NoFlash; 21 | extern bool TriggerBot; 22 | extern int TriggerBotKey; 23 | extern bool TriggerBotDelay; 24 | extern bool Radar; 25 | extern std::vector TriggerBotAllowed; 26 | extern int TriggerBotDelayMin; 27 | extern int TriggerBotDelayMax; 28 | extern bool useVsync; 29 | extern bool showMenu; 30 | extern nlohmann::fifo_map weaponIds; 31 | extern bool selectedWeaponIds[53]; 32 | extern const std::vector aimbotOptions; 33 | extern const std::vector aimbotTargets; 34 | extern std::unordered_map weaponIdHelper; 35 | } 36 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/BSPParser.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #include "BSPParser.hpp" 9 | #include "TraceRay.hpp" 10 | using namespace hazedumper; 11 | 12 | bool BSPParser::parse_map( const std::string& bsp_directory, const std::string& bsp_file ) 13 | { 14 | if( bsp_directory.empty() || bsp_file.empty() ) { 15 | return false; 16 | } 17 | if( m_LastMap == bsp_file ) { 18 | return true; 19 | } 20 | 21 | std::unique_lock< std::shared_timed_mutex > lock( m_mutex ); 22 | if( m_BSPFile.parse( bsp_directory, bsp_file ) ) { 23 | m_LastMap = bsp_file; 24 | return true; 25 | } 26 | return false; 27 | } 28 | 29 | bool BSPParser::is_visible( const Vector3& origin, const Vector3& final ) 30 | { 31 | std::shared_lock< std::shared_timed_mutex > lock( m_mutex ); 32 | return TraceRay::is_visible( origin, final, &m_BSPFile ); 33 | } 34 | 35 | BSPFile BSPParser::get_bsp( void ) const 36 | { 37 | return m_BSPFile; 38 | } 39 | -------------------------------------------------------------------------------- /Libraries/common/bsp/BSPParser.cpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #include "BSPParser.hpp" 9 | #include "TraceRay.hpp" 10 | using namespace hazedumper; 11 | 12 | bool BSPParser::parse_map(const std::string& bsp_directory, const std::string& bsp_file) 13 | { 14 | if (bsp_directory.empty() || bsp_file.empty()) 15 | { 16 | return false; 17 | } 18 | if (m_LastMap == bsp_file) 19 | { 20 | return true; 21 | } 22 | 23 | std::unique_lock lock(m_mutex); 24 | if (m_BSPFile.parse(bsp_directory, bsp_file)) 25 | { 26 | m_LastMap = bsp_file; 27 | return true; 28 | } 29 | return false; 30 | } 31 | 32 | bool BSPParser::is_visible(const Vector3& origin, const Vector3& final) 33 | { 34 | std::shared_lock lock(m_mutex); 35 | return TraceRay::is_visible(origin, final, &m_BSPFile); 36 | } 37 | 38 | BSPFile BSPParser::get_bsp(void) const 39 | { 40 | return m_BSPFile; 41 | } 42 | -------------------------------------------------------------------------------- /Libraries/imgui/imgui_impl_dx9.h: -------------------------------------------------------------------------------- 1 | // dear imgui: Renderer for DirectX9 2 | // This needs to be used along with a Platform Binding (e.g. Win32) 3 | 4 | // Implemented features: 5 | // [X] Renderer: User texture binding. Use 'LPDIRECT3DTEXTURE9' as ImTextureID. Read the FAQ about ImTextureID! 6 | // [X] Renderer: Support for large meshes (64k+ vertices) with 16-bit indices. 7 | 8 | // You can copy and use unmodified imgui_impl_* files in your project. See main.cpp for an example of using this. 9 | // If you are new to dear imgui, read examples/README.txt and read the documentation at the top of imgui.cpp. 10 | // https://github.com/ocornut/imgui 11 | 12 | #pragma once 13 | #include "imgui.h" // IMGUI_IMPL_API 14 | 15 | struct IDirect3DDevice9; 16 | 17 | IMGUI_IMPL_API bool ImGui_ImplDX9_Init(IDirect3DDevice9* device); 18 | IMGUI_IMPL_API void ImGui_ImplDX9_Shutdown(); 19 | IMGUI_IMPL_API void ImGui_ImplDX9_NewFrame(); 20 | IMGUI_IMPL_API void ImGui_ImplDX9_RenderDrawData(ImDrawData* draw_data); 21 | 22 | // Use if you want to reset your rendering device without losing Dear ImGui state. 23 | IMGUI_IMPL_API bool ImGui_ImplDX9_CreateDeviceObjects(); 24 | IMGUI_IMPL_API void ImGui_ImplDX9_InvalidateDeviceObjects(); 25 | -------------------------------------------------------------------------------- /Libraries/imgui/imgui_stdlib.h: -------------------------------------------------------------------------------- 1 | // dear imgui: wrappers for C++ standard library (STL) types (std::string, etc.) 2 | // This is also an example of how you may wrap your own similar types. 3 | 4 | // Compatibility: 5 | // - std::string support is only guaranteed to work from C++11. 6 | // If you try to use it pre-C++11, please share your findings (w/ info about compiler/architecture) 7 | 8 | // Changelog: 9 | // - v0.10: Initial version. Added InputText() / InputTextMultiline() calls with std::string 10 | 11 | #pragma once 12 | 13 | #include 14 | 15 | namespace ImGui 16 | { 17 | // ImGui::InputText() with std::string 18 | // Because text input needs dynamic resizing, we need to setup a callback to grow the capacity 19 | IMGUI_API bool InputText(const char* label, std::string* str, ImGuiInputTextFlags flags = 0, ImGuiInputTextCallback callback = NULL, void* user_data = NULL); 20 | IMGUI_API bool InputTextMultiline(const char* label, std::string* str, const ImVec2& size = ImVec2(0, 0), ImGuiInputTextFlags flags = 0, ImGuiInputTextCallback callback = NULL, void* user_data = NULL); 21 | IMGUI_API bool InputTextWithHint(const char* label, const char* hint, std::string* str, ImGuiInputTextFlags flags = 0, ImGuiInputTextCallback callback = NULL, void* user_data = NULL); 22 | } 23 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/Entity.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "data.hpp" 3 | 4 | class Entity 5 | { 6 | private: 7 | uint32_t EntityAddress = 0; 8 | public: 9 | //Vector3 getBonePosition(uint32_t boneId); 10 | Vector3 getAbsolutePosition(); 11 | Vector3 getFeetPosition(); 12 | Vector3 getAimPunch(); 13 | Vector3 getVelocity(); 14 | Vector3 getHeadPosition(); 15 | Vector3 GetBonePosition(uint32_t targetBone); 16 | 17 | DWORD GetWeaponHandle(); 18 | DWORD GetCurrentWeapon(); 19 | 20 | uint32_t GetEntityAddress(); 21 | uint32_t GetGlowIndex(); 22 | uint16_t GetCurrentWeaponID(); 23 | uint16_t GetWeaponIndex(); 24 | uint16_t getCrosshairId(); 25 | uint16_t getShotsFired(); 26 | uint8_t getHealth(); 27 | uint8_t getForceAttack(); 28 | uint8_t getTeam(); 29 | void SetFlashAlpha(float num); 30 | void SetForceJump(uint8_t value); 31 | void setForceAttack(uint8_t value); 32 | void setForceAttack2(uint8_t value); 33 | void shoot(); 34 | void SetCorrectGlowStruct(uint8_t LocalPlayerTeam, uint32_t GlowObject); 35 | 36 | bool IsDormant(); 37 | bool IsDefusing(); 38 | bool isInAir(); 39 | bool isValidPlayer(); 40 | bool IsCrouching(); 41 | Entity(); 42 | Entity(uint32_t EntityAddress); 43 | ~Entity(); 44 | }; 45 | -------------------------------------------------------------------------------- /Libraries/imgui/imgui_impl_dx11.h: -------------------------------------------------------------------------------- 1 | // dear imgui: Renderer Backend for DirectX11 2 | // This needs to be used along with a Platform Backend (e.g. Win32) 3 | 4 | // Implemented features: 5 | // [X] Renderer: User texture binding. Use 'ID3D11ShaderResourceView*' as ImTextureID. Read the FAQ about ImTextureID! 6 | // [X] Renderer: Support for large meshes (64k+ vertices) with 16-bit indices. 7 | 8 | // You can use unmodified imgui_impl_* files in your project. See examples/ folder for examples of using this. 9 | // Prefer including the entire imgui/ repository into your project (either as a copy or as a submodule), and only build the backends you need. 10 | // If you are new to Dear ImGui, read documentation from the docs/ folder + read the top of imgui.cpp. 11 | // Read online: https://github.com/ocornut/imgui/tree/master/docs 12 | 13 | #pragma once 14 | #include "imgui.h" // IMGUI_IMPL_API 15 | 16 | struct ID3D11Device; 17 | struct ID3D11DeviceContext; 18 | 19 | IMGUI_IMPL_API bool ImGui_ImplDX11_Init(ID3D11Device* device, ID3D11DeviceContext* device_context); 20 | IMGUI_IMPL_API void ImGui_ImplDX11_Shutdown(); 21 | IMGUI_IMPL_API void ImGui_ImplDX11_NewFrame(); 22 | IMGUI_IMPL_API void ImGui_ImplDX11_RenderDrawData(ImDrawData* draw_data); 23 | 24 | // Use if you want to reset your rendering device without losing Dear ImGui state. 25 | IMGUI_IMPL_API void ImGui_ImplDX11_InvalidateDeviceObjects(); 26 | IMGUI_IMPL_API bool ImGui_ImplDX11_CreateDeviceObjects(); 27 | -------------------------------------------------------------------------------- /LEGACY_GarhalRankDisplayer/GarhalRankDisplayer.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Header Files 25 | 26 | 27 | Header Files 28 | 29 | 30 | Header Files 31 | 32 | 33 | Header Files 34 | 35 | 36 | -------------------------------------------------------------------------------- /Libraries/imgui/InputSystem.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #ifndef _inputsystem_ 3 | #define _inputsystem_ 4 | 5 | #include 6 | 7 | enum INPUTS 8 | { 9 | LBUTTON_DOWN, 10 | LBUTTON_CLICKED, 11 | KEY_INSERT_PRESSED, 12 | MAX_INPUT 13 | }; 14 | 15 | class InputSystem 16 | { 17 | int MouseX, MouseY; 18 | public: 19 | bool InputStates[MAX_INPUT]; 20 | 21 | InputSystem() 22 | { 23 | memset(InputStates, 0, sizeof(InputStates)); 24 | MouseX = 0; 25 | MouseY = 0; 26 | } 27 | 28 | void UpdateMousePos(int diffx, int diffy) 29 | { 30 | POINT p; 31 | if (GetCursorPos(&p)) 32 | { 33 | MouseX = p.x - (diffx / 2); 34 | MouseY = p.y - (diffy / 2); 35 | } 36 | } 37 | 38 | void GetMousePos(int& x, int& y) 39 | { 40 | x = MouseX; 41 | y = MouseY; 42 | } 43 | 44 | void PollInputState(bool ShouldSave) 45 | { 46 | if ((GetAsyncKeyState(VK_LBUTTON) >> 16) & 1) 47 | { 48 | if (ShouldSave) 49 | InputStates[LBUTTON_DOWN] = true; 50 | } 51 | else 52 | { 53 | if (ShouldSave) 54 | InputStates[LBUTTON_DOWN] = false; 55 | } 56 | 57 | if (GetAsyncKeyState(VK_LBUTTON) & 1) 58 | { 59 | if (ShouldSave) 60 | InputStates[LBUTTON_CLICKED] = true; 61 | } 62 | else 63 | { 64 | if (ShouldSave) 65 | InputStates[LBUTTON_CLICKED] = false; 66 | } 67 | } 68 | }; 69 | 70 | #endif 71 | -------------------------------------------------------------------------------- /Libraries/common/bsp/BSPParser.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #pragma once 9 | #include "BSPFile.hpp" 10 | #include 11 | 12 | namespace hazedumper 13 | { 14 | class BSPParser 15 | { 16 | public: 17 | BSPParser(void) = default; 18 | 19 | /** 20 | * @brief Parse a bsp file. 21 | * 22 | * @param[in] bsp_directory The bsp directory 23 | * @param[in] bsp_file The bsp file 24 | * 25 | * @return True if the bsp file got parsed or is currently cached, 26 | * False if BSPFile::parse() fails. 27 | */ 28 | bool parse_map(const std::string& bsp_directory, const std::string& bsp_file); 29 | 30 | /** 31 | * @brief Determines if visible. 32 | * 33 | * @param[in] origin The origin 34 | * @param[in] final The final position 35 | * 36 | * @return True if visible, False otherwise. 37 | */ 38 | bool is_visible(const Vector3& origin, const Vector3& final); 39 | 40 | /** 41 | * @brief Gets the bsp file. 42 | * 43 | * @return The bsp file. 44 | */ 45 | BSPFile get_bsp(void) const; 46 | 47 | private: 48 | BSPFile m_BSPFile; 49 | std::string m_LastMap; 50 | std::shared_timed_mutex m_mutex; 51 | }; 52 | } 53 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/BSPParser.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #pragma once 9 | #include "BSPFile.hpp" 10 | #include 11 | 12 | namespace hazedumper { 13 | 14 | class BSPParser 15 | { 16 | public: 17 | BSPParser( void ) = default; 18 | 19 | /** 20 | * @brief Parse a bsp file. 21 | * 22 | * @param[in] bsp_directory The bsp directory 23 | * @param[in] bsp_file The bsp file 24 | * 25 | * @return True if the bsp file got parsed or is currently cached, 26 | * False if BSPFile::parse() fails. 27 | */ 28 | bool parse_map( const std::string& bsp_directory, const std::string& bsp_file ); 29 | 30 | /** 31 | * @brief Determines if visible. 32 | * 33 | * @param[in] origin The origin 34 | * @param[in] final The final position 35 | * 36 | * @return True if visible, False otherwise. 37 | */ 38 | bool is_visible( const Vector3& origin, const Vector3& final ); 39 | 40 | /** 41 | * @brief Gets the bsp file. 42 | * 43 | * @return The bsp file. 44 | */ 45 | BSPFile get_bsp( void ) const; 46 | 47 | private: 48 | BSPFile m_BSPFile; 49 | std::string m_LastMap; 50 | std::shared_timed_mutex m_mutex; 51 | }; 52 | } 53 | -------------------------------------------------------------------------------- /GarhalController/Entity.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "data.hpp" 3 | 4 | class Entity 5 | { 6 | private: 7 | uint32_t EntityAddress = 0; 8 | uint32_t StudioHdrAddress = 0; 9 | StudioHdr StudioHdrSt = {}; 10 | StudioHitboxSet StudioHitBoxSet = {}; 11 | StudioBBox StudioHitBoxes[MAX_STUDIO_BONES]; 12 | StudioBone StudioBones[MAX_STUDIO_BONES]; 13 | public: 14 | Vector3 BonePositions[MAX_STUDIO_BONES]; 15 | std::pair BonePairs[MAX_STUDIO_BONES]; 16 | uint8_t CurrentBonePairs = 0; 17 | 18 | //Vector3 getBonePosition(uint32_t boneId); 19 | Vector3 getAbsolutePosition(); 20 | Vector3 getFeetPosition(); 21 | Vector3 getAimPunch(); 22 | Vector3 getVelocity(); 23 | Vector3 getHeadPosition(); 24 | Vector3 GetBonePosition(uint32_t targetBone); 25 | RenderData getRenderData(uint8_t OurTeam, Vector3 screenPos, float inGameDistance); 26 | 27 | DWORD GetWeaponHandle(); 28 | DWORD GetCurrentWeapon(); 29 | 30 | uint32_t GetEntityAddress(); 31 | uint32_t GetGlowIndex(); 32 | uint16_t GetCurrentWeaponID(); 33 | uint16_t GetWeaponIndex(); 34 | uint16_t getCrosshairId(); 35 | uint16_t getShotsFired(); 36 | uint8_t getHealth(); 37 | uint8_t getForceAttack(); 38 | uint8_t getTeam(); 39 | void BuildBonePairs(); 40 | void SetFlashAlpha(float num); 41 | void SetForceJump(uint8_t value); 42 | void setForceAttack(uint8_t value); 43 | void setForceAttack2(uint8_t value); 44 | void shoot(); 45 | void SetCorrectGlowStruct(uint8_t LocalPlayerTeam, uint32_t GlowObject); 46 | 47 | bool IsDormant(); 48 | bool IsDefusing(); 49 | bool isInAir(); 50 | bool isValidPlayer(); 51 | bool IsCrouching(); 52 | Entity(); 53 | Entity(uint32_t EntityAddress); 54 | ~Entity(); 55 | }; 56 | -------------------------------------------------------------------------------- /LEGACY_GarhalRankDisplayer/communications.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | /* IOCTL Codes needed for our driver */ 6 | 7 | // Request to read virtual user memory (memory of a program) from kernel space 8 | #define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0666 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 9 | 10 | // Request to retrieve the process id of csgo process, from kernel space 11 | #define IO_GET_ID_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0668 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 12 | 13 | // Request to retrieve the base address of client.dll in csgo.exe from kernel space 14 | #define IO_GET_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0669 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 15 | 16 | // Request to retrieve the base address of engine.dll in csgo.exe from kernel space 17 | #define IO_GET_ENGINE_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0670 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 18 | 19 | // Order driver to apply full protection on RankReader 20 | #define IO_PROTECT_RANKREADER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0674 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 21 | 22 | typedef struct _KERNEL_READ_REQUEST 23 | { 24 | ULONG ProcessId; 25 | 26 | ULONG Address; 27 | PVOID pBuff; 28 | ULONG Size; 29 | 30 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST; 31 | 32 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 33 | { 34 | HANDLE Section; 35 | PVOID MappedBase; 36 | PVOID ImageBase; 37 | ULONG ImageSize; 38 | ULONG Flags; 39 | USHORT LoadOrderIndex; 40 | USHORT InitOrderIndex; 41 | USHORT LoadCount; 42 | USHORT OffsetToFileName; 43 | UCHAR FullPathName[256]; 44 | } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION; 45 | 46 | typedef struct _RTL_PROCESS_MODULES 47 | { 48 | ULONG NumberOfModules; 49 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 50 | } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES; -------------------------------------------------------------------------------- /GarhalController/icons.cpp: -------------------------------------------------------------------------------- 1 | #include "icons.h" 2 | 3 | const BYTE GarhalLogo[320] = { 4 | 0x52, 0x49, 0x46, 0x46, 0x38, 0x01, 0x00, 0x00, 0x57, 0x45, 0x42, 0x50, 5 | 0x56, 0x50, 0x38, 0x4C, 0x2B, 0x01, 0x00, 0x00, 0x2F, 0x9F, 0xC0, 0x27, 6 | 0x10, 0x87, 0xC0, 0x20, 0x00, 0xC0, 0x32, 0x53, 0xFF, 0x3E, 0x4B, 0xB1, 7 | 0x02, 0xB6, 0x77, 0x33, 0x89, 0xDA, 0x48, 0xB6, 0x92, 0x2F, 0xD0, 0x7F, 8 | 0x4E, 0x0D, 0x94, 0x41, 0x17, 0x1A, 0x92, 0xBA, 0x13, 0x28, 0x8D, 0x64, 9 | 0xAB, 0xF9, 0xC9, 0xFD, 0x0F, 0x9A, 0x32, 0xA9, 0x86, 0x9A, 0xE8, 0x02, 10 | 0x9F, 0x75, 0x9C, 0x99, 0xFF, 0x00, 0x00, 0xFE, 0x7B, 0x32, 0xE9, 0xC9, 11 | 0x2F, 0xA6, 0xF7, 0x96, 0x84, 0xCE, 0xA5, 0x9C, 0x5D, 0xAE, 0xBA, 0x71, 12 | 0x15, 0xD0, 0x98, 0xD4, 0x5A, 0xCC, 0x5C, 0xA5, 0x9E, 0x11, 0x1D, 0x1D, 13 | 0xE6, 0x5B, 0xDA, 0x04, 0x48, 0x8E, 0x24, 0x49, 0x8A, 0x1A, 0x6A, 0xA5, 14 | 0x6A, 0x12, 0xF8, 0xFF, 0x83, 0x4D, 0x39, 0xDB, 0xAD, 0x90, 0x22, 0xFA, 15 | 0x3F, 0x01, 0xD7, 0xC7, 0xD1, 0x82, 0x9F, 0x10, 0x0A, 0x0E, 0xAC, 0x38, 16 | 0xB0, 0x60, 0xCE, 0x13, 0x4F, 0x79, 0x03, 0x2B, 0xDE, 0x53, 0x0B, 0x8E, 17 | 0xD4, 0x86, 0xA2, 0xE7, 0xB8, 0x82, 0x03, 0x0B, 0xDE, 0x53, 0x0B, 0xD6, 18 | 0x6F, 0x7E, 0xA6, 0xBE, 0xF0, 0x1C, 0x37, 0xB0, 0xA6, 0x96, 0xD4, 0x8A, 19 | 0x37, 0x7C, 0xA0, 0xBC, 0x50, 0xAE, 0x5F, 0x78, 0x2A, 0xAB, 0x28, 0x0F, 20 | 0xBC, 0x61, 0xC5, 0xF6, 0x63, 0x0B, 0x36, 0x7C, 0x63, 0xC7, 0x86, 0xE7, 21 | 0xB3, 0x67, 0xEA, 0xC0, 0x8A, 0x0D, 0x2B, 0x36, 0xDC, 0xA9, 0x15, 0xA5, 22 | 0xA7, 0x06, 0x0E, 0xBC, 0xF0, 0x7C, 0xF6, 0x42, 0xD1, 0x8E, 0xA2, 0x1B, 23 | 0x1F, 0xA9, 0x81, 0x1D, 0x03, 0x57, 0xEA, 0xC4, 0x93, 0x9A, 0xBE, 0xF0, 24 | 0x8D, 0x52, 0xB1, 0x63, 0xC5, 0x48, 0xDD, 0xA9, 0x0B, 0x37, 0x06, 0x9E, 25 | 0xDE, 0x72, 0x27, 0x6E, 0x5C, 0xA9, 0x1B, 0x17, 0xCA, 0xC2, 0xC0, 0x85, 26 | 0x13, 0x03, 0x4F, 0x6F, 0x1D, 0x25, 0x30, 0x47, 0x37, 0x2E, 0xDC, 0xB8, 27 | 0x30, 0x50, 0xAE, 0x1F, 0x7B, 0x3E, 0xCB, 0x9D, 0xB8, 0x51, 0x02, 0x17, 28 | 0x6E, 0x5C, 0x18, 0x38, 0x31, 0xF0, 0x6C, 0xF7, 0x85, 0x13, 0x03, 0x77, 29 | 0x6A, 0xE0, 0x4C, 0xBD, 0xFE, 0xDC, 0xF3, 0x59, 0xEE, 0xFC, 0xB1, 0x81, 30 | 0xD7, 0x3F, 0x7B, 0x3E, 0xFB, 0x0C, 0x08, 0x00 31 | }; 32 | -------------------------------------------------------------------------------- /GarhalController/Engine.cpp: -------------------------------------------------------------------------------- 1 | #include "Engine.hpp" 2 | #include "offsets.hpp" 3 | 4 | // hazedumper namespace 5 | using namespace hazedumper::netvars; 6 | using namespace hazedumper::signatures; 7 | 8 | bool engine::worldToScreen(const Vector3& from, Vector3& to) 9 | { 10 | WorldToScreenMatrix matrix = Driver.ReadVirtualMemory(ProcessId, ClientAddress + dwViewMatrix, sizeof(WorldToScreenMatrix)); 11 | 12 | const auto w = matrix(3, 0) * from(0) + matrix(3, 1) * from(1) + matrix(3, 2) * from(2) + matrix(3, 3); 13 | if (w < 0.001f) 14 | return false; 15 | 16 | to(0) = ImGui::GetIO().DisplaySize.x / 2.0f; 17 | to(1) = ImGui::GetIO().DisplaySize.y / 2.0f; 18 | to(0) *= 1.0f + (matrix(0, 0) * from(0) + matrix(0, 1) * from(1) + matrix(0, 2) * from(2) + matrix(0, 3)) / w; 19 | to(1) *= 1.0f - (matrix(1, 0) * from(0) + matrix(1, 1) * from(1) + matrix(1, 2) * from(2) + matrix(1, 3)) / w; 20 | 21 | return true; 22 | } 23 | 24 | bool engine::IsInGame() 25 | { 26 | uint32_t ClientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 27 | uint32_t Second = Driver.ReadVirtualMemory(ProcessId, ClientState + dwClientState_State, sizeof(uint32_t)); 28 | return GetGameState(Second) == InGame; 29 | } 30 | 31 | GameState engine::GetGameState(uint8_t State) 32 | { 33 | switch (State) 34 | { 35 | case 0: return Lobby; 36 | case 1: return Loading; 37 | case 2: return Connecting; 38 | case 5: return Connected; 39 | case 6: return InGame; 40 | } 41 | return UnknownG; 42 | } 43 | 44 | Vector3 engine::getViewAngles() 45 | { 46 | uint32_t ClientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 47 | return Driver.ReadVirtualMemory(ProcessId, ClientState + dwClientState_ViewAngles, sizeof(Vector3)); 48 | } 49 | 50 | void engine::setViewAngles(Vector3& viewAngles) 51 | { 52 | uint32_t clientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 53 | Driver.WriteVirtualMemory(ProcessId, clientState + dwClientState_ViewAngles, viewAngles, sizeof(viewAngles)); 54 | } -------------------------------------------------------------------------------- /GarhalController/utils.cpp: -------------------------------------------------------------------------------- 1 | #include "utils.hpp" 2 | 3 | #include "Engine.hpp" 4 | #include "..\common\bsp\BSPStructure.hpp" 5 | 6 | 7 | Entity utils::CreateEntity(uint32_t Address) 8 | { 9 | if (Address > 0) 10 | { 11 | Entity entity(Address); 12 | return entity; 13 | } 14 | 15 | Entity dummy(0); 16 | return dummy; 17 | } 18 | 19 | std::string utils::GenerateStr(const int len) 20 | { 21 | std::string str; 22 | static const char alphanum[] = 23 | "0123456789" 24 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 25 | "abcdefghijklmnopqrstuvwxyz"; 26 | 27 | srand((unsigned)time(NULL) * _getpid()); 28 | 29 | for (int i = 0; i < len; ++i) 30 | { 31 | str += alphanum[rand() % (sizeof(alphanum) - 1)]; 32 | } 33 | 34 | 35 | return str; 36 | } 37 | 38 | std::vector utils::Split(std::string s, std::string delimiter) 39 | { 40 | size_t pos_start = 0, pos_end, delim_len = delimiter.length(); 41 | std::string token; 42 | std::vector res; 43 | 44 | while ((pos_end = s.find(delimiter, pos_start)) != std::string::npos) 45 | { 46 | token = s.substr(pos_start, pos_end - pos_start); 47 | pos_start = pos_end + delim_len; 48 | res.push_back(token); 49 | } 50 | 51 | res.push_back(s.substr(pos_start)); 52 | return res; 53 | } 54 | 55 | bool utils::IsProcessElevated(HANDLE processHandle) 56 | { 57 | BOOL fIsElevated = FALSE; 58 | HANDLE hToken = NULL; 59 | TOKEN_ELEVATION elevation; 60 | DWORD dwSize; 61 | 62 | if (!OpenProcessToken(processHandle, TOKEN_QUERY, &hToken)) 63 | { 64 | goto Cleanup; 65 | } 66 | 67 | if (!GetTokenInformation(hToken, TokenElevation, &elevation, sizeof(elevation), &dwSize)) 68 | { 69 | goto Cleanup; 70 | } 71 | 72 | fIsElevated = elevation.TokenIsElevated; 73 | 74 | Cleanup: 75 | if (hToken) 76 | { 77 | CloseHandle(hToken); 78 | hToken = NULL; 79 | } 80 | 81 | return fIsElevated; 82 | } 83 | 84 | 85 | hazedumper::Vector2 utils::toWinPos(hazedumper::Vector2& screenPos, float width, float height) 86 | { 87 | return hazedumper::Vector2((screenPos.at(0) + width) / 2, (-screenPos.at(1) + height) / 2); 88 | } -------------------------------------------------------------------------------- /Libraries/imgui/imgui_impl_win32_client.h: -------------------------------------------------------------------------------- 1 | // dear imgui: Platform Binding for Windows (standard windows API for 32 and 64 bits applications) 2 | // This needs to be used along with a Renderer (e.g. DirectX11, OpenGL3, Vulkan..) 3 | 4 | // Implemented features: 5 | // [X] Platform: Clipboard support (for Win32 this is actually part of core dear imgui) 6 | // [X] Platform: Mouse cursor shape and visibility. Disable with 'io.ConfigFlags |= ImGuiConfigFlags_NoMouseCursorChange'. 7 | // [X] Platform: Keyboard arrays indexed using VK_* Virtual Key Codes, e.g. ImGui::IsKeyPressed(VK_SPACE). 8 | // [X] Platform: Gamepad support. Enabled with 'io.ConfigFlags |= ImGuiConfigFlags_NavEnableGamepad'. 9 | 10 | #pragma once 11 | #include "imgui.h" // IMGUI_IMPL_API 12 | 13 | IMGUI_IMPL_API bool ImGui_ImplWin32_Init(void* hwnd); 14 | IMGUI_IMPL_API void ImGui_ImplWin32_Shutdown(); 15 | IMGUI_IMPL_API void ImGui_ImplWin32_NewFrame(); 16 | 17 | // Configuration 18 | // - Disable gamepad support or linking with xinput.lib 19 | //#define IMGUI_IMPL_WIN32_DISABLE_GAMEPAD 20 | //#define IMGUI_IMPL_WIN32_DISABLE_LINKING_XINPUT 21 | 22 | // Win32 message handler your application need to call. 23 | // - Intentionally commented out in a '#if 0' block to avoid dragging dependencies on from this helper. 24 | // - You should COPY the line below into your .cpp code to forward declare the function and then you can call it. 25 | #if 0 26 | extern IMGUI_IMPL_API LRESULT ImGui_ImplWin32_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); 27 | #endif 28 | 29 | // DPI-related helpers (optional) 30 | // - Use to enable DPI awareness without having to create an application manifest. 31 | // - Your own app may already do this via a manifest or explicit calls. This is mostly useful for our examples/ apps. 32 | // - In theory we could call simple functions from Windows SDK such as SetProcessDPIAware(), SetProcessDpiAwareness(), etc. 33 | // but most of the functions provided by Microsoft require Windows 8.1/10+ SDK at compile time and Windows 8/10+ at runtime, 34 | // neither we want to require the user to have. So we dynamically select and load those functions to avoid dependencies. 35 | IMGUI_IMPL_API void ImGui_ImplWin32_EnableDpiAwareness(); 36 | IMGUI_IMPL_API float ImGui_ImplWin32_GetDpiScaleForHwnd(void* hwnd); // HWND hwnd 37 | IMGUI_IMPL_API float ImGui_ImplWin32_GetDpiScaleForMonitor(void* monitor); // HMONITOR monitor 38 | -------------------------------------------------------------------------------- /Libraries/imgui/imgui_extensions.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef IMGUI_DEFINE_MATH_OPERATORS 4 | #define IMGUI_DEFINE_MATH_OPERATORS 5 | #endif 6 | 7 | #include 8 | #include "imgui.h" 9 | #include "imgui_internal.h" 10 | #include 11 | #include 12 | 13 | namespace ImGui 14 | { 15 | bool IsCustomKeyPressed(UINT hotkey, bool isHeldDownKeyBind); 16 | bool ListBox(const char* label, int* current_item, const std::vector& values); 17 | 18 | 19 | // Helper functions 20 | void SetMenuLocation(ImVec2 _resolution); 21 | bool TabNew(const char* str_id, const bool isActive, const ImVec2& size_arg, ImTextureID icon = nullptr, ImGuiButtonFlags flags = NULL); 22 | 23 | // Another slider logic was neccesarry due to fixed values like grab padding, grab size, centring in original code. Made grab match it's boundaries. 24 | // This is not a duplicate 25 | template 26 | bool SliderBehaviorTNew(const ImRect& bb, ImGuiID id, ImGuiDataType data_type, TYPE* v, const TYPE v_min, const TYPE v_max, const char* format, ImGuiSliderFlags flags, ImRect* out_grab_bb); 27 | bool SliderBehaviorNew(const ImRect& bb, ImGuiID id, ImGuiDataType data_type, void* p_v, const void* p_min, const void* p_max, const char* format, ImGuiSliderFlags flags, ImRect* out_grab_bb); 28 | // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 29 | 30 | // Old sliders 31 | bool SliderScalarNew(const char* label, ImGuiDataType data_type, void* p_data, const void* p_min, const void* p_max, bool isActive = true, const char* format = NULL, ImGuiSliderFlags flags = NULL); 32 | bool SliderFloatNew(const char* label, float* v, float v_min, float v_max, bool isActive = true, const char* format = "%.3f", ImGuiSliderFlags flags = NULL); 33 | bool SliderIntNew(const char* label, int* v, int v_min, int v_max, bool isActive = true, const char* format = "%d", ImGuiSliderFlags flags = NULL); 34 | 35 | bool CheckboxNew(const char* label, bool* v, ImGuiButtonFlags flags = NULL); 36 | 37 | bool ListBoxNew(const char* label, int* current_item, bool (*items_getter)(void* data, int idx, const char** out_text), void* data, int items_count, int height_in_items = -1); 38 | bool BeginListBoxNew(const char* label, const ImVec2& size = ImVec2(0, 0)); 39 | 40 | 41 | // Dummy functions for initing imgui styling 42 | void InitStyle(); 43 | void InitColors(); 44 | } 45 | -------------------------------------------------------------------------------- /Garhal/gstructs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | typedef struct _LDR_DATA_TABLE_ENTRY 7 | { 8 | LIST_ENTRY InLoadOrderLinks; 9 | LIST_ENTRY InMemoryOrderLinks; 10 | LIST_ENTRY InInitializationOrderLinks; 11 | PVOID DllBase; 12 | PVOID EntryPoint; 13 | ULONG SizeOfImage; 14 | UNICODE_STRING FullDllName; 15 | UNICODE_STRING BaseDllName; 16 | ULONG Flags; 17 | WORD LoadCount; 18 | WORD TlsIndex; 19 | union 20 | { 21 | LIST_ENTRY HashLinks; 22 | struct 23 | { 24 | PVOID SectionPointer; 25 | ULONG CheckSum; 26 | }; 27 | }; 28 | union 29 | { 30 | ULONG TimeDateStamp; 31 | PVOID LoadedImports; 32 | }; 33 | struct _ACTIVATION_CONTEXT* EntryPointActivationContext; 34 | PVOID PatchInformation; 35 | LIST_ENTRY ForwarderLinks; 36 | LIST_ENTRY ServiceTagLinks; 37 | LIST_ENTRY StaticLinks; 38 | } LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY; 39 | 40 | typedef struct _LDR_DATA_TABLE_ENTRY32 41 | { 42 | LIST_ENTRY32 InLoadOrderLinks; 43 | LIST_ENTRY32 InMemoryOrderLinks; 44 | LIST_ENTRY32 InInitializationOrderLinks; 45 | ULONG DllBase; 46 | ULONG EntryPoint; 47 | ULONG SizeOfImage; 48 | UNICODE_STRING32 FullDllName; 49 | UNICODE_STRING32 BaseDllName; 50 | ULONG Flags; 51 | USHORT LoadCount; 52 | USHORT TlsIndex; 53 | LIST_ENTRY32 HashLinks; 54 | ULONG TimeDateStamp; 55 | } LDR_DATA_TABLE_ENTRY32, * PLDR_DATA_TABLE_ENTRY32; 56 | 57 | typedef struct _PEB_LDR_DATA32 58 | { 59 | ULONG Length; 60 | UCHAR Initialized; 61 | ULONG SsHandle; 62 | LIST_ENTRY32 InLoadOrderModuleList; 63 | LIST_ENTRY32 InMemoryOrderModuleList; 64 | LIST_ENTRY32 InInitializationOrderModuleList; 65 | } PEB_LDR_DATA32, * PPEB_LDR_DATA32; 66 | 67 | typedef struct _PEB_LDR_DATA { 68 | BYTE Reserved1[8]; 69 | PVOID Reserved2[3]; 70 | LIST_ENTRY InMemoryOrderModuleList; 71 | } PEB_LDR_DATA, * PPEB_LDR_DATA; 72 | 73 | typedef struct _PEB32 74 | { 75 | UCHAR InheritedAddressSpace; 76 | UCHAR ReadImageFileExecOptions; 77 | UCHAR BeingDebugged; 78 | UCHAR BitField; 79 | ULONG Mutant; 80 | ULONG ImageBaseAddress; 81 | ULONG Ldr; 82 | ULONG ProcessParameters; 83 | ULONG SubSystemData; 84 | ULONG ProcessHeap; 85 | ULONG FastPebLock; 86 | ULONG AtlThunkSListPtr; 87 | ULONG IFEOKey; 88 | ULONG CrossProcessFlags; 89 | ULONG UserSharedInfoPtr; 90 | ULONG SystemReserved; 91 | ULONG AtlThunkSListPtr32; 92 | ULONG ApiSetMap; 93 | } PEB32, * PPEB32; 94 | 95 | typedef struct _MODULEENTRY 96 | { 97 | ULONG Address; 98 | ULONG Size; 99 | } MODULEENTRY, * PMODULEENTRY; -------------------------------------------------------------------------------- /Garhal/vector.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "ntifs.h" 3 | #include "vector.h" 4 | 5 | void vector_init(vector* v) 6 | { 7 | v->capacity = VECTOR_INIT_CAPACITY; 8 | v->total = 0; 9 | v->items = (void**)MmAllocateNonCachedMemory(sizeof(void*) * v->capacity); 10 | } 11 | 12 | int vector_total(vector* v) 13 | { 14 | if (v == NULL) 15 | { 16 | return -1; 17 | } 18 | 19 | return v->total; 20 | } 21 | 22 | static void vector_resize(vector* v, int capacity) 23 | { 24 | if (v == NULL || v->items == NULL) 25 | { 26 | return; 27 | } 28 | 29 | void** items = (void**)MmAllocateNonCachedMemory(sizeof(void*) * capacity); 30 | if (items) 31 | { 32 | for (int i = 0; i < v->total; i++) 33 | { 34 | items[i] = v->items[i]; 35 | } 36 | 37 | vector_free(v); 38 | 39 | v->items = items; 40 | v->capacity = capacity; 41 | } 42 | } 43 | 44 | void vector_add(vector* v, void* item) 45 | { 46 | if (v == NULL || v->items == NULL) 47 | { 48 | return; 49 | } 50 | 51 | if (v->capacity == v->total) 52 | { 53 | vector_resize(v, v->capacity * 2); 54 | } 55 | 56 | v->items[v->total++] = item; 57 | v->capacity = v->total; 58 | } 59 | 60 | void vector_set(vector* v, int index, void* item) 61 | { 62 | if (v != NULL && v->items != NULL && index >= 0 && index < v->total) 63 | { 64 | v->items[index] = item; 65 | } 66 | } 67 | 68 | void* vector_get(vector* v, int index) 69 | { 70 | if (v != NULL && v->items != NULL && index >= 0 && index < v->total) 71 | { 72 | return v->items[index]; 73 | } 74 | return NULL; 75 | } 76 | 77 | void vector_delete(vector* v, int index) 78 | { 79 | if (v == NULL || v->items == NULL) 80 | { 81 | return; 82 | } 83 | 84 | if (index < 0 || index >= v->total) 85 | { 86 | return; 87 | } 88 | 89 | v->items[index] = NULL; 90 | 91 | for (int i = index; i < v->total - 1; i++) 92 | { 93 | v->items[i] = v->items[i + 1]; 94 | } 95 | 96 | v->total--; 97 | 98 | if (v->total > 0 && v->total == v->capacity / 4) 99 | { 100 | vector_resize(v, v->capacity / 2); 101 | } 102 | } 103 | 104 | void vector_free(vector* v) 105 | { 106 | if (v != NULL && v->items != NULL) 107 | { 108 | MmFreeNonCachedMemory(v->items, sizeof(void*) * v->capacity); 109 | } 110 | } -------------------------------------------------------------------------------- /LEGACY_GarhalController/Engine.cpp: -------------------------------------------------------------------------------- 1 | #include "Engine.hpp" 2 | #include "offsets.hpp" 3 | 4 | // hazedumper namespace 5 | using namespace hazedumper::netvars; 6 | using namespace hazedumper::signatures; 7 | 8 | bool Engine::worldToScreen(const Vector3& from, Vector3& to) 9 | { 10 | WorldToScreenMatrix matrix = Driver.ReadVirtualMemory(ProcessId, ClientAddress + dwViewMatrix, sizeof(WorldToScreenMatrix)); 11 | 12 | float w = 0.0f; 13 | 14 | to(0) = matrix(0, 0) * from(0) + matrix(0, 1) * from(1) + matrix(0, 2) * from(2) + matrix(0, 3); 15 | to(1) = matrix(1, 0) * from(0) + matrix(1, 1) * from(1) + matrix(1, 2) * from(2) + matrix(1, 3); 16 | w = matrix(3, 0) * from(0) + matrix(3, 1) * from(1) + matrix(3, 2) * from(2) + matrix(3, 3); 17 | 18 | if (w < 0.01f) 19 | return false; 20 | 21 | float wInverse = 1.0f / w; 22 | to(0) *= wInverse; 23 | to(1) *= wInverse; 24 | 25 | float x = SCREEN_WIDTH / 2; 26 | float y = SCREEN_HEIGHT / 2; 27 | 28 | x += 0.5 * to(0) * SCREEN_WIDTH + 0.5; 29 | y -= 0.5 * to(1) * SCREEN_HEIGHT + 0.5; 30 | 31 | to(0) = x; 32 | to(1) = y; 33 | 34 | return true; 35 | } 36 | 37 | bool Engine::IsInGame() 38 | { 39 | uint32_t ClientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 40 | uint32_t Second = Driver.ReadVirtualMemory(ProcessId, ClientState + dwClientState_State, sizeof(uint32_t)); 41 | return GetGameState(Second) == InGame; 42 | } 43 | 44 | GameState Engine::GetGameState(uint8_t State) 45 | { 46 | switch (State) 47 | { 48 | case 0: return Lobby; 49 | case 1: return Loading; 50 | case 2: return Connecting; 51 | case 5: return Connected; 52 | case 6: return InGame; 53 | } 54 | return UnknownG; 55 | } 56 | 57 | Vector3 Engine::getViewAngles() 58 | { 59 | uint32_t ClientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 60 | return Driver.ReadVirtualMemory(ProcessId, ClientState + dwClientState_ViewAngles, sizeof(Vector3)); 61 | } 62 | 63 | void Engine::setViewAngles(Vector3& viewAngles) 64 | { 65 | uint32_t clientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 66 | Driver.WriteVirtualMemory(ProcessId, clientState + dwClientState_ViewAngles, viewAngles, sizeof(viewAngles)); 67 | } 68 | 69 | 70 | Engine::Engine() 71 | { 72 | 73 | } 74 | 75 | 76 | Engine::~Engine() 77 | { 78 | } -------------------------------------------------------------------------------- /Garhal/communication.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | 5 | // Request to read virtual user memory (memory of a program) from kernel space 6 | #define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0666 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 7 | 8 | // Request to write virtual user memory (memory of a program) from kernel space 9 | #define IO_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0667 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 10 | 11 | // Request to retrieve the process id of csgo process, from kernel space 12 | #define IO_GET_ID_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0668 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 13 | 14 | // Request to retrieve the base address of client.dll in csgo.exe from kernel space 15 | #define IO_GET_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0669 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 16 | 17 | // Request to retrieve the base address of engine.dll in csgo.exe from kernel space 18 | #define IO_GET_ENGINE_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0670 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 19 | 20 | // Request size of Client.dll 21 | #define IO_GET_MODULE_REQUEST_LENGTH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0671 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 22 | 23 | // Request size of Engine.dll 24 | #define IO_GET_ENGINE_MODULE_REQUEST_LENGTH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0672 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 25 | 26 | // Order driver to apply full protection on Controller 27 | #define IO_PROTECT_CONTROLLER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0673 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 28 | 29 | // Order driver to apply full protection on RankReader 30 | #define IO_PROTECT_RANKREADER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0674 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 31 | 32 | // Declare the IoControl function. 33 | NTSTATUS IoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp); 34 | 35 | NTSTATUS CloseCall(PDEVICE_OBJECT DeviceObject, PIRP irp); 36 | 37 | NTSTATUS CreateCall(PDEVICE_OBJECT DeviceObject, PIRP irp); 38 | 39 | 40 | // datatype for read request 41 | typedef struct _KERNEL_READ_REQUEST 42 | { 43 | ULONG ProcessId; 44 | 45 | ULONG Address; 46 | PVOID pBuff; 47 | ULONG Size; 48 | 49 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST; 50 | 51 | typedef struct _KERNEL_WRITE_REQUEST 52 | { 53 | ULONG ProcessId; 54 | 55 | ULONG Address; 56 | PVOID pBuff; 57 | ULONG Size; 58 | 59 | } KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST; -------------------------------------------------------------------------------- /Garhal.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.3.32804.467 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Garhal", "Garhal\Garhal.vcxproj", "{D1C93D8F-7063-41DC-AA36-F1B91FA96C56}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "GarhalController", "GarhalController\GarhalController.vcxproj", "{D6B514C9-9BC2-409C-82C6-594AECF81411}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Debug|x64.ActiveCfg = Debug|x64 19 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Debug|x64.Build.0 = Debug|x64 20 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Debug|x64.Deploy.0 = Debug|x64 21 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Debug|x86.ActiveCfg = Debug|Win32 22 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Debug|x86.Build.0 = Debug|Win32 23 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Debug|x86.Deploy.0 = Debug|Win32 24 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Release|x64.ActiveCfg = Release|x64 25 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Release|x64.Build.0 = Release|x64 26 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Release|x64.Deploy.0 = Release|x64 27 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Release|x86.ActiveCfg = Release|Win32 28 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Release|x86.Build.0 = Release|Win32 29 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56}.Release|x86.Deploy.0 = Release|Win32 30 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Debug|x64.ActiveCfg = Debug|x64 31 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Debug|x64.Build.0 = Debug|x64 32 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Debug|x86.ActiveCfg = Debug|Win32 33 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Debug|x86.Build.0 = Debug|Win32 34 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Release|x64.ActiveCfg = Release|x64 35 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Release|x64.Build.0 = Release|x64 36 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Release|x86.ActiveCfg = Release|Win32 37 | {D6B514C9-9BC2-409C-82C6-594AECF81411}.Release|x86.Build.0 = Release|Win32 38 | EndGlobalSection 39 | GlobalSection(SolutionProperties) = preSolution 40 | HideSolutionNode = FALSE 41 | EndGlobalSection 42 | GlobalSection(ExtensibilityGlobals) = postSolution 43 | SolutionGuid = {4A5DEFDC-186A-41A4-ADD9-2D0A98F7B98C} 44 | EndGlobalSection 45 | EndGlobal 46 | -------------------------------------------------------------------------------- /LEGACY_GarhalRankDisplayer/kernelinterface.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning( disable : 4101 4244) 3 | 4 | #include "communications.hpp" 5 | 6 | // The interface handler for IOCTL. Thanks Zeromem. 7 | class KeInterface 8 | { 9 | 10 | public: 11 | HANDLE hDriver; // Handle to driver 12 | 13 | // Initializer 14 | KeInterface(LPCSTR RegistryPath) 15 | { 16 | hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, 17 | FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); 18 | } 19 | 20 | template 21 | type ReadVirtualMemory(ULONG ProcessId, ULONG ReadAddress, SIZE_T Size) 22 | { 23 | // allocate a buffer with specified type to allow our driver to write our wanted data inside this buffer 24 | type Buffer; 25 | 26 | DWORD Return, Bytes; 27 | KERNEL_READ_REQUEST ReadRequest; 28 | 29 | 30 | ReadRequest.ProcessId = ProcessId; 31 | ReadRequest.Address = ReadAddress; 32 | 33 | //send the 'address' of the buffer so our driver can know where to write the data 34 | ReadRequest.pBuff = &Buffer; 35 | 36 | ReadRequest.Size = Size; 37 | 38 | // send code to our driver with the arguments 39 | if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0)) 40 | { 41 | //return our buffer 42 | return Buffer; 43 | } 44 | return Buffer; 45 | } 46 | 47 | DWORD GetTargetPid() 48 | { 49 | if (hDriver == INVALID_HANDLE_VALUE) 50 | return false; 51 | 52 | ULONG Id; 53 | DWORD Bytes; 54 | 55 | if (DeviceIoControl(hDriver, IO_GET_ID_REQUEST, &Id, sizeof(Id), 56 | &Id, sizeof(Id), &Bytes, NULL)) 57 | { 58 | return Id; 59 | } 60 | 61 | return false; 62 | } 63 | 64 | DWORD GetClientModule() 65 | { 66 | if (hDriver == INVALID_HANDLE_VALUE) 67 | return false; 68 | 69 | ULONG Address; 70 | DWORD Bytes; 71 | 72 | if (DeviceIoControl(hDriver, IO_GET_MODULE_REQUEST, &Address, sizeof(Address), 73 | &Address, sizeof(Address), &Bytes, NULL)) 74 | { 75 | return Address; 76 | } 77 | return false; 78 | } 79 | 80 | DWORD GetEngineModule() 81 | { 82 | if (hDriver == INVALID_HANDLE_VALUE) 83 | return false; 84 | 85 | ULONG Address; 86 | DWORD Bytes; 87 | 88 | if (DeviceIoControl(hDriver, IO_GET_ENGINE_MODULE_REQUEST, &Address, sizeof(Address), 89 | &Address, sizeof(Address), &Bytes, NULL)) 90 | { 91 | return Address; 92 | } 93 | return false; 94 | } 95 | 96 | bool RequestProtectionRank() 97 | { 98 | if (hDriver == INVALID_HANDLE_VALUE) 99 | return false; 100 | 101 | return DeviceIoControl(hDriver, IO_PROTECT_RANKREADER, 0, 0, 0, 0, 0, 0); 102 | } 103 | }; -------------------------------------------------------------------------------- /Garhal/Garhal.inf: -------------------------------------------------------------------------------- 1 | ; 2 | ; Garhal.inf 3 | ; 4 | 5 | [Version] 6 | Signature="$WINDOWS NT$" 7 | ; Class and Guid is now required to be set on the latest WDK (since a time, garhal was just updated later) 8 | ;https://docs.microsoft.com/en-us/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors 9 | Class=Processor ; TODO: edit Class 10 | ClassGuid={50127dc3-0f36-415e-a6cc-4cb3be910b65} ; TODO: edit ClassGuid 11 | Provider=%ManufacturerName% 12 | CatalogFile=Garhal.cat 13 | DriverVer= ; TODO: set DriverVer in stampinf property pages 14 | 15 | [DestinationDirs] 16 | DefaultDestDir = 12 17 | Garhal_Device_CoInstaller_CopyFiles = 11 18 | 19 | ; ================= Class section ===================== 20 | 21 | ;[ClassInstall32] 22 | ;Addreg=SampleClassReg 23 | 24 | [SampleClassReg] 25 | HKR,,,0,%ClassName% 26 | HKR,,Icon,,-5 27 | 28 | [SourceDisksNames] 29 | 1 = %DiskName%,,,"" 30 | 31 | [SourceDisksFiles] 32 | Garhal.sys = 1,, 33 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames 34 | 35 | ;***************************************** 36 | ; Install Section 37 | ;***************************************** 38 | 39 | [Manufacturer] 40 | %ManufacturerName%=Standard,NT$ARCH$ 41 | 42 | [Standard.NT$ARCH$] 43 | %Garhal.DeviceDesc%=Garhal_Device, Root\Garhal ; TODO: edit hw-id 44 | 45 | [Garhal_Device.NT] 46 | CopyFiles=Drivers_Dir 47 | 48 | [Drivers_Dir] 49 | Garhal.sys 50 | 51 | ;-------------- Service installation 52 | [Garhal_Device.NT.Services] 53 | AddService = Garhal,%SPSVCINST_ASSOCSERVICE%, Garhal_Service_Inst 54 | 55 | ; -------------- Garhal driver install sections 56 | [Garhal_Service_Inst] 57 | DisplayName = %Garhal.SVCDESC% 58 | ServiceType = 1 ; SERVICE_KERNEL_DRIVER 59 | StartType = 3 ; SERVICE_DEMAND_START 60 | ErrorControl = 1 ; SERVICE_ERROR_NORMAL 61 | ServiceBinary = %12%\Garhal.sys 62 | 63 | ; 64 | ;--- Garhal_Device Coinstaller installation ------ 65 | ; 66 | 67 | [Garhal_Device.NT.CoInstallers] 68 | AddReg=Garhal_Device_CoInstaller_AddReg 69 | CopyFiles=Garhal_Device_CoInstaller_CopyFiles 70 | 71 | [Garhal_Device_CoInstaller_AddReg] 72 | HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller" 73 | 74 | [Garhal_Device_CoInstaller_CopyFiles] 75 | WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll 76 | 77 | [Garhal_Device.NT.Wdf] 78 | KmdfService = Garhal, Garhal_wdfsect 79 | [Garhal_wdfsect] 80 | KmdfLibraryVersion = $KMDFVERSION$ 81 | 82 | [Strings] 83 | SPSVCINST_ASSOCSERVICE= 0x00000002 84 | ManufacturerName="" ;TODO: Replace with your manufacturer name 85 | ClassName="Samples" ; TODO: edit ClassName 86 | DiskName = "Garhal Installation Disk" 87 | Garhal.DeviceDesc = "Garhal Device" 88 | Garhal.SVCDESC = "Garhal Service" 89 | -------------------------------------------------------------------------------- /Garhal/Garhal.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {8E41214B-6785-4CFE-B992-037D68949A14} 18 | inf;inv;inx;mof;mc; 19 | 20 | 21 | 22 | 23 | Driver Files 24 | 25 | 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | Header Files 47 | 48 | 49 | Header Files 50 | 51 | 52 | Header Files 53 | 54 | 55 | Header Files 56 | 57 | 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | Source Files 70 | 71 | 72 | Source Files 73 | 74 | 75 | Source Files 76 | 77 | 78 | -------------------------------------------------------------------------------- /GarhalController/communications.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | /* IOCTL Codes needed for our driver */ 6 | 7 | // Request to read virtual user memory (memory of a program) from kernel space 8 | #define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0666 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 9 | 10 | // Request to write virtual user memory (memory of a program) from kernel space 11 | #define IO_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0667 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 12 | 13 | // Request to retrieve the process id of csgo process, from kernel space 14 | #define IO_GET_ID_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0668 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 15 | 16 | // Request to retrieve the base address of client.dll in csgo.exe from kernel space 17 | #define IO_GET_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0669 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 18 | 19 | // Request to retrieve the base address of engine.dll in csgo.exe from kernel space 20 | #define IO_GET_ENGINE_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0670 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 21 | 22 | // Request size of Client.dll 23 | #define IO_GET_MODULE_REQUEST_LENGTH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0671 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 24 | 25 | // Request size of Engine.dll 26 | #define IO_GET_ENGINE_MODULE_REQUEST_LENGTH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0672 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 27 | 28 | // Order driver to apply full protection on Controller 29 | #define IO_PROTECT_CONTROLLER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0673 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 30 | 31 | // Order driver to apply full protection on RankReader 32 | #define IO_PROTECT_RANKREADER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0674 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 33 | 34 | 35 | typedef struct _KERNEL_READ_REQUEST 36 | { 37 | ULONG ProcessId; 38 | 39 | ULONG Address; 40 | PVOID pBuff; 41 | ULONG Size; 42 | 43 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST; 44 | 45 | typedef struct _KERNEL_WRITE_REQUEST 46 | { 47 | ULONG ProcessId; 48 | 49 | ULONG Address; 50 | PVOID pBuff; 51 | ULONG Size; 52 | 53 | } KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST; 54 | 55 | 56 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 57 | { 58 | HANDLE Section; 59 | PVOID MappedBase; 60 | PVOID ImageBase; 61 | ULONG ImageSize; 62 | ULONG Flags; 63 | USHORT LoadOrderIndex; 64 | USHORT InitOrderIndex; 65 | USHORT LoadCount; 66 | USHORT OffsetToFileName; 67 | UCHAR FullPathName[256]; 68 | } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION; 69 | 70 | typedef struct _RTL_PROCESS_MODULES 71 | { 72 | ULONG NumberOfModules; 73 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 74 | } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES; -------------------------------------------------------------------------------- /LEGACY_GarhalController/communications.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | /* IOCTL Codes needed for our driver */ 6 | 7 | // Request to read virtual user memory (memory of a program) from kernel space 8 | #define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0666 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 9 | 10 | // Request to write virtual user memory (memory of a program) from kernel space 11 | #define IO_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0667 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 12 | 13 | // Request to retrieve the process id of csgo process, from kernel space 14 | #define IO_GET_ID_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0668 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 15 | 16 | // Request to retrieve the base address of client.dll in csgo.exe from kernel space 17 | #define IO_GET_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0669 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 18 | 19 | // Request to retrieve the base address of engine.dll in csgo.exe from kernel space 20 | #define IO_GET_ENGINE_MODULE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0670 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 21 | 22 | // Request size of Client.dll 23 | #define IO_GET_MODULE_REQUEST_LENGTH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0671 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 24 | 25 | // Request size of Engine.dll 26 | #define IO_GET_ENGINE_MODULE_REQUEST_LENGTH CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0672 /* Our Custom Code */, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) 27 | 28 | // Order driver to apply full protection on Controller 29 | #define IO_PROTECT_CONTROLLER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0673 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 30 | 31 | // Order driver to apply full protection on RankReader 32 | #define IO_PROTECT_RANKREADER CTL_CODE(FILE_DEVICE_UNKNOWN, 0x0674 /* Our Custom Code */, METHOD_OUT_DIRECT, FILE_ANY_ACCESS) 33 | 34 | 35 | typedef struct _KERNEL_READ_REQUEST 36 | { 37 | ULONG ProcessId; 38 | 39 | ULONG Address; 40 | PVOID pBuff; 41 | ULONG Size; 42 | 43 | } KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST; 44 | 45 | typedef struct _KERNEL_WRITE_REQUEST 46 | { 47 | ULONG ProcessId; 48 | 49 | ULONG Address; 50 | PVOID pBuff; 51 | ULONG Size; 52 | 53 | } KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST; 54 | 55 | 56 | typedef struct _RTL_PROCESS_MODULE_INFORMATION 57 | { 58 | HANDLE Section; 59 | PVOID MappedBase; 60 | PVOID ImageBase; 61 | ULONG ImageSize; 62 | ULONG Flags; 63 | USHORT LoadOrderIndex; 64 | USHORT InitOrderIndex; 65 | USHORT LoadCount; 66 | USHORT OffsetToFileName; 67 | UCHAR FullPathName[256]; 68 | } RTL_PROCESS_MODULE_INFORMATION, * PRTL_PROCESS_MODULE_INFORMATION; 69 | 70 | typedef struct _RTL_PROCESS_MODULES 71 | { 72 | ULONG NumberOfModules; 73 | RTL_PROCESS_MODULE_INFORMATION Modules[1]; 74 | } RTL_PROCESS_MODULES, * PRTL_PROCESS_MODULES; -------------------------------------------------------------------------------- /Libraries/imgui/imgui_impl_win32.h: -------------------------------------------------------------------------------- 1 | // dear imgui: Platform Backend for Windows (standard windows API for 32 and 64 bits applications) 2 | // This needs to be used along with a Renderer (e.g. DirectX11, OpenGL3, Vulkan..) 3 | 4 | // Implemented features: 5 | // [X] Platform: Clipboard support (for Win32 this is actually part of core dear imgui) 6 | // [X] Platform: Mouse cursor shape and visibility. Disable with 'io.ConfigFlags |= ImGuiConfigFlags_NoMouseCursorChange'. 7 | // [X] Platform: Keyboard arrays indexed using VK_* Virtual Key Codes, e.g. ImGui::IsKeyPressed(VK_SPACE). 8 | // [X] Platform: Gamepad support. Enabled with 'io.ConfigFlags |= ImGuiConfigFlags_NavEnableGamepad'. 9 | 10 | // You can use unmodified imgui_impl_* files in your project. See examples/ folder for examples of using this. 11 | // Prefer including the entire imgui/ repository into your project (either as a copy or as a submodule), and only build the backends you need. 12 | // If you are new to Dear ImGui, read documentation from the docs/ folder + read the top of imgui.cpp. 13 | // Read online: https://github.com/ocornut/imgui/tree/master/docs 14 | 15 | #pragma once 16 | #include "imgui.h" // IMGUI_IMPL_API 17 | 18 | IMGUI_IMPL_API bool ImGui_ImplWin32_Init(void* hwnd); 19 | IMGUI_IMPL_API void ImGui_ImplWin32_Shutdown(); 20 | IMGUI_IMPL_API void ImGui_ImplWin32_NewFrame(); 21 | 22 | // Win32 message handler your application need to call. 23 | // - Intentionally commented out in a '#if 0' block to avoid dragging dependencies on from this helper. 24 | // - You should COPY the line below into your .cpp code to forward declare the function and then you can call it. 25 | #if 0 26 | extern IMGUI_IMPL_API LRESULT ImGui_ImplWin32_WndProcHandler(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam); 27 | #endif 28 | 29 | // DPI-related helpers (optional) 30 | // - Use to enable DPI awareness without having to create an application manifest. 31 | // - Your own app may already do this via a manifest or explicit calls. This is mostly useful for our examples/ apps. 32 | // - In theory we could call simple functions from Windows SDK such as SetProcessDPIAware(), SetProcessDpiAwareness(), etc. 33 | // but most of the functions provided by Microsoft require Windows 8.1/10+ SDK at compile time and Windows 8/10+ at runtime, 34 | // neither we want to require the user to have. So we dynamically select and load those functions to avoid dependencies. 35 | IMGUI_IMPL_API void ImGui_ImplWin32_EnableDpiAwareness(); 36 | IMGUI_IMPL_API float ImGui_ImplWin32_GetDpiScaleForHwnd(void* hwnd); // HWND hwnd 37 | IMGUI_IMPL_API float ImGui_ImplWin32_GetDpiScaleForMonitor(void* monitor); // HMONITOR monitor 38 | 39 | // Transparency related helpers (optional) [experimental] 40 | // - Use to enable alpha compositing transparency with the desktop. 41 | // - Use together with e.g. clearing your framebuffer with zero-alpha. 42 | IMGUI_IMPL_API void ImGui_ImplWin32_EnableAlphaCompositing(void* hwnd); // HWND hwnd 43 | -------------------------------------------------------------------------------- /LEGACY_GarhalRankDisplayer/GarhalRankDisplayer.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include "data.hpp" 4 | #include "offsets.hpp" 5 | 6 | // hazedumper namespace 7 | using namespace hazedumper::netvars; 8 | using namespace hazedumper::signatures; 9 | 10 | class player_info { 11 | private: 12 | char __pad[0x10]; 13 | public: 14 | char name[32]; 15 | }; 16 | 17 | typedef struct player_info_s 18 | { 19 | char _pad1[0x10]; 20 | char name[80];//80 21 | char _pad2[0x64]; 22 | char _pad3[0x17B]; 23 | 24 | } player_info_t; 25 | 26 | int main() 27 | { 28 | Driver = KeInterface("\\\\.\\garhalop"); 29 | SetConsoleTitle(L"GarHal is the best rank reader fish ever, by DreTaX"); 30 | 31 | // Get address of client.dll, engine.dll, and PID. 32 | ProcessId = Driver.GetTargetPid(); 33 | ClientAddress = Driver.GetClientModule(); 34 | EngineAddress = Driver.GetEngineModule(); 35 | 36 | std::cout << "GarHal made by DreTaX" << std::endl; 37 | 38 | bool PrintOnce = false; 39 | 40 | while (ProcessId == 0 || ClientAddress == 0 || EngineAddress == 0) 41 | { 42 | if (!PrintOnce) 43 | { 44 | std::cout << "Addresses are 0x0. Waiting for CSGO... " << std::endl; 45 | PrintOnce = true; 46 | } 47 | 48 | Sleep(1000); 49 | ProcessId = Driver.GetTargetPid(); 50 | ClientAddress = Driver.GetClientModule(); 51 | EngineAddress = Driver.GetEngineModule(); 52 | } 53 | 54 | std::cout << "Starting..." << std::endl; 55 | uint32_t clientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + dwClientState, sizeof(uint32_t)); 56 | uint32_t infotable = Driver.ReadVirtualMemory(ProcessId, clientState + dwClientState_PlayerInfo, sizeof(uint32_t)); 57 | uint32_t items = Driver.ReadVirtualMemory(ProcessId, (infotable + 0x40) + 0xC, sizeof(uint32_t)); 58 | 59 | uint32_t PlayerResource = Driver.ReadVirtualMemory(ProcessId, ClientAddress + dwPlayerResource, sizeof(uint32_t)); 60 | for (short int i = 0; i < 10; i++) 61 | { 62 | uint32_t EntityAddr = Driver.ReadVirtualMemory(ProcessId, ClientAddress + dwEntityList + i * 0x10, sizeof(uint32_t)); 63 | 64 | if (EntityAddr == NULL) 65 | { 66 | continue; 67 | } 68 | 69 | uint8_t Rank = Driver.ReadVirtualMemory(ProcessId, PlayerResource + m_iCompetitiveRanking + (i * 0x04), sizeof(uint8_t)); 70 | uint16_t Wins = Driver.ReadVirtualMemory(ProcessId, PlayerResource + m_iCompetitiveWins + (i * 0x04), sizeof(uint16_t)); 71 | //uint32_t RadarBase = Driver.ReadVirtualMemory(ProcessId, ClientAddress + dwRadarBase, sizeof(uint32_t)); 72 | //uint32_t Radar = Driver.ReadVirtualMemory(ProcessId, RadarBase + 0x54, sizeof(uint32_t)); 73 | 74 | //wchar_t cName = Driver.ReadVirtualMemory(ProcessId, Radar + 0x300 + (0x174 * (i - 1)), 32); 75 | 76 | uint32_t asd = Driver.ReadVirtualMemory(ProcessId, items + 0x28 + i * 0x34, sizeof(uint32_t)); 77 | player_info_t playerinfo = Driver.ReadVirtualMemory(ProcessId, asd, sizeof(player_info_t)); 78 | 79 | 80 | char* player_name = playerinfo.name; 81 | 82 | const char* RankName = Ranks[Rank]; 83 | 84 | std::cout << "===Player[" << i << "]===" << std::endl; 85 | std::cout << player_name << std::endl; 86 | std::cout << RankName << std::endl; 87 | std::cout << "Wins: " << Wins << std::endl; 88 | std::cout << std::endl; 89 | } 90 | 91 | system("pause"); 92 | return 0; 93 | } 94 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/config.hpp: -------------------------------------------------------------------------------- 1 | #ifndef IncConfig 2 | #define IncConfig 3 | 4 | #include 5 | #include 6 | #include 7 | using namespace std; 8 | 9 | /* 10 | Config 11 | 12 | Parse structured config files 13 | 14 | Config files contains lines with name-value assignements in the form " = ". 15 | Trailing and leading whitespace is stripped. Parsed config entries are stored in 16 | a symbol map. 17 | 18 | Lines beginning with '#' are a comment and ignored. 19 | 20 | Config files may be structured (to arbitrary depth). To start a new config sub group 21 | (or sub section) use a line in the form of " = (". 22 | Subsequent entries are stured in the sub group, until a line containing ")" is found. 23 | 24 | Values may reuse already defined names as a variable which gets expanded during 25 | the parsing process. Names for expansion are searched from the current sub group 26 | upwards. Finally the process environment is searched, so also environment 27 | variables may be used as expansion symbols in the config file. 28 | 29 | Errors and warnings are handled by emitting logging messages (see log.h/log.cpp) 30 | or by calling exit() for severe errors. Depending on project needs this may be replaced 31 | by exeptions, error return codes, ... 32 | */ 33 | 34 | class Config { 35 | public: 36 | /* Parse config file 'configFile'. If the process environment 37 | * is provided, environment variables can be used as expansion symbols. 38 | */ 39 | Config(string configFile, char** envp = 0); 40 | 41 | ~Config(); 42 | 43 | // get string config entry 44 | string pString(string name); 45 | 46 | /* get boolean config entry 47 | * A value of Yes/yes/YES/true/True/TRUE leads to true, 48 | * all other values leads to false. 49 | */ 50 | bool pBool(string name); 51 | 52 | // get double config entry; value is parsed using atof() 53 | double pDouble(string name); 54 | 55 | // get int config entry; value is parsed using atoi() 56 | int pInt(string name); 57 | 58 | int pHex(string name); 59 | 60 | // get the symbol map (e.g. for iterating over all symbols) 61 | inline map& getSymbols() { 62 | return symbols; 63 | } 64 | 65 | // get config sub group 66 | inline Config* group(string name) { 67 | return groups[name]; 68 | } 69 | 70 | // get config sub group map (e.g. for iterating over all groups) 71 | inline map& getGroups() { 72 | return groups; 73 | } 74 | 75 | private: 76 | // private constructor for sub groups 77 | Config(string name, string parentDebugInfo); 78 | 79 | // helper functions for parsing 80 | void add(string name, string value); 81 | void split(string in, string& left, string& right, char c); 82 | void trim(string& s); 83 | void symbolExpand(string& s); 84 | void symbolExpand(map& symbols, string& s); 85 | void envSymbolExpand(string& s); 86 | 87 | // config group symbol map 88 | map symbols; 89 | 90 | // environment symbol map 91 | map envSymbols; 92 | 93 | // config sub group map 94 | map groups; 95 | 96 | // stack of config groups for parsing (only used in top config element) 97 | list groupStack; 98 | 99 | // debug info used for logging messages 100 | string debugInfo; 101 | }; 102 | 103 | #endif -------------------------------------------------------------------------------- /Libraries/imgui/imgui_stdlib.cpp: -------------------------------------------------------------------------------- 1 | // dear imgui: wrappers for C++ standard library (STL) types (std::string, etc.) 2 | // This is also an example of how you may wrap your own similar types. 3 | 4 | // Compatibility: 5 | // - std::string support is only guaranteed to work from C++11. 6 | // If you try to use it pre-C++11, please share your findings (w/ info about compiler/architecture) 7 | 8 | // Changelog: 9 | // - v0.10: Initial version. Added InputText() / InputTextMultiline() calls with std::string 10 | 11 | #include "imgui.h" 12 | #include "imgui_stdlib.h" 13 | 14 | struct InputTextCallback_UserData 15 | { 16 | std::string* Str; 17 | ImGuiInputTextCallback ChainCallback; 18 | void* ChainCallbackUserData; 19 | }; 20 | 21 | static int InputTextCallback(ImGuiInputTextCallbackData* data) 22 | { 23 | InputTextCallback_UserData* user_data = (InputTextCallback_UserData*)data->UserData; 24 | if (data->EventFlag == ImGuiInputTextFlags_CallbackResize) 25 | { 26 | // Resize string callback 27 | // If for some reason we refuse the new length (BufTextLen) and/or capacity (BufSize) we need to set them back to what we want. 28 | std::string* str = user_data->Str; 29 | IM_ASSERT(data->Buf == str->c_str()); 30 | str->resize(data->BufTextLen); 31 | data->Buf = (char*)str->c_str(); 32 | } 33 | else if (user_data->ChainCallback) 34 | { 35 | // Forward to user callback, if any 36 | data->UserData = user_data->ChainCallbackUserData; 37 | return user_data->ChainCallback(data); 38 | } 39 | return 0; 40 | } 41 | 42 | bool ImGui::InputText(const char* label, std::string* str, ImGuiInputTextFlags flags, ImGuiInputTextCallback callback, void* user_data) 43 | { 44 | IM_ASSERT((flags & ImGuiInputTextFlags_CallbackResize) == 0); 45 | flags |= ImGuiInputTextFlags_CallbackResize; 46 | 47 | InputTextCallback_UserData cb_user_data; 48 | cb_user_data.Str = str; 49 | cb_user_data.ChainCallback = callback; 50 | cb_user_data.ChainCallbackUserData = user_data; 51 | return InputText(label, (char*)str->c_str(), str->capacity() + 1, flags, InputTextCallback, &cb_user_data); 52 | } 53 | 54 | bool ImGui::InputTextMultiline(const char* label, std::string* str, const ImVec2& size, ImGuiInputTextFlags flags, ImGuiInputTextCallback callback, void* user_data) 55 | { 56 | IM_ASSERT((flags & ImGuiInputTextFlags_CallbackResize) == 0); 57 | flags |= ImGuiInputTextFlags_CallbackResize; 58 | 59 | InputTextCallback_UserData cb_user_data; 60 | cb_user_data.Str = str; 61 | cb_user_data.ChainCallback = callback; 62 | cb_user_data.ChainCallbackUserData = user_data; 63 | return InputTextMultiline(label, (char*)str->c_str(), str->capacity() + 1, size, flags, InputTextCallback, &cb_user_data); 64 | } 65 | 66 | bool ImGui::InputTextWithHint(const char* label, const char* hint, std::string* str, ImGuiInputTextFlags flags, ImGuiInputTextCallback callback, void* user_data) 67 | { 68 | IM_ASSERT((flags & ImGuiInputTextFlags_CallbackResize) == 0); 69 | flags |= ImGuiInputTextFlags_CallbackResize; 70 | 71 | InputTextCallback_UserData cb_user_data; 72 | cb_user_data.Str = str; 73 | cb_user_data.ChainCallback = callback; 74 | cb_user_data.ChainCallbackUserData = user_data; 75 | return InputTextWithHint(label, hint, (char*)str->c_str(), str->capacity() + 1, flags, InputTextCallback, &cb_user_data); 76 | } 77 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/TraceRay.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #pragma once 9 | #include "BSPFile.hpp" 10 | 11 | namespace hazedumper { 12 | 13 | class trace_t 14 | { 15 | public: 16 | /// Determine if plane is NOT valid 17 | bool m_AllSolid = true; 18 | /// Determine if the start point was in a solid area 19 | bool m_StartSolid = true; 20 | /// Time completed, 1.0 = didn't hit anything :) 21 | float m_Fraction = 1.f; 22 | float m_FractionLeftSolid = 1.f; 23 | /// Final trace position 24 | Vector3 m_EndPos = 0.f; 25 | BSP::cplane_t* m_pPlane = nullptr; 26 | int32_t m_Contents = 0; 27 | BSP::dbrush_t* m_pBrush = nullptr; 28 | int32_t m_nBrushSide = 0; 29 | }; 30 | 31 | class TraceRay 32 | { 33 | public: 34 | /** 35 | * @brief Determines if visible. 36 | * 37 | * @param[in] origin The origin 38 | * @param[in] final The final 39 | * @param pBSPFile The bsp file 40 | * 41 | * @return True if visible, False otherwise. 42 | */ 43 | static bool is_visible( const Vector3& origin, const Vector3& final, BSPFile* pBSPFile ); 44 | 45 | /** 46 | * @brief Perform world trace. 47 | * 48 | * @param[in] origin The origin 49 | * @param[in] final The final point 50 | * @param pBSPFile The bsp file 51 | * @param pTrace The trace 52 | */ 53 | static void ray_cast( const Vector3& origin, const Vector3& final, BSPFile* pBSPFile, trace_t* pTrace ); 54 | 55 | protected: 56 | /** 57 | * @brief Trace a bsp node. 58 | * 59 | * @param pBSPFile The bsp file 60 | * @param[in] node_index The node index 61 | * @param[in] start_fraction The start fraction 62 | * @param[in] end_fraction The end fraction 63 | * @param[in] origin The origin 64 | * @param[in] final The final point 65 | * @param pTrace The trace 66 | */ 67 | static void ray_cast_node( BSPFile* pBSPFile, const int32_t node_index, const float start_fraction, const float end_fraction, const Vector3& origin, const Vector3& final, trace_t* pTrace ); 68 | 69 | /** 70 | * @brief Trace a bsp brush. 71 | * 72 | * @param pBSPFile The bsp file 73 | * @param pBrush The brush 74 | * @param pTrace The trace 75 | * @param[in] origin The origin 76 | * @param[in] final The final point 77 | */ 78 | static void ray_cast_brush( BSPFile* pBSPFile, BSP::dbrush_t *pBrush, trace_t *pTrace, const Vector3& origin, const Vector3& final ); 79 | 80 | /** 81 | * @brief Trace a bsp surfaces. 82 | * 83 | * @param pBSPFile The bsp file 84 | * @param[in] surface_index The surface index 85 | * @param pTrace The trace 86 | * @param[in] origin The origin 87 | * @param[in] final The final point 88 | */ 89 | static void ray_cast_surface( BSPFile* pBSPFile, const int32_t surface_index, trace_t *pTrace, const Vector3& origin, const Vector3& final ); 90 | }; 91 | } 92 | -------------------------------------------------------------------------------- /Libraries/common/bsp/TraceRay.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #pragma once 9 | #include "BSPFile.hpp" 10 | 11 | namespace hazedumper 12 | { 13 | class trace_t 14 | { 15 | public: 16 | /// Determine if plane is NOT valid 17 | bool m_AllSolid = true; 18 | /// Determine if the start point was in a solid area 19 | bool m_StartSolid = true; 20 | /// Time completed, 1.0 = didn't hit anything :) 21 | float m_Fraction = 1.f; 22 | float m_FractionLeftSolid = 1.f; 23 | /// Final trace position 24 | Vector3 m_EndPos = 0.f; 25 | BSP::cplane_t* m_pPlane = nullptr; 26 | int32_t m_Contents = 0; 27 | BSP::dbrush_t* m_pBrush = nullptr; 28 | int32_t m_nBrushSide = 0; 29 | }; 30 | 31 | class TraceRay 32 | { 33 | public: 34 | /** 35 | * @brief Determines if visible. 36 | * 37 | * @param[in] origin The origin 38 | * @param[in] final The final 39 | * @param pBSPFile The bsp file 40 | * 41 | * @return True if visible, False otherwise. 42 | */ 43 | static bool is_visible(const Vector3& origin, const Vector3& final, BSPFile* pBSPFile); 44 | 45 | /** 46 | * @brief Perform world trace. 47 | * 48 | * @param[in] origin The origin 49 | * @param[in] final The final point 50 | * @param pBSPFile The bsp file 51 | * @param pTrace The trace 52 | */ 53 | static void ray_cast(const Vector3& origin, const Vector3& final, BSPFile* pBSPFile, trace_t* pTrace); 54 | 55 | protected: 56 | /** 57 | * @brief Trace a bsp node. 58 | * 59 | * @param pBSPFile The bsp file 60 | * @param[in] node_index The node index 61 | * @param[in] start_fraction The start fraction 62 | * @param[in] end_fraction The end fraction 63 | * @param[in] origin The origin 64 | * @param[in] final The final point 65 | * @param pTrace The trace 66 | */ 67 | static void ray_cast_node(BSPFile* pBSPFile, const int32_t node_index, const float start_fraction, 68 | const float end_fraction, const Vector3& origin, const Vector3& final, 69 | trace_t* pTrace); 70 | 71 | /** 72 | * @brief Trace a bsp brush. 73 | * 74 | * @param pBSPFile The bsp file 75 | * @param pBrush The brush 76 | * @param pTrace The trace 77 | * @param[in] origin The origin 78 | * @param[in] final The final point 79 | */ 80 | static void ray_cast_brush(BSPFile* pBSPFile, BSP::dbrush_t* pBrush, trace_t* pTrace, const Vector3& origin, 81 | const Vector3& final); 82 | 83 | /** 84 | * @brief Trace a bsp surfaces. 85 | * 86 | * @param pBSPFile The bsp file 87 | * @param[in] surface_index The surface index 88 | * @param pTrace The trace 89 | * @param[in] origin The origin 90 | * @param[in] final The final point 91 | */ 92 | static void ray_cast_surface(BSPFile* pBSPFile, const int32_t surface_index, trace_t* pTrace, 93 | const Vector3& origin, const Vector3& final); 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/GarhalController.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {f752107a-2764-49b0-93eb-bfb5ca68dc23} 18 | 19 | 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | BSP 35 | 36 | 37 | BSP 38 | 39 | 40 | BSP 41 | 42 | 43 | Source Files 44 | 45 | 46 | 47 | 48 | Header Files 49 | 50 | 51 | Header Files 52 | 53 | 54 | Header Files 55 | 56 | 57 | Header Files 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files 64 | 65 | 66 | Header Files 67 | 68 | 69 | Header Files 70 | 71 | 72 | BSP 73 | 74 | 75 | BSP 76 | 77 | 78 | BSP 79 | 80 | 81 | BSP 82 | 83 | 84 | BSP 85 | 86 | 87 | Header Files 88 | 89 | 90 | Header Files 91 | 92 | 93 | Header Files 94 | 95 | 96 | Header Files 97 | 98 | 99 | Header Files 100 | 101 | 102 | 103 | 104 | Resource Files 105 | 106 | 107 | -------------------------------------------------------------------------------- /Garhal/hide.c: -------------------------------------------------------------------------------- 1 | #pragma warning(disable : 4100 4996 4047 4024 4022 4201 4311 4057 4213 4189 4081 4189 4706 4214 4459 4273 6001) 2 | 3 | #include "hide.h" 4 | #include 5 | 6 | PCHAR HideProcess(UINT32 pid) 7 | { 8 | LPSTR result = ExAllocatePool(NonPagedPool, sizeof(ULONG) + 20);; 9 | 10 | // Get PID offset nt!_EPROCESS.UniqueProcessId 11 | ULONG PID_OFFSET = FindPIDOffset(); 12 | 13 | // Check if offset discovery was successful 14 | if (PID_OFFSET == 0) { 15 | return (PCHAR)"Could not find PID offset!"; 16 | } 17 | 18 | // Get LIST_ENTRY offset nt!_EPROCESS.ActiveProcessLinks 19 | ULONG LIST_OFFSET = PID_OFFSET; 20 | 21 | 22 | // Check Architecture using pointer size 23 | INT_PTR ptr; 24 | 25 | // Ptr size 8 if compiled for a 64-bit machine, 4 if compiled for 32-bit machine 26 | LIST_OFFSET += sizeof(ptr); 27 | 28 | // Record offsets for user buffer 29 | sprintf_s(result, 2 * sizeof(ULONG) + 30, "Found offsets: %lu & %lu", PID_OFFSET, LIST_OFFSET); 30 | 31 | // Get current process 32 | PEPROCESS CurrentEPROCESS = PsGetCurrentProcess(); 33 | 34 | // Initialize other variables 35 | PLIST_ENTRY CurrentList = (PLIST_ENTRY)((ULONG_PTR)CurrentEPROCESS + LIST_OFFSET); 36 | PUINT32 CurrentPID = (PUINT32)((ULONG_PTR)CurrentEPROCESS + PID_OFFSET); 37 | 38 | // Check self 39 | if (*(UINT32*)CurrentPID == pid) { 40 | RemoveLinks(CurrentList); 41 | return (PCHAR)result; 42 | } 43 | 44 | // Record the starting position 45 | PEPROCESS StartProcess = CurrentEPROCESS; 46 | 47 | // Move to next item 48 | CurrentEPROCESS = (PEPROCESS)((ULONG_PTR)CurrentList->Flink - LIST_OFFSET); 49 | CurrentPID = (PUINT32)((ULONG_PTR)CurrentEPROCESS + PID_OFFSET); 50 | CurrentList = (PLIST_ENTRY)((ULONG_PTR)CurrentEPROCESS + LIST_OFFSET); 51 | 52 | // Loop until we find the right process to remove 53 | // Or until we circle back 54 | while ((ULONG_PTR)StartProcess != (ULONG_PTR)CurrentEPROCESS) { 55 | 56 | // Check item 57 | if (*(UINT32*)CurrentPID == pid) { 58 | RemoveLinks(CurrentList); 59 | return (PCHAR)result; 60 | } 61 | 62 | // Move to next item 63 | CurrentEPROCESS = (PEPROCESS)((ULONG_PTR)CurrentList->Flink - LIST_OFFSET); 64 | CurrentPID = (PUINT32)((ULONG_PTR)CurrentEPROCESS + PID_OFFSET); 65 | CurrentList = (PLIST_ENTRY)((ULONG_PTR)CurrentEPROCESS + LIST_OFFSET); 66 | } 67 | 68 | return (PCHAR)result; 69 | } 70 | 71 | void RemoveLinks(PLIST_ENTRY Current) 72 | { 73 | PLIST_ENTRY Previous, Next; 74 | 75 | Previous = (Current->Blink); 76 | Next = (Current->Flink); 77 | 78 | // Loop over self (connect previous with next) 79 | Previous->Flink = Next; 80 | Next->Blink = Previous; 81 | 82 | // Re-write the current LIST_ENTRY to point to itself (avoiding BSOD) 83 | Current->Blink = (PLIST_ENTRY)&Current->Flink; 84 | Current->Flink = (PLIST_ENTRY)&Current->Flink; 85 | } 86 | 87 | ULONG FindPIDOffset() 88 | { 89 | ULONG pid_ofs = 0; // The offset we're looking for 90 | int idx = 0; // Index 91 | ULONG pids[3]; // List of PIDs for our 3 processes 92 | PEPROCESS eprocs[3]; // Process list, will contain 3 processes 93 | 94 | //Select 3 process PIDs and get their EPROCESS Pointer 95 | for (int i = 16; idx < 3; i += 4) 96 | { 97 | if (NT_SUCCESS(PsLookupProcessByProcessId((HANDLE)i, &eprocs[idx]))) 98 | { 99 | pids[idx] = i; 100 | idx++; 101 | } 102 | } 103 | 104 | 105 | /* 106 | Go through the EPROCESS structure and look for the PID 107 | we can start at 0x20 because UniqueProcessId should 108 | not be in the first 0x20 bytes, 109 | also we should stop after 0x300 bytes with no success 110 | */ 111 | 112 | for (int i = 0x20; i < 0x300; i += 4) 113 | { 114 | if ((*(ULONG*)((UCHAR*)eprocs[0] + i) == pids[0]) 115 | && (*(ULONG*)((UCHAR*)eprocs[1] + i) == pids[1]) 116 | && (*(ULONG*)((UCHAR*)eprocs[2] + i) == pids[2])) 117 | { 118 | pid_ofs = i; 119 | break; 120 | } 121 | } 122 | 123 | ObDereferenceObject(eprocs[0]); 124 | ObDereferenceObject(eprocs[1]); 125 | ObDereferenceObject(eprocs[2]); 126 | 127 | 128 | return pid_ofs; 129 | } -------------------------------------------------------------------------------- /LEGACY_GarhalController/config.cpp: -------------------------------------------------------------------------------- 1 | #include "config.hpp" 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | using namespace std; 8 | 9 | 10 | Config::Config(string name, string parentDebugInfo) { 11 | debugInfo = parentDebugInfo + ", " + name; 12 | } 13 | 14 | Config::Config(string configFile, char** envp) { 15 | while (*envp) 16 | { 17 | string envEntry = *envp; 18 | size_t pos = envEntry.find('='); 19 | if (pos != string::npos) { 20 | string name = envEntry.substr(0, pos); 21 | string value = envEntry.substr(pos + 1, string::npos); 22 | envSymbols[name] = value; 23 | } 24 | ++envp; 25 | } 26 | 27 | debugInfo = configFile; 28 | groupStack.push_front(this); 29 | 30 | FILE* in; 31 | errno_t err; 32 | 33 | err = fopen_s(&in, configFile.c_str(), "r"); 34 | 35 | if (!in) { 36 | cerr << "cannot open input file '" << configFile << "'" << endl; 37 | exit(2); 38 | } 39 | 40 | char buff[1024]; 41 | while (fgets(buff, 1024, in)) { 42 | 43 | string line = buff; 44 | if ((line.length() > 2) && (line[0] != '#') && (line.find(')') == string::npos)) { 45 | string name; 46 | string value; 47 | split(line, name, value, '='); 48 | 49 | if (value == "(") { 50 | Config* newGroup = new Config(name, debugInfo); 51 | groupStack.front()->groups[name] = newGroup; 52 | groupStack.push_front(newGroup); 53 | } 54 | else { 55 | for (list::reverse_iterator i = groupStack.rbegin(); i != groupStack.rend(); ++i) { 56 | (*i)->symbolExpand(value); 57 | } 58 | envSymbolExpand(value); 59 | groupStack.front()->add(name, value); 60 | } 61 | } 62 | if ((line.length() > 0) && (line[0] != '#') && (line.find(')') != string::npos)) 63 | { 64 | groupStack.pop_front(); 65 | } 66 | } 67 | 68 | fclose(in); 69 | } 70 | 71 | Config::~Config() { 72 | for (map::iterator i = groups.begin(); i != groups.end(); ++i) { 73 | delete i->second; 74 | } 75 | } 76 | 77 | void Config::add(string name, string value) { 78 | symbols[name] = value; 79 | } 80 | 81 | void Config::split(string in, string& left, string& right, char c) { 82 | size_t pos = in.find_first_of(c); 83 | if (pos == string::npos) { 84 | left = in; 85 | trim(left); 86 | right = ""; 87 | } 88 | else if (pos <= 1) { 89 | left = ""; 90 | right = in.substr(pos + 1, string::npos); 91 | trim(right); 92 | } 93 | else { 94 | left = in.substr(0, pos - 1); 95 | trim(left); 96 | right = in.substr(pos + 1, string::npos); 97 | trim(right); 98 | } 99 | } 100 | 101 | void Config::trim(string& s) { 102 | while ((s.length() > 1) && ((s[0] == ' ') || (s[0] == '\t'))) { 103 | s = s.substr(1, string::npos); 104 | } 105 | while ((s.length() > 1) && 106 | ((s[s.length() - 1] == ' ') || 107 | (s[s.length() - 1] == '\t') || 108 | (s[s.length() - 1] == '\n') || 109 | (s[s.length() - 1] == '\r'))) { 110 | s = s.substr(0, s.length() - 1); 111 | } 112 | if ((s.length() > 1) && (s[0] == '"')) { 113 | s = s.substr(1, string::npos); 114 | } 115 | if ((s.length() > 1) && (s[s.length() - 1] == '"')) { 116 | s = s.substr(0, s.length() - 1); 117 | } 118 | } 119 | 120 | void Config::symbolExpand(string& s) { 121 | symbolExpand(symbols, s); 122 | } 123 | 124 | void Config::envSymbolExpand(string& s) { 125 | symbolExpand(envSymbols, s); 126 | } 127 | 128 | void Config::symbolExpand(map& symbols, string& s) { 129 | bool expanded; 130 | do { 131 | expanded = false; 132 | for (map::iterator i = symbols.begin(); i != symbols.end(); ++i) { 133 | string search = "%" + i->first + "%"; 134 | string replace = i->second; 135 | size_t pos = s.find(search); 136 | if (pos != string::npos) { 137 | expanded = true; 138 | s.replace(pos, search.length(), replace); 139 | } 140 | } 141 | } while (expanded); 142 | } 143 | 144 | string Config::pString(string name) { 145 | map::iterator i = symbols.find(name); 146 | if (i == symbols.end()) { 147 | cout << "Config option is wrong or missing! '" << name << "' (" << debugInfo << ")" << endl; 148 | system("pause"); 149 | exit(4); 150 | } 151 | return i->second; 152 | } 153 | 154 | bool Config::pBool(string name) { 155 | string val = pString(name); 156 | 157 | std::transform(val.begin(), val.end(), val.begin(), 158 | [](unsigned char c) { return std::tolower(c); }); 159 | 160 | if (val == "true") 161 | { 162 | return true; 163 | } 164 | 165 | return false; 166 | } 167 | 168 | double Config::pDouble(string name) { 169 | string val = pString(name); 170 | 171 | return atof(val.c_str()); 172 | } 173 | 174 | int Config::pInt(string name) { 175 | string val = pString(name); 176 | 177 | return atoi(val.c_str()); 178 | } 179 | 180 | int Config::pHex(string name) 181 | { 182 | string val = pString(name); 183 | 184 | return stoi(val, 0, 16); 185 | } -------------------------------------------------------------------------------- /Garhal/memory.c: -------------------------------------------------------------------------------- 1 | #pragma warning( disable : 4100 4047 4024 4022 4201 4311 4057 4213 4189 4081 4189 4706 4214 4459 4273 4457 4133) 2 | 3 | #include "memory.h" 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "messages.h" 9 | #include "ntos.h" 10 | 11 | ULONG GetWindowsBuildNumber() 12 | { 13 | // Get the Windows Version table. 14 | RTL_OSVERSIONINFOEXW osversion; 15 | osversion.dwOSVersionInfoSize = sizeof(RTL_OSVERSIONINFOEXW); 16 | RtlGetVersion(&osversion); 17 | 18 | return osversion.dwBuildNumber; 19 | } 20 | 21 | // https://docs.microsoft.com/en-us/windows/release-information/ 22 | // https://www.vergiliusproject.com/kernels/x64/Windows 10 | 2016/1903 19H1 (May 2019 Update)/_EPROCESS 23 | int GetCorrectOffset(CHAR* Name, ULONG BuildNumber) 24 | { 25 | // 1903 & 1909 26 | if (BuildNumber == 18362 || BuildNumber == 18363) 27 | { 28 | if (strcmp(Name, "ImageFileName") == 0) 29 | { 30 | return 0x450; 31 | } 32 | if (strcmp(Name, "ActiveThreads") == 0) 33 | { 34 | return 0x498; 35 | } 36 | if (strcmp(Name, "ActiveProcessLinks") == 0) 37 | { 38 | return 0x2F0; 39 | } 40 | } 41 | // 2004 & 2009 & 2104 & 2110 & 2210 42 | else if (BuildNumber == 19041 || BuildNumber == 19042 || BuildNumber == 19043 || BuildNumber == 19044 || BuildNumber == 19045) 43 | { 44 | if (strcmp(Name, "ImageFileName") == 0) 45 | { 46 | return 0x5a8; 47 | } 48 | if (strcmp(Name, "ActiveThreads") == 0) 49 | { 50 | return 0x5f0; 51 | } 52 | if (strcmp(Name, "ActiveProcessLinks") == 0) 53 | { 54 | return 0x448; 55 | } 56 | } 57 | 58 | return 0; 59 | } 60 | 61 | NTSTATUS KeReadVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) 62 | { 63 | SIZE_T Bytes; 64 | if (NT_SUCCESS(MmCopyVirtualMemory(Process, SourceAddress, PsGetCurrentProcess(), 65 | TargetAddress, Size, KernelMode, &Bytes))) 66 | { 67 | return STATUS_SUCCESS; 68 | } 69 | return STATUS_ACCESS_DENIED; 70 | } 71 | 72 | NTSTATUS KeWriteVirtualMemory(PEPROCESS Process, PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) 73 | { 74 | SIZE_T Bytes; 75 | if (NT_SUCCESS(MmCopyVirtualMemory(PsGetCurrentProcess(), SourceAddress, Process, 76 | TargetAddress, Size, KernelMode, &Bytes))) 77 | { 78 | return STATUS_SUCCESS; 79 | } 80 | return STATUS_ACCESS_DENIED; 81 | } 82 | 83 | NTSTATUS FindProcessByName(CHAR* process_name, vector* ls) 84 | { 85 | ULONG BuildNumber = GetWindowsBuildNumber(); 86 | PEPROCESS sys_process = PsInitialSystemProcess; 87 | PEPROCESS cur_entry = sys_process; 88 | 89 | int ImageFileNameOffset = GetCorrectOffset("ImageFileName", BuildNumber); 90 | int ActiveThreadsOffset = GetCorrectOffset("ActiveThreads", BuildNumber); 91 | int ActiveProcessLinksOffset = GetCorrectOffset("ActiveProcessLinks", BuildNumber); 92 | 93 | // Verify atleast one variable so we don't cause BSOD for unsupported builds. 94 | if (ImageFileNameOffset == 0) 95 | { 96 | DebugMessageNormal("Warning: Unsupported Windows build. Update EPROCESS offsets. See README.md.\n"); 97 | return STATUS_UNSUCCESSFUL; 98 | } 99 | 100 | CHAR image_name[15]; 101 | 102 | do 103 | { 104 | RtlCopyMemory((PVOID)(&image_name), (PVOID)((uintptr_t)cur_entry + ImageFileNameOffset) /*EPROCESS->ImageFileName*/, sizeof(image_name)); 105 | 106 | if (strstr(image_name, process_name)) 107 | { 108 | DWORD active_threads; 109 | RtlCopyMemory((PVOID)&active_threads, (PVOID)((uintptr_t)cur_entry + ActiveThreadsOffset) /*EPROCESS->ActiveThreads*/, sizeof(active_threads)); 110 | if (active_threads) 111 | { 112 | vector_add(ls, cur_entry); 113 | } 114 | } 115 | 116 | PLIST_ENTRY list = (PLIST_ENTRY)((uintptr_t)(cur_entry) + ActiveProcessLinksOffset) /*EPROCESS->ActiveProcessLinks*/; 117 | cur_entry = (PEPROCESS)((uintptr_t)list->Flink - ActiveProcessLinksOffset); 118 | 119 | } while (cur_entry != sys_process); 120 | 121 | return STATUS_SUCCESS; 122 | } 123 | 124 | MODULEENTRY GetProcessModule(PEPROCESS Process, LPCWSTR ModuleName) 125 | { 126 | KAPC_STATE KAPC = { 0 }; 127 | MODULEENTRY ret = {0, 0}; 128 | 129 | KeStackAttachProcess(Process, &KAPC); 130 | __try 131 | { 132 | PPEB32 peb32 = (PPEB32) PsGetProcessWow64Process(Process); 133 | if (!peb32 || !peb32->Ldr) 134 | { 135 | KeUnstackDetachProcess(&KAPC); 136 | return ret; 137 | } 138 | 139 | for (PLIST_ENTRY32 plist_entry = (PLIST_ENTRY32)((PPEB_LDR_DATA32)peb32->Ldr)->InLoadOrderModuleList.Flink; 140 | plist_entry != &((PPEB_LDR_DATA32)peb32->Ldr)->InLoadOrderModuleList; 141 | plist_entry = (PLIST_ENTRY32)plist_entry->Flink) 142 | { 143 | PLDR_DATA_TABLE_ENTRY32 pentry = CONTAINING_RECORD(plist_entry, LDR_DATA_TABLE_ENTRY32, InLoadOrderLinks); 144 | 145 | if (wcscmp((PWCH) pentry->BaseDllName.Buffer, ModuleName) == 0) 146 | { 147 | ret.Address = pentry->DllBase; 148 | ret.Size = pentry->SizeOfImage; 149 | break; 150 | } 151 | } 152 | } 153 | __except (EXCEPTION_EXECUTE_HANDLER) 154 | { 155 | DebugMessageNormal("%s: Exception, Code: 0x%X\n", __FUNCTION__, GetExceptionCode()); 156 | } 157 | 158 | KeUnstackDetachProcess(&KAPC); 159 | 160 | return ret; 161 | } -------------------------------------------------------------------------------- /LEGACY_GarhalController/AntiAim.cpp: -------------------------------------------------------------------------------- 1 | #pragma warning (disable : 26495 4302 4311) 2 | 3 | #include "AntiAim.hpp" 4 | #include "offsets.hpp" 5 | 6 | 7 | void AntiAim::SetUserCMDViewAngles(Vector3 viewAngles) 8 | { 9 | Driver.WriteVirtualMemory(ProcessId, cmdAngleX, viewAngles(0), sizeof(viewAngles(0))); 10 | Driver.WriteVirtualMemory(ProcessId, cmdAngleX, viewAngles(1), sizeof(viewAngles(1))); 11 | Driver.WriteVirtualMemory(ProcessId, cmdAngleX, viewAngles(2), sizeof(viewAngles(2))); 12 | } 13 | 14 | void AntiAim::SetUserCmd(UserCMD_ShellCode cmd) 15 | { 16 | cmd.shouldSet = true; 17 | Driver.WriteVirtualMemory(ProcessId, CMDAddress, cmd, sizeof(cmd)); 18 | } 19 | 20 | Vector3 AntiAim::getLocalViewAngles() 21 | { 22 | uint32_t clientState = Driver.ReadVirtualMemory(ProcessId, EngineAddress + hazedumper::signatures::dwClientState, sizeof(uint32_t)); 23 | return Driver.ReadVirtualMemory(ProcessId, clientState + hazedumper::signatures::dwClientState_ViewAngles, sizeof(Vector3)); 24 | } 25 | 26 | Vector3 AntiAim::getUserCMDViewAngles() 27 | { 28 | Vector3 buffer; 29 | buffer(0) = Driver.ReadVirtualMemory(ProcessId, cmdAngleX, sizeof(float)); 30 | buffer(1) = Driver.ReadVirtualMemory(ProcessId, cmdAngleY, sizeof(float)); 31 | buffer(2) = Driver.ReadVirtualMemory(ProcessId, cmdAngleZ, sizeof(float)); 32 | return buffer; 33 | } 34 | 35 | // Credits: sethxi 36 | DWORD AntiAim::GetVFunc(DWORD inst, int Index) 37 | { 38 | DWORD table = Driver.ReadVirtualMemory(ProcessId, inst, sizeof(inst)); 39 | DWORD func = table + sizeof(DWORD) * Index; 40 | return func; 41 | } 42 | 43 | void AntiAim::Hook(DWORD Instance, int Index, DWORD HookFunc) 44 | { 45 | uintptr_t VFunc = GetVFunc(Instance, Index); 46 | DWORD OldProtect; 47 | 48 | VirtualProtectEx(ProcessHandle, (LPVOID)VFunc, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &OldProtect); 49 | Driver.WriteVirtualMemory(ProcessId, VFunc, HookFunc, sizeof(HookFunc)); 50 | VirtualProtectEx(ProcessHandle, (LPVOID)VFunc, sizeof(DWORD), OldProtect, &OldProtect); 51 | } 52 | 53 | void AntiAim::HookCreateMove() 54 | { 55 | BYTE hook[] = "\x55\x89\xE5\x8B\x55\x0C\x8B\x0D\x00\x00\x00\x00\x83\xF9\x01\x74\x02\xEB\x2A\xA1\x00\x00\x00\x00\x89\x42\x0C\xA1\x00\x00\x00\x00\x89\x42\x10\xA1\x00\x00\x00\x00\x89\x42\x14\xA1\x00\x00\x00\x00\x89\x42\x24\xA1\x00\x00\x00\x00\x89\x42\x28\xEB\x00\x5D\xC2\x08\x00"; 56 | /* 57 | asm (with forward/sidemove): 58 | push ebp 59 | mov ebp,esp 60 | mov edx,DWORD PTR [ebp+0xc] 61 | mov ecx,[0x00000000] 62 | cmp ecx, 1 63 | je setCmd 64 | jmp done 65 | setCmd: 66 | mov eax,[0x00000000] 67 | mov [edx+0xc], eax 68 | mov eax,[0x00000000] 69 | mov [edx+0x10], eax 70 | mov eax,[0x00000000] 71 | mov [edx+0x14], eax 72 | mov eax,[0x00000000] 73 | mov [edx+0x24], eax 74 | mov eax,[0x00000000] 75 | mov [edx+0x28], eax 76 | jmp done 77 | done: 78 | pop ebp 79 | ret 8 80 | */ 81 | 82 | // TODO: Use shell code struct. 83 | cmdAngleX = (DWORD) VirtualAllocEx(ProcessHandle, NULL, sizeof(float) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 84 | cmdAngleY = (DWORD) VirtualAllocEx(ProcessHandle, NULL, sizeof(float) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 85 | cmdAngleZ = (DWORD) VirtualAllocEx(ProcessHandle, NULL, sizeof(float) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 86 | shouldSetAngles = (DWORD) VirtualAllocEx(ProcessHandle, NULL, sizeof(bool) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 87 | CMDAddress = (DWORD) VirtualAllocEx(ProcessHandle, NULL, sizeof(UserCMD_ShellCode) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 88 | LPVOID shellCodeAddress = VirtualAllocEx(ProcessHandle, NULL, sizeof(hook) + 1, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 89 | const float zero = 0.f; 90 | if (!Driver.WriteVirtualMemory(ProcessId, CMDAddress, zero, sizeof(zero))) 91 | { 92 | return; 93 | } 94 | 95 | // Fill in addresses that (inside CS:GO) point towards the values we set 96 | *(DWORD*)(&hook[0x14]) = CMDAddress; 97 | *(DWORD*)(&hook[0x1C]) = CMDAddress + 0x4; 98 | *(DWORD*)(&hook[0x24]) = CMDAddress + 0x8; 99 | *(DWORD*)(&hook[0x2C]) = CMDAddress + 0xC; 100 | *(DWORD*)(&hook[0x34]) = CMDAddress + 0x10; 101 | // Should Set 102 | *(DWORD*)(&hook[0x8]) = CMDAddress + 0x14; 103 | 104 | if (!Driver.WriteVirtualMemory(ProcessId, (ULONG) shellCodeAddress, &hook[0], sizeof(hook))) 105 | { 106 | return; 107 | } 108 | 109 | DWORD gar = reinterpret_cast(IClientMode); 110 | Hook(gar, 24, (DWORD)shellCodeAddress); 111 | } 112 | 113 | void AntiAim::DoAntiAim() 114 | { 115 | if (!GetAsyncKeyState(0x1)) 116 | { 117 | ShouldSetViewAnglesThisTick = true; 118 | Vector3 currentViewAngles = getLocalViewAngles(); 119 | currentViewAngles(0) = 89.f; 120 | SetUserCMDViewAngles(currentViewAngles); 121 | } 122 | else 123 | { 124 | ShouldSetViewAnglesThisTick = false; 125 | } 126 | Driver.WriteVirtualMemory(ProcessId, shouldSetAngles, ShouldSetViewAnglesThisTick, sizeof(bool)); 127 | } 128 | 129 | void AntiAim::Enable() 130 | { 131 | ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId); 132 | } 133 | 134 | AntiAim::AntiAim() 135 | { 136 | 137 | } 138 | 139 | AntiAim::~AntiAim() 140 | { 141 | if (ProcessHandle != NULL) 142 | { 143 | CloseHandle(ProcessHandle); 144 | } 145 | } 146 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/data.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include "Matrix.hpp" 5 | #include "kernelinterface.hpp" 6 | 7 | using Vector3 = Matrix; 8 | using WorldToScreenMatrix = Matrix; 9 | 10 | struct GlowStruct 11 | { 12 | BYTE base[4]; 13 | float red; 14 | float green; 15 | float blue; 16 | float alpha; 17 | BYTE buffer[16]; 18 | bool renderWhenOccluded; 19 | bool renderWhenUnOccluded; 20 | bool fullBloom; 21 | BYTE buffer1[5]; 22 | int glowStyle; 23 | }; 24 | 25 | enum GameState 26 | { 27 | Lobby = 0, 28 | Loading = 1, 29 | Connecting = 2, 30 | Connected = 5, 31 | InGame = 6, 32 | UnknownG = -1, 33 | }; 34 | 35 | struct UserCMD_ShellCode 36 | { 37 | Vector3 m_vecViewAngles; // 0x0C 38 | float m_flForwardmove; // 0x24 39 | float m_flSidemove; // 0x28 40 | bool shouldSet; 41 | }; 42 | 43 | enum CSGO_Weapon_ID 44 | { 45 | WEAPON_UNKNOWN = 0, 46 | WEAPON_DEAGLE = 1, 47 | WEAPON_ELITE = 2, 48 | WEAPON_FIVESEVEN = 3, 49 | WEAPON_GLOCK = 4, 50 | WEAPON_AK47 = 7, 51 | WEAPON_AUG = 8, 52 | WEAPON_AWP = 9, 53 | WEAPON_FAMAS = 10, 54 | WEAPON_G3SG1 = 11, 55 | WEAPON_GALILAR = 13, 56 | WEAPON_M249 = 14, 57 | WEAPON_M4A1 = 16, 58 | WEAPON_MAC10 = 17, 59 | WEAPON_P90 = 19, 60 | WEAPON_UMP45 = 24, 61 | WEAPON_XM1014 = 25, 62 | WEAPON_BIZON = 26, 63 | WEAPON_MAG7 = 27, 64 | WEAPON_NEGEV = 28, 65 | WEAPON_SAWEDOFF = 29, 66 | WEAPON_TEC9 = 30, 67 | WEAPON_TASER = 31, 68 | WEAPON_HKP2000 = 32, 69 | WEAPON_MP7 = 33, 70 | WEAPON_MP9 = 34, 71 | WEAPON_NOVA = 35, 72 | WEAPON_P250 = 36, 73 | WEAPON_SCAR20 = 38, 74 | WEAPON_SG556 = 39, 75 | WEAPON_SSG08 = 40, 76 | WEAPON_KNIFE = 42, 77 | WEAPON_FLASHBANG = 43, 78 | WEAPON_HEGRENADE = 44, 79 | WEAPON_SMOKEGRENADE = 45, 80 | WEAPON_MOLOTOV = 46, 81 | WEAPON_DECOY = 47, 82 | WEAPON_INCGRENADE = 48, 83 | WEAPON_C4 = 49, 84 | WEAPON_KNIFE_T = 59, 85 | WEAPON_M4A1_SILENCER = 60, 86 | WEAPON_USP_SILENCER = 61, 87 | WEAPON_CZ75A = 63, 88 | WEAPON_REVOLVER = 64, 89 | WEAPON_KNIFE_BAYONET = 500, 90 | WEAPON_KNIFE_FLIP = 505, 91 | WEAPON_KNIFE_GUT = 506, 92 | WEAPON_KNIFE_KARAMBIT = 507, 93 | WEAPON_KNIFE_M9_BAYONET = 508, 94 | WEAPON_KNIFE_TACTICAL = 509, 95 | WEAPON_KNIFE_FALCHION = 512, 96 | WEAPON_KNIFE_SURVIVAL_BOWIE = 514, 97 | WEAPON_KNIFE_BUTTERFLY = 515, 98 | WEAPON_KNIFE_PUSH = 516 99 | }; 100 | 101 | inline bool IsWeaponNonAim(int iWeaponID) 102 | { 103 | if (iWeaponID == WEAPON_KNIFE_BAYONET 104 | || iWeaponID == WEAPON_KNIFE_FLIP 105 | || iWeaponID == WEAPON_KNIFE 106 | || iWeaponID == WEAPON_KNIFE_T 107 | || iWeaponID == WEAPON_KNIFE_GUT 108 | || iWeaponID == WEAPON_KNIFE_KARAMBIT 109 | || iWeaponID == WEAPON_KNIFE_M9_BAYONET 110 | || iWeaponID == WEAPON_KNIFE_TACTICAL 111 | || iWeaponID == WEAPON_KNIFE_FALCHION 112 | || iWeaponID == WEAPON_KNIFE_SURVIVAL_BOWIE 113 | || iWeaponID == WEAPON_KNIFE_BUTTERFLY 114 | || iWeaponID == WEAPON_KNIFE_PUSH 115 | || iWeaponID == WEAPON_FLASHBANG 116 | || iWeaponID == WEAPON_HEGRENADE 117 | || iWeaponID == WEAPON_SMOKEGRENADE 118 | || iWeaponID == WEAPON_MOLOTOV 119 | || iWeaponID == WEAPON_DECOY 120 | || iWeaponID == WEAPON_INCGRENADE 121 | || iWeaponID == WEAPON_C4) 122 | { 123 | return true; 124 | } 125 | 126 | return false; 127 | } 128 | 129 | inline bool IsWeaponPistol(int iWeaponID) 130 | { 131 | return iWeaponID == WEAPON_DEAGLE 132 | || iWeaponID == WEAPON_ELITE 133 | || iWeaponID == WEAPON_FIVESEVEN 134 | || iWeaponID == WEAPON_GLOCK 135 | || iWeaponID == WEAPON_P250 136 | || iWeaponID == WEAPON_USP_SILENCER 137 | || iWeaponID == WEAPON_CZ75A 138 | || iWeaponID == WEAPON_REVOLVER 139 | || iWeaponID == WEAPON_TEC9 140 | || iWeaponID == WEAPON_TASER 141 | || iWeaponID == WEAPON_HKP2000; 142 | } 143 | 144 | inline bool IsWeaponSniper(int iWeaponID) 145 | { 146 | return iWeaponID == WEAPON_AWP 147 | || iWeaponID == WEAPON_SSG08; 148 | } 149 | 150 | #define SCREEN_WIDTH 1920 151 | #define SCREEN_HEIGHT 1080 152 | #define FL_ONGROUND (1<<0) 153 | #define IN_ATTACK (1<<0) 154 | #define IN_ATTACK2 (1<<11) 155 | #define IN_RELOAD (1<<13) 156 | #define KEY_DOWN (0x80000000) 157 | #define MOUSE_UP (0x100) 158 | #define HEAD_BONE_ID ((DWORD) 8) 159 | #define CHEST_BONE_ID ((DWORD) 37) 160 | 161 | inline const float FovRange = 10.0f; 162 | inline DWORD ProcessId, ClientAddress, ClientSize, EngineAddress, EngineSize, CMDAddress; 163 | inline DWORD** IClientMode; 164 | inline KeInterface Driver = NULL; 165 | 166 | // Store the config values here. 167 | inline uint8_t AimbotS = 0; 168 | inline uint8_t AimbotTarget = 0; 169 | inline uint8_t AimbotBullets = 0; 170 | inline uint8_t TriggerBotDelayMin = 0; 171 | inline uint8_t TriggerBotDelayMax = 0; 172 | inline uint16_t AimbotKey = 0; 173 | inline uint16_t TriggerBotKey = 0; 174 | inline bool Bhop = false; 175 | inline bool Wallhack = false; 176 | inline bool NoFlash = false; 177 | inline bool TriggerBot = false; 178 | inline bool Radar = false; 179 | inline bool TriggerBotDelay = false; 180 | inline std::vector WeaponIDs; 181 | 182 | inline void FreeMemory() 183 | { 184 | free(&AimbotS); 185 | free(&AimbotTarget); 186 | free(&AimbotBullets); 187 | free(&TriggerBotDelayMin); 188 | free(&TriggerBotDelayMax); 189 | free(&TriggerBotKey); 190 | free(&Bhop); 191 | free(&Wallhack); 192 | free(&NoFlash); 193 | free(&TriggerBot); 194 | free(&Radar); 195 | free(&WeaponIDs); 196 | 197 | free(&Driver); 198 | free(&ProcessId); 199 | free(&ClientAddress); 200 | free(&ClientSize); 201 | free(&EngineAddress); 202 | free(&EngineSize); 203 | } 204 | -------------------------------------------------------------------------------- /GarhalController/kernelinterface.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning( disable : 4101 4244) 3 | 4 | #include "communications.hpp" 5 | 6 | // The interface handler for IOCTL. Thanks Zeromem. 7 | class KeInterface 8 | { 9 | 10 | public: 11 | // Handle to driver 12 | HANDLE hDriver; 13 | 14 | // Initializer 15 | KeInterface(LPCSTR RegistryPath) 16 | { 17 | hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, 18 | FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); 19 | } 20 | 21 | template 22 | type ReadVirtualMemory(ULONG ProcessId, ULONG ReadAddress, SIZE_T Size) 23 | { 24 | // allocate a buffer with specified type to allow our driver to write our wanted data inside this buffer 25 | type Buffer; 26 | 27 | DWORD Return, Bytes; 28 | KERNEL_READ_REQUEST ReadRequest; 29 | 30 | 31 | ReadRequest.ProcessId = ProcessId; 32 | ReadRequest.Address = ReadAddress; 33 | 34 | //send the 'address' of the buffer so our driver can know where to write the data 35 | ReadRequest.pBuff = &Buffer; 36 | 37 | ReadRequest.Size = Size; 38 | 39 | // send code to our driver with the arguments 40 | if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0)) 41 | { 42 | //return our buffer 43 | return Buffer; 44 | } 45 | return Buffer; 46 | } 47 | 48 | template 49 | bool WriteVirtualMemory(ULONG ProcessId, ULONG WriteAddress, type WriteValue, SIZE_T WriteSize) 50 | { 51 | if (hDriver == INVALID_HANDLE_VALUE) 52 | return false; 53 | DWORD Bytes; 54 | 55 | KERNEL_WRITE_REQUEST WriteRequest; 56 | WriteRequest.ProcessId = ProcessId; 57 | WriteRequest.Address = WriteAddress; 58 | 59 | //send driver the 'address' of our specified type WriteValue so our driver can copy the data we want to write from this address to WriteAddress 60 | WriteRequest.pBuff = &WriteValue; 61 | 62 | WriteRequest.Size = WriteSize; 63 | 64 | if (DeviceIoControl(hDriver, IO_WRITE_REQUEST, &WriteRequest, sizeof(WriteRequest), 0, 0, &Bytes, NULL)) 65 | { 66 | return true; 67 | } 68 | return false; 69 | } 70 | 71 | bool ReadSpecial(ULONG ProcessId, DWORD dwAddress, LPVOID lpBuffer, DWORD dwSize) 72 | { 73 | SIZE_T Out = NULL; 74 | 75 | KERNEL_READ_REQUEST ReadRequest; 76 | 77 | ReadRequest.ProcessId = ProcessId; 78 | ReadRequest.Address = dwAddress; 79 | 80 | ReadRequest.pBuff = &lpBuffer; 81 | 82 | ReadRequest.Size = dwSize; 83 | 84 | return (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0) == TRUE); 85 | } 86 | 87 | bool RequestProtection() 88 | { 89 | if (hDriver == INVALID_HANDLE_VALUE) 90 | return false; 91 | 92 | return DeviceIoControl(hDriver, IO_PROTECT_CONTROLLER, 0, 0, 0, 0, 0, 0); 93 | } 94 | 95 | DWORD GetTargetPid() 96 | { 97 | if (hDriver == INVALID_HANDLE_VALUE) 98 | return false; 99 | 100 | ULONG Id; 101 | DWORD Bytes; 102 | 103 | if (DeviceIoControl(hDriver, IO_GET_ID_REQUEST, &Id, sizeof(Id), 104 | &Id, sizeof(Id), &Bytes, NULL)) 105 | { 106 | return Id; 107 | } 108 | 109 | return false; 110 | } 111 | 112 | DWORD GetClientModule() 113 | { 114 | if (hDriver == INVALID_HANDLE_VALUE) 115 | return false; 116 | 117 | ULONG Address; 118 | DWORD Bytes; 119 | 120 | if (DeviceIoControl(hDriver, IO_GET_MODULE_REQUEST, &Address, sizeof(Address), 121 | &Address, sizeof(Address), &Bytes, NULL)) 122 | { 123 | return Address; 124 | } 125 | return false; 126 | } 127 | 128 | DWORD GetClientModuleSize() 129 | { 130 | if (hDriver == INVALID_HANDLE_VALUE) 131 | return false; 132 | 133 | ULONG Address; 134 | DWORD Bytes; 135 | 136 | if (DeviceIoControl(hDriver, IO_GET_MODULE_REQUEST_LENGTH, &Address, sizeof(Address), 137 | &Address, sizeof(Address), &Bytes, NULL)) 138 | { 139 | return Address; 140 | } 141 | return false; 142 | } 143 | 144 | 145 | DWORD GetEngineModule() 146 | { 147 | if (hDriver == INVALID_HANDLE_VALUE) 148 | return false; 149 | 150 | ULONG Address; 151 | DWORD Bytes; 152 | 153 | if (DeviceIoControl(hDriver, IO_GET_ENGINE_MODULE_REQUEST, &Address, sizeof(Address), 154 | &Address, sizeof(Address), &Bytes, NULL)) 155 | { 156 | return Address; 157 | } 158 | return false; 159 | } 160 | 161 | DWORD GetEngineModuleSize() 162 | { 163 | if (hDriver == INVALID_HANDLE_VALUE) 164 | return false; 165 | 166 | ULONG Address; 167 | DWORD Bytes; 168 | 169 | if (DeviceIoControl(hDriver, IO_GET_ENGINE_MODULE_REQUEST_LENGTH, &Address, sizeof(Address), 170 | &Address, sizeof(Address), &Bytes, NULL)) 171 | { 172 | return Address; 173 | } 174 | return false; 175 | } 176 | 177 | BOOL DataCompare(const BYTE* pData, const BYTE* pMask, const char* pszMask) 178 | { 179 | for (; *pszMask; ++pszMask, ++pData, ++pMask) 180 | { 181 | if (*pszMask == 'x' && *pData != *pMask) 182 | { 183 | return FALSE; 184 | } 185 | } 186 | return (*pszMask == 0); 187 | } 188 | 189 | DWORD Scan(ULONG ProcessId, DWORD dwStart, DWORD dwSize, const char* pSignature, const char* pMask) 190 | { 191 | BYTE* pRemote = new BYTE[dwSize]; 192 | if (!ReadSpecial(ProcessId, dwStart, pRemote, dwSize)) 193 | { 194 | delete[] pRemote; 195 | return NULL; 196 | } 197 | for (DWORD dwIndex = 0; dwIndex < dwSize; dwIndex++) 198 | { 199 | if (DataCompare((const BYTE*)(pRemote + dwIndex), (const BYTE*)pSignature, pMask)) 200 | { 201 | delete[] pRemote; 202 | return (dwStart + dwIndex); 203 | } 204 | } 205 | delete[] pRemote; 206 | return NULL; 207 | } 208 | }; -------------------------------------------------------------------------------- /LEGACY_GarhalController/kernelinterface.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning( disable : 4101 4244) 3 | 4 | #include "communications.hpp" 5 | 6 | // The interface handler for IOCTL. Thanks Zeromem. 7 | class KeInterface 8 | { 9 | 10 | public: 11 | HANDLE hDriver; // Handle to driver 12 | 13 | // Initializer 14 | KeInterface(LPCSTR RegistryPath) 15 | { 16 | hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, 17 | FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0); 18 | } 19 | 20 | template 21 | type ReadVirtualMemory(ULONG ProcessId, ULONG ReadAddress, SIZE_T Size) 22 | { 23 | // allocate a buffer with specified type to allow our driver to write our wanted data inside this buffer 24 | type Buffer; 25 | 26 | DWORD Return, Bytes; 27 | KERNEL_READ_REQUEST ReadRequest; 28 | 29 | 30 | ReadRequest.ProcessId = ProcessId; 31 | ReadRequest.Address = ReadAddress; 32 | 33 | //send the 'address' of the buffer so our driver can know where to write the data 34 | ReadRequest.pBuff = &Buffer; 35 | 36 | ReadRequest.Size = Size; 37 | 38 | // send code to our driver with the arguments 39 | if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0)) 40 | { 41 | //return our buffer 42 | return Buffer; 43 | } 44 | return Buffer; 45 | } 46 | 47 | template 48 | bool WriteVirtualMemory(ULONG ProcessId, ULONG WriteAddress, type WriteValue, SIZE_T WriteSize) 49 | { 50 | if (hDriver == INVALID_HANDLE_VALUE) 51 | return false; 52 | DWORD Bytes; 53 | 54 | KERNEL_WRITE_REQUEST WriteRequest; 55 | WriteRequest.ProcessId = ProcessId; 56 | WriteRequest.Address = WriteAddress; 57 | 58 | //send driver the 'address' of our specified type WriteValue so our driver can copy the data we want to write from this address to WriteAddress 59 | WriteRequest.pBuff = &WriteValue; 60 | 61 | WriteRequest.Size = WriteSize; 62 | 63 | if (DeviceIoControl(hDriver, IO_WRITE_REQUEST, &WriteRequest, sizeof(WriteRequest), 0, 0, &Bytes, NULL)) 64 | { 65 | return true; 66 | } 67 | return false; 68 | } 69 | 70 | bool ReadSpecial(ULONG ProcessId, DWORD dwAddress, LPVOID lpBuffer, DWORD dwSize) 71 | { 72 | SIZE_T Out = NULL; 73 | 74 | KERNEL_READ_REQUEST ReadRequest; 75 | 76 | ReadRequest.ProcessId = ProcessId; 77 | ReadRequest.Address = dwAddress; 78 | 79 | ReadRequest.pBuff = &lpBuffer; 80 | 81 | ReadRequest.Size = dwSize; 82 | 83 | return (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0) == TRUE); 84 | } 85 | 86 | bool RequestProtection() 87 | { 88 | if (hDriver == INVALID_HANDLE_VALUE) 89 | return false; 90 | 91 | return DeviceIoControl(hDriver, IO_PROTECT_CONTROLLER, 0, 0, 0, 0, 0, 0); 92 | } 93 | 94 | DWORD GetTargetPid() 95 | { 96 | if (hDriver == INVALID_HANDLE_VALUE) 97 | return false; 98 | 99 | ULONG Id; 100 | DWORD Bytes; 101 | 102 | if (DeviceIoControl(hDriver, IO_GET_ID_REQUEST, &Id, sizeof(Id), 103 | &Id, sizeof(Id), &Bytes, NULL)) 104 | { 105 | return Id; 106 | } 107 | 108 | return false; 109 | } 110 | 111 | DWORD GetClientModule() 112 | { 113 | if (hDriver == INVALID_HANDLE_VALUE) 114 | return false; 115 | 116 | ULONG Address; 117 | DWORD Bytes; 118 | 119 | if (DeviceIoControl(hDriver, IO_GET_MODULE_REQUEST, &Address, sizeof(Address), 120 | &Address, sizeof(Address), &Bytes, NULL)) 121 | { 122 | return Address; 123 | } 124 | return false; 125 | } 126 | 127 | DWORD GetClientModuleSize() 128 | { 129 | if (hDriver == INVALID_HANDLE_VALUE) 130 | return false; 131 | 132 | ULONG Address; 133 | DWORD Bytes; 134 | 135 | if (DeviceIoControl(hDriver, IO_GET_MODULE_REQUEST_LENGTH, &Address, sizeof(Address), 136 | &Address, sizeof(Address), &Bytes, NULL)) 137 | { 138 | return Address; 139 | } 140 | return false; 141 | } 142 | 143 | 144 | DWORD GetEngineModule() 145 | { 146 | if (hDriver == INVALID_HANDLE_VALUE) 147 | return false; 148 | 149 | ULONG Address; 150 | DWORD Bytes; 151 | 152 | if (DeviceIoControl(hDriver, IO_GET_ENGINE_MODULE_REQUEST, &Address, sizeof(Address), 153 | &Address, sizeof(Address), &Bytes, NULL)) 154 | { 155 | return Address; 156 | } 157 | return false; 158 | } 159 | 160 | DWORD GetEngineModuleSize() 161 | { 162 | if (hDriver == INVALID_HANDLE_VALUE) 163 | return false; 164 | 165 | ULONG Address; 166 | DWORD Bytes; 167 | 168 | if (DeviceIoControl(hDriver, IO_GET_ENGINE_MODULE_REQUEST_LENGTH, &Address, sizeof(Address), 169 | &Address, sizeof(Address), &Bytes, NULL)) 170 | { 171 | return Address; 172 | } 173 | return false; 174 | } 175 | 176 | BOOL DataCompare(const BYTE* pData, const BYTE* pMask, const char* pszMask) 177 | { 178 | for (; *pszMask; ++pszMask, ++pData, ++pMask) 179 | { 180 | if (*pszMask == 'x' && *pData != *pMask) 181 | { 182 | return FALSE; 183 | } 184 | } 185 | return (*pszMask == 0); 186 | } 187 | 188 | DWORD Scan(ULONG ProcessId, DWORD dwStart, DWORD dwSize, const char* pSignature, const char* pMask) 189 | { 190 | BYTE* pRemote = new BYTE[dwSize]; 191 | if (!ReadSpecial(ProcessId, dwStart, pRemote, dwSize)) 192 | { 193 | delete[] pRemote; 194 | return NULL; 195 | } 196 | for (DWORD dwIndex = 0; dwIndex < dwSize; dwIndex++) 197 | { 198 | if (DataCompare((const BYTE*)(pRemote + dwIndex), (const BYTE*)pSignature, pMask)) 199 | { 200 | delete[] pRemote; 201 | return (dwStart + dwIndex); 202 | } 203 | } 204 | delete[] pRemote; 205 | return NULL; 206 | } 207 | }; -------------------------------------------------------------------------------- /Garhal/communication.c: -------------------------------------------------------------------------------- 1 | #pragma warning( disable : 4100 4047 4024 4022 4201 4311 4057 4213 4189 4081 4189 4706 4214 4459 4273) 2 | 3 | #include "data.h" 4 | #include "messages.h" 5 | #include "communication.h" 6 | #include "memory.h" 7 | 8 | 9 | NTSTATUS CreateCall(PDEVICE_OBJECT DeviceObject, PIRP irp) 10 | { 11 | irp->IoStatus.Status = STATUS_SUCCESS; 12 | irp->IoStatus.Information = 0; 13 | 14 | IoCompleteRequest(irp, IO_NO_INCREMENT); 15 | return STATUS_SUCCESS; 16 | } 17 | 18 | NTSTATUS CloseCall(PDEVICE_OBJECT DeviceObject, PIRP irp) 19 | { 20 | irp->IoStatus.Status = STATUS_SUCCESS; 21 | irp->IoStatus.Information = 0; 22 | 23 | IoCompleteRequest(irp, IO_NO_INCREMENT); 24 | return STATUS_SUCCESS; 25 | } 26 | 27 | // IOCTL Call Handler function 28 | 29 | NTSTATUS IoControl(PDEVICE_OBJECT DeviceObject, PIRP Irp) 30 | { 31 | NTSTATUS Status; 32 | ULONG BytesIO = 0; 33 | 34 | PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp); 35 | 36 | // Code received from user space 37 | ULONG ControlCode = stack->Parameters.DeviceIoControl.IoControlCode; 38 | if (ControlCode == IO_READ_REQUEST) 39 | { 40 | // Get the input buffer & format it to our struct 41 | PKERNEL_READ_REQUEST ReadInput = (PKERNEL_READ_REQUEST)Irp->AssociatedIrp.SystemBuffer; 42 | 43 | PEPROCESS Process; 44 | 45 | // Get our process 46 | if (NT_SUCCESS(PsLookupProcessByProcessId(ReadInput->ProcessId, &Process))) { 47 | 48 | //read from ReadInput->Address and write it to pBuff so we can use the data in our controller 49 | KeReadVirtualMemory(Process, ReadInput->Address, ReadInput->pBuff, ReadInput->Size); 50 | } 51 | 52 | //DebugMessageNormal("Read Params: %lu, %#010x \n", ReadInput->ProcessId, ReadInput->Address); 53 | //DebugMessageNormal("Value: %lu \n", ReadOutput->Response); 54 | 55 | Status = STATUS_SUCCESS; 56 | BytesIO = sizeof(KERNEL_READ_REQUEST); 57 | } 58 | else if (ControlCode == IO_WRITE_REQUEST) 59 | { 60 | // Get the input buffer & format it to our struct 61 | PKERNEL_WRITE_REQUEST WriteInput = (PKERNEL_WRITE_REQUEST)Irp->AssociatedIrp.SystemBuffer; 62 | 63 | PEPROCESS Process; 64 | // Get our process 65 | if (NT_SUCCESS(PsLookupProcessByProcessId(WriteInput->ProcessId, &Process))) { 66 | // copy the value of pBuff to WriteInput->Address 67 | KeWriteVirtualMemory(Process, WriteInput->pBuff, WriteInput->Address, WriteInput->Size); 68 | } 69 | 70 | //DebugMessageNormal("Write Params: %lu, %#010x \n", WriteInput->Value, WriteInput->Address); 71 | 72 | Status = STATUS_SUCCESS; 73 | BytesIO = sizeof(KERNEL_WRITE_REQUEST); 74 | } 75 | else if (ControlCode == IO_GET_ID_REQUEST) 76 | { 77 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer; 78 | 79 | if (IsManualMapped) 80 | { 81 | vector processes; 82 | vector_init(&processes); 83 | FindProcessByName("csgo.exe", &processes); 84 | 85 | // Did we find csgo? 86 | if (vector_total(&processes) > 0) 87 | { 88 | // First should be good. 89 | PEPROCESS proc = (PEPROCESS) vector_get(&processes, 0); 90 | CsgoID = (ULONG) PsGetProcessId(proc); 91 | 92 | MODULEENTRY ClientEntry = GetProcessModule(proc, L"client.dll"); 93 | MODULEENTRY EngineEntry = GetProcessModule(proc, L"engine.dll"); 94 | 95 | ClientAddress = ClientEntry.Address; 96 | EngineAddress = EngineEntry.Address; 97 | ClientSize = ClientEntry.Size; 98 | EngineSize = EngineEntry.Size; 99 | } 100 | vector_free(&processes); 101 | } 102 | 103 | *OutPut = CsgoID; 104 | 105 | DebugMessageNormal("A UserMode Application requested the ProcessID: %#010x \n", CsgoID); 106 | Status = STATUS_SUCCESS; 107 | BytesIO = sizeof(*OutPut); 108 | } 109 | else if (ControlCode == IO_GET_MODULE_REQUEST) 110 | { 111 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer; 112 | *OutPut = ClientAddress; 113 | 114 | DebugMessageNormal("A UserMode Application requested the ClientAddress: %#010x \n", ClientAddress); 115 | Status = STATUS_SUCCESS; 116 | BytesIO = sizeof(*OutPut); 117 | } 118 | else if (ControlCode == IO_GET_ENGINE_MODULE_REQUEST) 119 | { 120 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer; 121 | *OutPut = EngineAddress; 122 | 123 | DebugMessageNormal("A UserMode Application requested the EngineAddress: %#010x \n", EngineAddress); 124 | Status = STATUS_SUCCESS; 125 | BytesIO = sizeof(*OutPut); 126 | } 127 | else if (ControlCode == IO_GET_MODULE_REQUEST_LENGTH) 128 | { 129 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer; 130 | *OutPut = ClientSize; 131 | 132 | DebugMessageNormal("A UserMode Application requested the size of Client: %#010x \n", ClientSize); 133 | Status = STATUS_SUCCESS; 134 | BytesIO = sizeof(*OutPut); 135 | } 136 | else if (ControlCode == IO_GET_ENGINE_MODULE_REQUEST_LENGTH) 137 | { 138 | PULONG OutPut = (PULONG)Irp->AssociatedIrp.SystemBuffer; 139 | *OutPut = EngineSize; 140 | 141 | DebugMessageNormal("A UserMode Application requested the size of Engine: %#010x \n", EngineSize); 142 | Status = STATUS_SUCCESS; 143 | BytesIO = sizeof(*OutPut); 144 | } 145 | else if (ControlCode == IO_PROTECT_CONTROLLER) 146 | { 147 | ProtectController = 1; 148 | DebugMessageNormal("IO_PROTECT_CONTROLLER received. Controller is marked ready, and fully protected. \n"); 149 | Status = STATUS_SUCCESS; 150 | } 151 | else if (ControlCode == IO_PROTECT_RANKREADER) 152 | { 153 | ProtectRankReader = 1; 154 | DebugMessageNormal("IO_PROTECT_RANKREADER received. RankReader is marked ready, and fully protected. \n"); 155 | Status = STATUS_SUCCESS; 156 | } 157 | else 158 | { 159 | // if the code is unknown 160 | Status = STATUS_INVALID_PARAMETER; 161 | } 162 | 163 | // Complete the request 164 | Irp->IoStatus.Status = Status; 165 | Irp->IoStatus.Information = BytesIO; 166 | IoCompleteRequest(Irp, IO_NO_INCREMENT); 167 | 168 | return Status; 169 | } -------------------------------------------------------------------------------- /GarhalController/sdk.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning (disable : 4005) 3 | 4 | #define FL_ONGROUND (1<<0) // At rest / on the ground 5 | #define FL_DUCKING (1<<1) // Player flag -- Player is fully crouched 6 | #define FL_WATERJUMP (1<<2) // player jumping out of water 7 | #define FL_ONTRAIN (1<<3) // Player is _controlling_ a train, so movement commands should be ignored on client during prediction. 8 | #define FL_INRAIN (1<<4) // Indicates the entity is standing in rain 9 | #define FL_FROZEN (1<<5) // Player is frozen for 3rd person camera 10 | #define FL_ATCONTROLS (1<<6) // Player can't move, but keeps key inputs for controlling another entity 11 | #define FL_CLIENT (1<<7) // Is a player 12 | #define FL_FAKECLIENT (1<<8) // Fake client, simulated server side; don't send network messages to them 13 | // NON-PLAYER SPECIFIC (i.e., not used by GameMovement or the client .dll ) -- Can still be applied to players, though 14 | #define FL_INWATER (1<<9) // In water 15 | 16 | // NOTE if you move things up, make sure to change this value 17 | #define PLAYER_FLAG_BITS 10 18 | 19 | #define FL_FLY (1<<10) // Changes the SV_Movestep() behavior to not need to be on ground 20 | #define FL_SWIM (1<<11) // Changes the SV_Movestep() behavior to not need to be on ground (but stay in water) 21 | #define FL_CONVEYOR (1<<12) 22 | #define FL_NPC (1<<13) 23 | #define FL_GODMODE (1<<14) 24 | #define FL_NOTARGET (1<<15) 25 | #define FL_AIMTARGET (1<<16) // set if the crosshair needs to aim onto the entity 26 | #define FL_PARTIALGROUND (1<<17) // not all corners are valid 27 | #define FL_STATICPROP (1<<18) // Eetsa static prop! 28 | #define FL_GRAPHED (1<<19) // worldgraph has this ent listed as something that blocks a connection 29 | #define FL_GRENADE (1<<20) 30 | #define FL_STEPMOVEMENT (1<<21) // Changes the SV_Movestep() behavior to not do any processing 31 | #define FL_DONTTOUCH (1<<22) // Doesn't generate touch functions, generates Untouch() for anything it was touching when this flag was set 32 | #define FL_BASEVELOCITY (1<<23) // Base velocity has been applied this frame (used to convert base velocity into momentum) 33 | #define FL_WORLDBRUSH (1<<24) // Not moveable/removeable brush entity (really part of the world, but represented as an entity for transparency or something) 34 | #define FL_OBJECT (1<<25) // Terrible name. This is an object that NPCs should see. Missiles, for example. 35 | #define FL_KILLME (1<<26) // This entity is marked for death -- will be freed by game DLL 36 | #define FL_ONFIRE (1<<27) // You know... 37 | #define FL_DISSOLVING (1<<28) // We're dissolving! 38 | #define FL_TRANSRAGDOLL (1<<29) // In the process of turning into a client side ragdoll. 39 | #define FL_UNBLOCKABLE_BY_PLAYER (1<<30) // pusher that can't be blocked by the player 40 | 41 | 42 | #define FL_ONGROUND (1<<0) // At rest / on the ground 43 | #define FL_DUCKING (1<<1) // Player flag -- Player is fully crouched 44 | #define FL_ANIMDUCKING (1<<2) // Player flag -- Player is in the process of crouching or uncrouching but could be in transition 45 | // examples: Fully ducked: FL_DUCKING & FL_ANIMDUCKING 46 | // Previously fully ducked, unducking in progress: FL_DUCKING & !FL_ANIMDUCKING 47 | // Fully unducked: !FL_DUCKING & !FL_ANIMDUCKING 48 | // Previously fully unducked, ducking in progress: !FL_DUCKING & FL_ANIMDUCKING 49 | #define FL_WATERJUMP (1<<3) // player jumping out of water 50 | #define FL_ONTRAIN (1<<4) // Player is _controlling_ a train, so movement commands should be ignored on client during prediction. 51 | #define FL_INRAIN (1<<5) // Indicates the entity is standing in rain 52 | #define FL_FROZEN (1<<6) // Player is frozen for 3rd person camera 53 | #define FL_ATCONTROLS (1<<7) // Player can't move, but keeps key inputs for controlling another entity 54 | #define FL_CLIENT (1<<8) // Is a player 55 | #define FL_FAKECLIENT (1<<9) // Fake client, simulated server side; don't send network messages to them 56 | // NON-PLAYER SPECIFIC (i.e., not used by GameMovement or the client .dll ) -- Can still be applied to players, though 57 | #define FL_INWATER (1<<10) // In water 58 | 59 | // NOTE if you move things up, make sure to change this value 60 | #define PLAYER_FLAG_BITS 11 61 | 62 | #define FL_FLY (1<<11) // Changes the SV_Movestep() behavior to not need to be on ground 63 | #define FL_SWIM (1<<12) // Changes the SV_Movestep() behavior to not need to be on ground (but stay in water) 64 | #define FL_CONVEYOR (1<<13) 65 | #define FL_NPC (1<<14) 66 | #define FL_GODMODE (1<<15) 67 | #define FL_NOTARGET (1<<16) 68 | #define FL_AIMTARGET (1<<17) // set if the crosshair needs to aim onto the entity 69 | #define FL_PARTIALGROUND (1<<18) // not all corners are valid 70 | #define FL_STATICPROP (1<<19) // Eetsa static prop! 71 | #define FL_GRAPHED (1<<20) // worldgraph has this ent listed as something that blocks a connection 72 | #define FL_GRENADE (1<<21) 73 | #define FL_STEPMOVEMENT (1<<22) // Changes the SV_Movestep() behavior to not do any processing 74 | #define FL_DONTTOUCH (1<<23) // Doesn't generate touch functions, generates Untouch() for anything it was touching when this flag was set 75 | #define FL_BASEVELOCITY (1<<24) // Base velocity has been applied this frame (used to convert base velocity into momentum) 76 | #define FL_WORLDBRUSH (1<<25) // Not moveable/removeable brush entity (really part of the world, but represented as an entity for transparency or something) 77 | #define FL_OBJECT (1<<26) // Terrible name. This is an object that NPCs should see. Missiles, for example. 78 | #define FL_KILLME (1<<27) // This entity is marked for death -- will be freed by game DLL 79 | #define FL_ONFIRE (1<<28) // You know... 80 | #define FL_DISSOLVING (1<<29) // We're dissolving! 81 | #define FL_TRANSRAGDOLL (1<<30) // In the process of turning into a client side ragdoll. 82 | #define FL_UNBLOCKABLE_BY_PLAYER (1<<31) // pusher that can't be blocked by the player -------------------------------------------------------------------------------- /LEGACY_GarhalController/sdk.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #pragma warning (disable : 4005) 3 | 4 | #define FL_ONGROUND (1<<0) // At rest / on the ground 5 | #define FL_DUCKING (1<<1) // Player flag -- Player is fully crouched 6 | #define FL_WATERJUMP (1<<2) // player jumping out of water 7 | #define FL_ONTRAIN (1<<3) // Player is _controlling_ a train, so movement commands should be ignored on client during prediction. 8 | #define FL_INRAIN (1<<4) // Indicates the entity is standing in rain 9 | #define FL_FROZEN (1<<5) // Player is frozen for 3rd person camera 10 | #define FL_ATCONTROLS (1<<6) // Player can't move, but keeps key inputs for controlling another entity 11 | #define FL_CLIENT (1<<7) // Is a player 12 | #define FL_FAKECLIENT (1<<8) // Fake client, simulated server side; don't send network messages to them 13 | // NON-PLAYER SPECIFIC (i.e., not used by GameMovement or the client .dll ) -- Can still be applied to players, though 14 | #define FL_INWATER (1<<9) // In water 15 | 16 | // NOTE if you move things up, make sure to change this value 17 | #define PLAYER_FLAG_BITS 10 18 | 19 | #define FL_FLY (1<<10) // Changes the SV_Movestep() behavior to not need to be on ground 20 | #define FL_SWIM (1<<11) // Changes the SV_Movestep() behavior to not need to be on ground (but stay in water) 21 | #define FL_CONVEYOR (1<<12) 22 | #define FL_NPC (1<<13) 23 | #define FL_GODMODE (1<<14) 24 | #define FL_NOTARGET (1<<15) 25 | #define FL_AIMTARGET (1<<16) // set if the crosshair needs to aim onto the entity 26 | #define FL_PARTIALGROUND (1<<17) // not all corners are valid 27 | #define FL_STATICPROP (1<<18) // Eetsa static prop! 28 | #define FL_GRAPHED (1<<19) // worldgraph has this ent listed as something that blocks a connection 29 | #define FL_GRENADE (1<<20) 30 | #define FL_STEPMOVEMENT (1<<21) // Changes the SV_Movestep() behavior to not do any processing 31 | #define FL_DONTTOUCH (1<<22) // Doesn't generate touch functions, generates Untouch() for anything it was touching when this flag was set 32 | #define FL_BASEVELOCITY (1<<23) // Base velocity has been applied this frame (used to convert base velocity into momentum) 33 | #define FL_WORLDBRUSH (1<<24) // Not moveable/removeable brush entity (really part of the world, but represented as an entity for transparency or something) 34 | #define FL_OBJECT (1<<25) // Terrible name. This is an object that NPCs should see. Missiles, for example. 35 | #define FL_KILLME (1<<26) // This entity is marked for death -- will be freed by game DLL 36 | #define FL_ONFIRE (1<<27) // You know... 37 | #define FL_DISSOLVING (1<<28) // We're dissolving! 38 | #define FL_TRANSRAGDOLL (1<<29) // In the process of turning into a client side ragdoll. 39 | #define FL_UNBLOCKABLE_BY_PLAYER (1<<30) // pusher that can't be blocked by the player 40 | 41 | 42 | #define FL_ONGROUND (1<<0) // At rest / on the ground 43 | #define FL_DUCKING (1<<1) // Player flag -- Player is fully crouched 44 | #define FL_ANIMDUCKING (1<<2) // Player flag -- Player is in the process of crouching or uncrouching but could be in transition 45 | // examples: Fully ducked: FL_DUCKING & FL_ANIMDUCKING 46 | // Previously fully ducked, unducking in progress: FL_DUCKING & !FL_ANIMDUCKING 47 | // Fully unducked: !FL_DUCKING & !FL_ANIMDUCKING 48 | // Previously fully unducked, ducking in progress: !FL_DUCKING & FL_ANIMDUCKING 49 | #define FL_WATERJUMP (1<<3) // player jumping out of water 50 | #define FL_ONTRAIN (1<<4) // Player is _controlling_ a train, so movement commands should be ignored on client during prediction. 51 | #define FL_INRAIN (1<<5) // Indicates the entity is standing in rain 52 | #define FL_FROZEN (1<<6) // Player is frozen for 3rd person camera 53 | #define FL_ATCONTROLS (1<<7) // Player can't move, but keeps key inputs for controlling another entity 54 | #define FL_CLIENT (1<<8) // Is a player 55 | #define FL_FAKECLIENT (1<<9) // Fake client, simulated server side; don't send network messages to them 56 | // NON-PLAYER SPECIFIC (i.e., not used by GameMovement or the client .dll ) -- Can still be applied to players, though 57 | #define FL_INWATER (1<<10) // In water 58 | 59 | // NOTE if you move things up, make sure to change this value 60 | #define PLAYER_FLAG_BITS 11 61 | 62 | #define FL_FLY (1<<11) // Changes the SV_Movestep() behavior to not need to be on ground 63 | #define FL_SWIM (1<<12) // Changes the SV_Movestep() behavior to not need to be on ground (but stay in water) 64 | #define FL_CONVEYOR (1<<13) 65 | #define FL_NPC (1<<14) 66 | #define FL_GODMODE (1<<15) 67 | #define FL_NOTARGET (1<<16) 68 | #define FL_AIMTARGET (1<<17) // set if the crosshair needs to aim onto the entity 69 | #define FL_PARTIALGROUND (1<<18) // not all corners are valid 70 | #define FL_STATICPROP (1<<19) // Eetsa static prop! 71 | #define FL_GRAPHED (1<<20) // worldgraph has this ent listed as something that blocks a connection 72 | #define FL_GRENADE (1<<21) 73 | #define FL_STEPMOVEMENT (1<<22) // Changes the SV_Movestep() behavior to not do any processing 74 | #define FL_DONTTOUCH (1<<23) // Doesn't generate touch functions, generates Untouch() for anything it was touching when this flag was set 75 | #define FL_BASEVELOCITY (1<<24) // Base velocity has been applied this frame (used to convert base velocity into momentum) 76 | #define FL_WORLDBRUSH (1<<25) // Not moveable/removeable brush entity (really part of the world, but represented as an entity for transparency or something) 77 | #define FL_OBJECT (1<<26) // Terrible name. This is an object that NPCs should see. Missiles, for example. 78 | #define FL_KILLME (1<<27) // This entity is marked for death -- will be freed by game DLL 79 | #define FL_ONFIRE (1<<28) // You know... 80 | #define FL_DISSOLVING (1<<29) // We're dissolving! 81 | #define FL_TRANSRAGDOLL (1<<30) // In the process of turning into a client side ragdoll. 82 | #define FL_UNBLOCKABLE_BY_PLAYER (1<<31) // pusher that can't be blocked by the player -------------------------------------------------------------------------------- /Libraries/common/bsp/BSPFile.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #pragma once 9 | #pragma warning(disable : 26495) 10 | #include "BSPStructure.hpp" 11 | #include 12 | #include 13 | 14 | namespace hazedumper 15 | { 16 | class BSPFile 17 | { 18 | public: 19 | BSPFile(void) = default; 20 | 21 | /** 22 | * @brief Optional constructor, parses the map. 23 | * 24 | * @param[in] bsp_directory The bsp directory 25 | * @param[in] bsp_file The bsp file 26 | */ 27 | BSPFile(const std::string& bsp_directory, const std::string& bsp_file); 28 | 29 | /** 30 | * @brief Parse a bsp file. 31 | * 32 | * @param[in] bsp_directory The bsp directory, last character must be '\' 33 | * @param[in] bsp_file The bsp file + extension(.bsp) 34 | * 35 | * @return True if the BSP version and the ident is valid plus if all 36 | * lumps got parsed, False otherwise or when an exception got 37 | * throwed. 38 | */ 39 | bool parse(const std::string& bsp_directory, const std::string& bsp_file); 40 | 41 | friend std::ostream& operator <<(std::ostream& os, const BSPFile& bsp_file) 42 | { 43 | os << "/// map: " << bsp_file.m_FileName << "\n" 44 | << "> BSP-Version: " << bsp_file.m_BSPHeader.m_Version << "\n" 45 | << "> Vertexes: " << bsp_file.m_Vertexes.size() << "\n" 46 | << "> Planes: " << bsp_file.m_Edges.size() << "\n" 47 | << "> Surfedges: " << bsp_file.m_Surfedges.size() << "\n" 48 | << "> Leaves: " << bsp_file.m_Leaves.size() << "\n" 49 | << "> Nodes: " << bsp_file.m_Nodes.size() << "\n" 50 | << "> Surfaces: " << bsp_file.m_Surfaces.size() << "\n" 51 | << "> Texinfos: " << bsp_file.m_Texinfos.size() << "\n" 52 | << "> Brushes: " << bsp_file.m_Brushes.size() << "\n" 53 | << "> Brushsides: " << bsp_file.m_Brushsides.size() << "\n" 54 | << "> Leaffaces: " << bsp_file.m_Leaffaces.size() << "\n" 55 | << "> Leafbrushes: " << bsp_file.m_Leafbrushes.size() << "\n" 56 | << "> Polygons: " << bsp_file.m_Polygons.size(); 57 | 58 | return os; 59 | } 60 | 61 | private: 62 | /** 63 | * @brief Parse map planes. 64 | * 65 | * @param bsp_binary The bsp binary 66 | * 67 | * @return False if an exception got throwed, True otherwise. 68 | */ 69 | bool parse_planes(std::ifstream& bsp_binary); 70 | 71 | /** 72 | * @brief Parse map nodes. 73 | * 74 | * @param bsp_binary The bsp binary 75 | * 76 | * @return False if an exception got throwed, True otherwise. 77 | */ 78 | bool parse_nodes(std::ifstream& bsp_binary); 79 | 80 | /** 81 | * @brief Parse map leaffaces. 82 | * 83 | * @param bsp_binary The bsp binary 84 | * 85 | * @return False if an exception got throwed, True otherwise. 86 | */ 87 | bool parse_leaffaces(std::ifstream& bsp_binary); 88 | 89 | /** 90 | * @brief Parse map leafbrushes. 91 | * 92 | * @param bsp_binary The bsp binary 93 | * 94 | * @return False if an exception got throwed, True otherwise. 95 | */ 96 | bool parse_leafbrushes(std::ifstream& bsp_binary); 97 | 98 | /** 99 | * @brief Parse map polygons. 100 | * 101 | * @return False if an exception got throwed, True otherwise. 102 | */ 103 | bool parse_polygons(void); 104 | 105 | /** 106 | * @brief Print function specific exception. 107 | * 108 | * @param[in] function_name The function name 109 | * @param[in] e The exception 110 | */ 111 | void print_exception(const std::string& function_name, const std::exception& e) const; 112 | 113 | /** 114 | * @brief Parse specific lump data from bsp binary. 115 | * 116 | * @param bsp_binary The bsp binary 117 | * @param[in] lump_index The lump index 118 | * @param buffer The buffer 119 | * 120 | * @tparam T The lump struct declaration 121 | */ 122 | template 123 | void parse_lump_data(std::ifstream& bsp_binary, const BSP::eLumpIndex lump_index, std::vector& buffer) const; 124 | 125 | public: 126 | std::string m_FileName; 127 | BSP::dheader_t m_BSPHeader; 128 | std::vector m_Vertexes; 129 | std::vector m_Planes; 130 | std::vector m_Edges; 131 | std::vector m_Surfedges; 132 | std::vector m_Leaves; 133 | std::vector m_Nodes; 134 | std::vector m_Surfaces; 135 | std::vector m_Texinfos; 136 | std::vector m_Brushes; 137 | std::vector m_Brushsides; 138 | std::vector m_Leaffaces; 139 | std::vector m_Leafbrushes; 140 | std::vector m_Polygons; 141 | }; 142 | 143 | template 144 | void BSPFile::parse_lump_data(std::ifstream& bsp_binary, const BSP::eLumpIndex lump_index, 145 | std::vector& buffer) const 146 | { 147 | auto& lump = m_BSPHeader.m_Lumps.at(static_cast(lump_index)); 148 | const auto lump_size = lump.m_Filelen / sizeof(T); 149 | if (!lump_size) 150 | { 151 | return; 152 | } 153 | 154 | buffer = std::vector(lump_size); 155 | 156 | bsp_binary.seekg(lump.m_Fileofs); 157 | bsp_binary.read(reinterpret_cast(buffer.data()), lump_size * sizeof(T)); 158 | } 159 | } 160 | -------------------------------------------------------------------------------- /LEGACY_GarhalController/BSPFile.hpp: -------------------------------------------------------------------------------- 1 | /** 2 | * @author ReactiioN 3 | * @date 08.03.2016 4 | * @visit https://github.com/ReactiioN1337 5 | * https://reactiion.pw 6 | * https://www.unknowncheats.me/forum/members/264622.html 7 | */ 8 | #pragma once 9 | #pragma warning(disable : 26495) 10 | #include "BSPStructure.hpp" 11 | #include 12 | #include 13 | 14 | namespace hazedumper { 15 | 16 | class BSPFile 17 | { 18 | public: 19 | BSPFile( void ) = default; 20 | 21 | /** 22 | * @brief Optional constructor, parses the map. 23 | * 24 | * @param[in] bsp_directory The bsp directory 25 | * @param[in] bsp_file The bsp file 26 | */ 27 | BSPFile( const std::string& bsp_directory, const std::string& bsp_file ); 28 | 29 | /** 30 | * @brief Parse a bsp file. 31 | * 32 | * @param[in] bsp_directory The bsp directory, last character must be '\' 33 | * @param[in] bsp_file The bsp file + extension(.bsp) 34 | * 35 | * @return True if the BSP version and the ident is valid plus if all 36 | * lumps got parsed, False otherwise or when an exception got 37 | * throwed. 38 | */ 39 | bool parse( const std::string& bsp_directory, const std::string& bsp_file ); 40 | 41 | friend std::ostream& operator <<( std::ostream& os, const BSPFile& bsp_file ) 42 | { 43 | os << "/// map: " << bsp_file.m_FileName << "\n" 44 | << "> BSP-Version: " << bsp_file.m_BSPHeader.m_Version << "\n" 45 | << "> Vertexes: " << bsp_file.m_Vertexes.size() << "\n" 46 | << "> Planes: " << bsp_file.m_Edges.size() << "\n" 47 | << "> Surfedges: " << bsp_file.m_Surfedges.size() << "\n" 48 | << "> Leaves: " << bsp_file.m_Leaves.size() << "\n" 49 | << "> Nodes: " << bsp_file.m_Nodes.size() << "\n" 50 | << "> Surfaces: " << bsp_file.m_Surfaces.size() << "\n" 51 | << "> Texinfos: " << bsp_file.m_Texinfos.size() << "\n" 52 | << "> Brushes: " << bsp_file.m_Brushes.size() << "\n" 53 | << "> Brushsides: " << bsp_file.m_Brushsides.size() << "\n" 54 | << "> Leaffaces: " << bsp_file.m_Leaffaces.size() << "\n" 55 | << "> Leafbrushes: " << bsp_file.m_Leafbrushes.size() << "\n" 56 | << "> Polygons: " << bsp_file.m_Polygons.size(); 57 | 58 | return os; 59 | } 60 | 61 | private: 62 | /** 63 | * @brief Parse map planes. 64 | * 65 | * @param bsp_binary The bsp binary 66 | * 67 | * @return False if an exception got throwed, True otherwise. 68 | */ 69 | bool parse_planes( std::ifstream& bsp_binary ); 70 | 71 | /** 72 | * @brief Parse map nodes. 73 | * 74 | * @param bsp_binary The bsp binary 75 | * 76 | * @return False if an exception got throwed, True otherwise. 77 | */ 78 | bool parse_nodes( std::ifstream& bsp_binary ); 79 | 80 | /** 81 | * @brief Parse map leaffaces. 82 | * 83 | * @param bsp_binary The bsp binary 84 | * 85 | * @return False if an exception got throwed, True otherwise. 86 | */ 87 | bool parse_leaffaces( std::ifstream& bsp_binary ); 88 | 89 | /** 90 | * @brief Parse map leafbrushes. 91 | * 92 | * @param bsp_binary The bsp binary 93 | * 94 | * @return False if an exception got throwed, True otherwise. 95 | */ 96 | bool parse_leafbrushes( std::ifstream& bsp_binary ); 97 | 98 | /** 99 | * @brief Parse map polygons. 100 | * 101 | * @return False if an exception got throwed, True otherwise. 102 | */ 103 | bool parse_polygons( void ); 104 | 105 | /** 106 | * @brief Print function specific exception. 107 | * 108 | * @param[in] function_name The function name 109 | * @param[in] e The exception 110 | */ 111 | void print_exception( const std::string& function_name, const std::exception& e ) const; 112 | 113 | /** 114 | * @brief Parse specific lump data from bsp binary. 115 | * 116 | * @param bsp_binary The bsp binary 117 | * @param[in] lump_index The lump index 118 | * @param buffer The buffer 119 | * 120 | * @tparam T The lump struct declaration 121 | */ 122 | template< typename T > 123 | void parse_lump_data( std::ifstream& bsp_binary, const BSP::eLumpIndex lump_index, std::vector< T >& buffer ) const; 124 | 125 | public: 126 | std::string m_FileName; 127 | BSP::dheader_t m_BSPHeader; 128 | std::vector< BSP::mvertex_t > m_Vertexes; 129 | std::vector< BSP::cplane_t > m_Planes; 130 | std::vector< BSP::dedge_t > m_Edges; 131 | std::vector< int32_t > m_Surfedges; 132 | std::vector< BSP::dleaf_t > m_Leaves; 133 | std::vector< BSP::snode_t > m_Nodes; 134 | std::vector< BSP::dface_t > m_Surfaces; 135 | std::vector< BSP::texinfo_t > m_Texinfos; 136 | std::vector< BSP::dbrush_t > m_Brushes; 137 | std::vector< BSP::dbrushside_t > m_Brushsides; 138 | std::vector< uint16_t > m_Leaffaces; 139 | std::vector< uint16_t > m_Leafbrushes; 140 | std::vector< BSP::Polygon > m_Polygons; 141 | }; 142 | 143 | template< typename T > 144 | void BSPFile::parse_lump_data( std::ifstream& bsp_binary, const BSP::eLumpIndex lump_index, std::vector< T >& buffer ) const 145 | { 146 | auto& lump = m_BSPHeader.m_Lumps.at( static_cast< size_t >( lump_index ) ); 147 | const auto lump_size = lump.m_Filelen / sizeof T; 148 | if( !lump_size ) { 149 | return; 150 | } 151 | 152 | buffer = std::vector< T >( lump_size ); 153 | 154 | bsp_binary.seekg( lump.m_Fileofs ); 155 | bsp_binary.read( reinterpret_cast< char* >( buffer.data() ), lump_size * sizeof T ); 156 | } 157 | } 158 | -------------------------------------------------------------------------------- /Garhal/garhal.c: -------------------------------------------------------------------------------- 1 | #pragma warning( disable : 4100 4047 4024 4022 4201 4311 4057 4213 4189 4081 4189 4706 4214 4459 4273 4127 26451 4133 4244) 2 | 3 | #include "garhal.h" 4 | #include "data.h" 5 | #include "messages.h" 6 | #include "communication.h" 7 | #include "events.h" 8 | #include "ntos.h" 9 | #include "gstructs.h" 10 | 11 | NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject) 12 | { 13 | DebugMessageNormal("======================================\n"); 14 | DebugMessageNormal("Garhal CSGO External hack By DreTaX\n"); 15 | DebugMessageNormal("Shutting down...\n"); 16 | 17 | if (!IsManualMapped) 18 | { 19 | PsRemoveLoadImageNotifyRoutine(ImageLoadCallback); 20 | } 21 | 22 | IoDeleteSymbolicLink(&dos); 23 | IoDeleteDevice(pDriverObject->DeviceObject); 24 | 25 | // Delete the processnotify routine 26 | PsSetCreateProcessNotifyRoutineEx(ProcessNotifyCallbackEx, TRUE); 27 | 28 | vector_free(&CSRSSList); 29 | 30 | if (OBRegisterHandle) 31 | { 32 | ObUnRegisterCallbacks(OBRegisterHandle); 33 | OBRegisterHandle = NULL; 34 | } 35 | 36 | DebugMessageNormal("Shutdown Complete!\n"); 37 | 38 | return STATUS_SUCCESS; 39 | } 40 | 41 | // Driver Entrypoint 42 | NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) 43 | { 44 | DebugMessageNormal("======================================\n"); 45 | DebugMessageNormal("Garhal CSGO External hack By DreTaX\n"); 46 | DebugMessageNormal("Starting...\n"); 47 | 48 | if (!IsManualMapped) 49 | { 50 | PsSetLoadImageNotifyRoutine(ImageLoadCallback); 51 | } 52 | 53 | RtlInitUnicodeString(&dev, L"\\Device\\garhalop"); 54 | RtlInitUnicodeString(&dos, L"\\DosDevices\\garhalop"); 55 | 56 | IoCreateDevice(pDriverObject, 0, &dev, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &pDeviceObject); 57 | IoCreateSymbolicLink(&dos, &dev); 58 | 59 | pDriverObject->MajorFunction[IRP_MJ_CREATE] = CreateCall; 60 | pDriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseCall; 61 | pDriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = IoControl; 62 | pDriverObject->DriverUnload = UnloadDriver; 63 | 64 | pDeviceObject->Flags |= DO_DIRECT_IO; 65 | pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING; 66 | 67 | NTSTATUS reg = RegisterOBCallback(); 68 | if (reg == STATUS_SUCCESS) 69 | { 70 | DebugMessageNormal("ObRegisterCallbacks Succeeded.\n"); 71 | } 72 | else 73 | { 74 | DebugMessageNormal("ObRegisterCallbacks Failed!\n"); 75 | } 76 | 77 | // Set up the CreateProcess routine. 78 | PsSetCreateProcessNotifyRoutineEx(ProcessNotifyCallbackEx, FALSE); 79 | 80 | // Change in data.h to enable. 81 | if (EnableProcessHiding == 1) 82 | { 83 | DebugMessageNormal("Process hiding feature is enabled.\n"); 84 | DebugMessageNormal("You may get BSOD if you have the Windows PatchGuard running. (Very frequently.)\n"); 85 | } 86 | else 87 | { 88 | DebugMessageNormal("Process hiding feature is disabled.\n"); 89 | } 90 | 91 | // Change in data.h to enable. 92 | if (EnableDriverHiding == 1) 93 | { 94 | PLDR_DATA_TABLE_ENTRY CurDriverEntry = (PLDR_DATA_TABLE_ENTRY)pDriverObject->DriverSection; 95 | PLDR_DATA_TABLE_ENTRY NextDriverEntry = (PLDR_DATA_TABLE_ENTRY)CurDriverEntry->InLoadOrderLinks.Flink; 96 | PLDR_DATA_TABLE_ENTRY PrevDriverEntry = (PLDR_DATA_TABLE_ENTRY)CurDriverEntry->InLoadOrderLinks.Blink; 97 | 98 | PrevDriverEntry->InLoadOrderLinks.Flink = CurDriverEntry->InLoadOrderLinks.Flink; 99 | NextDriverEntry->InLoadOrderLinks.Blink = CurDriverEntry->InLoadOrderLinks.Blink; 100 | 101 | CurDriverEntry->InLoadOrderLinks.Flink = (PLIST_ENTRY)CurDriverEntry; 102 | CurDriverEntry->InLoadOrderLinks.Blink = (PLIST_ENTRY)CurDriverEntry; 103 | 104 | DebugMessageNormal("Driver hiding feature is enabled.\n"); 105 | DebugMessageNormal("You may get BSOD if you have the Windows PatchGuard running. (10-30mins)\n"); 106 | } 107 | else 108 | { 109 | DebugMessageNormal("Driver hiding feature is disabled.\n"); 110 | } 111 | 112 | DebugMessageNormal("Successfully started!\n"); 113 | 114 | return STATUS_SUCCESS; 115 | } 116 | 117 | // Rename the current entry point to DriverInitialize to use this, and remove the unload call registration. 118 | /*NTSTATUS DriverEntry( 119 | _In_ struct _DRIVER_OBJECT* DriverObject, 120 | _In_ PUNICODE_STRING RegistryPath 121 | ) 122 | { 123 | // These parameters are invalid due to nonstandard way of loading and should not be used. 124 | UNREFERENCED_PARAMETER(DriverObject); 125 | UNREFERENCED_PARAMETER(RegistryPath); 126 | 127 | IsManualMapped = TRUE; 128 | 129 | DebugMessageNormal("Garhal is swimming as a manual mapped driver, system range start is %p, code mapped at %p\n", MmSystemRangeStart, DriverEntry); 130 | 131 | 132 | // This isn't a standard way against better anticheats such as BE, and EAC. 133 | // Could give you a good example though. 134 | UNICODE_STRING drvName; 135 | NTSTATUS status; 136 | 137 | RtlInitUnicodeString(&drvName, L"\\Driver\\Garhal"); 138 | status = IoCreateDriver(&drvName, &DriverInitialize); 139 | 140 | if (NT_SUCCESS(status)) 141 | { 142 | DebugMessageNormal("Created driver.\n"); 143 | } 144 | 145 | return status; 146 | }*/ 147 | 148 | 149 | NTSTATUS RegisterOBCallback() 150 | { 151 | OB_OPERATION_REGISTRATION OBOperationRegistration; 152 | OB_CALLBACK_REGISTRATION OBOCallbackRegistration; 153 | REG_CONTEXT regContext; 154 | UNICODE_STRING usAltitude; 155 | memset(&OBOperationRegistration, 0, sizeof(OB_OPERATION_REGISTRATION)); 156 | memset(&OBOCallbackRegistration, 0, sizeof(OB_CALLBACK_REGISTRATION)); 157 | memset(®Context, 0, sizeof(REG_CONTEXT)); 158 | regContext.ulIndex = 1; 159 | regContext.Version = 120; 160 | RtlInitUnicodeString(&usAltitude, L"666"); 161 | 162 | NTSTATUS Status = STATUS_UNSUCCESSFUL; 163 | 164 | if ((USHORT)ObGetFilterVersion() == OB_FLT_REGISTRATION_VERSION) 165 | { 166 | OBOperationRegistration.ObjectType = PsProcessType; // Use To Strip Handle Permissions For Threads PsThreadType 167 | OBOperationRegistration.Operations = OB_OPERATION_HANDLE_CREATE | OB_OPERATION_HANDLE_DUPLICATE; 168 | OBOperationRegistration.PostOperation = NULL; 169 | OBOperationRegistration.PreOperation = OBRegisterCallback; 170 | 171 | OBOCallbackRegistration.Altitude = usAltitude; 172 | OBOCallbackRegistration.OperationRegistration = &OBOperationRegistration; 173 | OBOCallbackRegistration.RegistrationContext = ®Context; 174 | OBOCallbackRegistration.Version = OB_FLT_REGISTRATION_VERSION; 175 | OBOCallbackRegistration.OperationRegistrationCount = (USHORT)1; 176 | 177 | Status = ObRegisterCallbacks(&OBOCallbackRegistration, &OBRegisterHandle); // Register The CallBack 178 | } 179 | 180 | return Status; 181 | } -------------------------------------------------------------------------------- /Garhal/Garhal.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {D1C93D8F-7063-41DC-AA36-F1B91FA96C56} 23 | {1bc93793-694f-48fe-9372-81e2b05556fd} 24 | v4.5 25 | 12.0 26 | Debug 27 | Win32 28 | Garhal 29 | 30 | 31 | 32 | Windows10 33 | true 34 | WindowsKernelModeDriver10.0 35 | Driver 36 | KMDF 37 | Universal 38 | 39 | 40 | Windows10 41 | false 42 | WindowsKernelModeDriver10.0 43 | Driver 44 | KMDF 45 | Universal 46 | 47 | 48 | Windows10 49 | true 50 | WindowsKernelModeDriver10.0 51 | Driver 52 | KMDF 53 | Universal 54 | 55 | 56 | Windows10 57 | false 58 | WindowsKernelModeDriver10.0 59 | Driver 60 | KMDF 61 | Universal 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | DbgengKernelDebugger 73 | true 74 | 75 | 76 | DbgengKernelDebugger 77 | true 78 | 79 | 80 | DbgengKernelDebugger 81 | true 82 | 83 | 84 | DbgengKernelDebugger 85 | true 86 | 87 | 88 | 89 | /INTEGRITYCHECK %(AdditionalOptions) 90 | 91 | 92 | sha256 93 | 94 | 95 | false 96 | true 97 | 98 | 99 | 100 | 101 | /integritycheck %(AdditionalOptions) 102 | 103 | 104 | false 105 | true 106 | 107 | 108 | sha256 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | README.md 140 | 141 | 142 | 143 | 144 | 145 | -------------------------------------------------------------------------------- /GarhalController/GarhalController.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {f752107a-2764-49b0-93eb-bfb5ca68dc23} 18 | 19 | 20 | {72bcf62a-d85f-49f4-a1ea-af2cb4d4334b} 21 | 22 | 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | Source Files 41 | 42 | 43 | Source Files 44 | 45 | 46 | Source Files 47 | 48 | 49 | Source Files 50 | 51 | 52 | 53 | Resource Files\imgui 54 | 55 | 56 | Resource Files\imgui 57 | 58 | 59 | Resource Files\imgui 60 | 61 | 62 | Resource Files\imgui 63 | 64 | 65 | Resource Files\imgui 66 | 67 | 68 | Resource Files\imgui 69 | 70 | 71 | Resource Files\imgui 72 | 73 | 74 | Resource Files 75 | 76 | 77 | 78 | 79 | Header Files 80 | 81 | 82 | Header Files 83 | 84 | 85 | Header Files 86 | 87 | 88 | Header Files 89 | 90 | 91 | Header Files 92 | 93 | 94 | Header Files 95 | 96 | 97 | Header Files 98 | 99 | 100 | Header Files 101 | 102 | 103 | Header Files 104 | 105 | 106 | Header Files 107 | 108 | 109 | Header Files 110 | 111 | 112 | Header Files 113 | 114 | 115 | Header Files 116 | 117 | 118 | Header Files 119 | 120 | 121 | Header Files 122 | 123 | 124 | Header Files 125 | 126 | 127 | Header Files 128 | 129 | 130 | Header Files 131 | 132 | 133 | Header Files 134 | 135 | 136 | Header Files 137 | 138 | 139 | Header Files 140 | 141 | 142 | Header Files 143 | 144 | 145 | Header Files 146 | 147 | 148 | Header Files 149 | 150 | 151 | Header Files 152 | 153 | 154 | Header Files 155 | 156 | 157 | Header Files 158 | 159 | 160 | Header Files 161 | 162 | 163 | Header Files 164 | 165 | 166 | Header Files 167 | 168 | 169 | Resource Files 170 | 171 | 172 | -------------------------------------------------------------------------------- /Garhal/events.c: -------------------------------------------------------------------------------- 1 | #pragma warning( disable : 4100 4047 4024 4022 4201 4311 4057 4213 4189 4081 4189 4706 4214 4459 4273 4242 4244 4127) 2 | 3 | #include "data.h" 4 | #include "messages.h" 5 | #include "events.h" 6 | #include "hide.h" 7 | #include "memory.h" 8 | 9 | // Find our required PE image. 10 | PLOAD_IMAGE_NOTIFY_ROUTINE ImageLoadCallback(PUNICODE_STRING FullImageName, HANDLE ProcessId, PIMAGE_INFO ImageInfo) 11 | { 12 | //DebugMessageNormal("We received a load from: %ls \n", FullImageName->Buffer); 13 | 14 | // Compare our string to input 15 | if (wcsstr(FullImageName->Buffer, L"\\csgo\\bin\\client.dll")) 16 | { 17 | DebugMessageNormal("CSGO client.dll found!\n"); 18 | DebugMessageNormal("Loaded Name: %ls \n", FullImageName->Buffer); 19 | DebugMessageNormal("Loaded To Process: %d \n", (ULONG) ProcessId); 20 | 21 | ClientAddress = (ULONG) ImageInfo->ImageBase; 22 | ClientSize = (ULONG) ImageInfo->ImageSize; 23 | CsgoID = (ULONG) ProcessId; 24 | 25 | // Free, and re-init the vector every time CSGO loads up. 26 | vector_free(&CSRSSList); 27 | vector_init(&CSRSSList); 28 | 29 | FindProcessByName("csrss.exe", &CSRSSList); 30 | 31 | DebugMessageNormal("csrss.exe Count: %d\r\n", vector_total(&CSRSSList)); 32 | } 33 | else if (wcsstr(FullImageName->Buffer, L"\\Counter-Strike Global Offensive\\bin\\engine.dll")) 34 | { 35 | DebugMessageNormal("CSGO Engine.dll found!\n"); 36 | 37 | EngineAddress = (ULONG) ImageInfo->ImageBase; 38 | EngineSize = (ULONG) ImageInfo->ImageSize; 39 | } 40 | 41 | return STATUS_SUCCESS; 42 | } 43 | 44 | PCREATE_PROCESS_NOTIFY_ROUTINE_EX ProcessNotifyCallbackEx(HANDLE parentId, HANDLE processId, PPS_CREATE_NOTIFY_INFO notifyInfo) 45 | { 46 | // NotifyInfo is filled when a process is created. Otherwise terminated. 47 | if (notifyInfo) 48 | { 49 | //DebugMessageNormal("PID = %d\r\n", processId); 50 | //DebugMessageNormal("Process Full Path: %ls \n", notifyInfo->ImageFileName->Buffer); 51 | if (wcsstr(notifyInfo->ImageFileName->Buffer, L"\\GarhalController.exe")) 52 | { 53 | DebugMessageNormal("Bomb has been planted!\n"); 54 | ControllerID = (ULONG) processId; 55 | DebugMessageNormal("Controller ProcessID: %d\r\n", ControllerID); 56 | 57 | if (EnableProcessHiding == 1) 58 | { 59 | UINT32 intmadafaka = (UINT32) processId; 60 | 61 | DebugMessageNormal("Hidden APP = %d\r\n", intmadafaka); 62 | HideProcess(intmadafaka); 63 | } 64 | } 65 | else if (wcsstr(notifyInfo->ImageFileName->Buffer, L"\\GarhalRankDisplayer.exe")) 66 | { 67 | RankReaderID = (ULONG) processId; 68 | DebugMessageNormal("RankReaderID ProcessID: %d\r\n", RankReaderID); 69 | 70 | if (EnableProcessHiding == 1) 71 | { 72 | UINT32 intmadafaka = (UINT32) processId; 73 | 74 | DebugMessageNormal("Hidden APP = %d\r\n", intmadafaka); 75 | HideProcess(intmadafaka); 76 | } 77 | } 78 | } 79 | else 80 | { 81 | ULONG ProcID = (ULONG) processId; 82 | if (ControllerID == ProcID) 83 | { 84 | DebugMessageNormal("Controller Shutdown detected, disabling protection. %d\r\n", ControllerID); 85 | ControllerID = 0; 86 | ProtectController = 0; 87 | } 88 | else if (RankReaderID == ProcID) 89 | { 90 | DebugMessageNormal("RankReader Shutdown detected, disabling protection. %d\r\n", RankReaderID); 91 | RankReaderID = 0; 92 | ProtectRankReader = 0; 93 | } 94 | else if (CsgoID == ProcID) 95 | { 96 | DebugMessageNormal("CSGO Shutdown detected, zeroing addresses. %d\r\n", CsgoID); 97 | CsgoID = 0; 98 | ClientAddress = 0; 99 | EngineAddress = 0; 100 | ClientSize = 0; 101 | EngineSize = 0; 102 | } 103 | } 104 | 105 | return STATUS_SUCCESS; 106 | } 107 | 108 | // TBT 2014 https://www.unknowncheats.me/wiki/Valve_Anti-Cheat:VAC_external_tool_detection_(and_more) 109 | // Since a recent silent update Valve is being retarded about open handles(which are caused by OpenProcess). 110 | // You can avoid this by restricting access to your external hack and csgo by using ObRegisterCallbacks 111 | // You should go with ObRegisterCallbacks and permit query on csgo(0x0400 PROCESS QUERY INFORMATION) / protect your external hack from all access. 112 | // Even Mambda mentioned the same in 2016 on guidedhacking, and a 2013 reversal validates it: 113 | // Opens a process to every handle running with query_information and vm_read , tries to get their name and do some more things that i can't see yet. 114 | // Course of action here for my external : 115 | // Strip handles of those values^, i don't really care about anything else. They can't get my name if they dont have the privileges to.Also they couldn't find it on file if they tried. 116 | OB_PREOP_CALLBACK_STATUS OBRegisterCallback(PVOID RegistrationContext, POB_PRE_OPERATION_INFORMATION OperationInformation) 117 | { 118 | // Our controller or CSGO is not running yet. 119 | if (ControllerID == 0 || CsgoID == 0) 120 | { 121 | return OB_PREOP_SUCCESS; 122 | } 123 | 124 | PEPROCESS OpenedProcess = (PEPROCESS)OperationInformation->Object; 125 | ULONG OpenedProcessID = (ULONG)PsGetProcessId(OpenedProcess); 126 | PEPROCESS CurrentProcess = PsGetCurrentProcess(); 127 | 128 | // Allow any driver to get the handle. 129 | if (OperationInformation->KernelHandle == 1 || OpenedProcess == CurrentProcess) 130 | { 131 | return OB_PREOP_SUCCESS; 132 | } 133 | 134 | // Make sure not to strip csrss's Handle, will cause BSOD 135 | for (int i = 0; i < vector_total(&CSRSSList); i++) 136 | { 137 | PEPROCESS CSRSS = (PEPROCESS)vector_get(&CSRSSList, i); 138 | ULONG procid = (ULONG)PsGetProcessId(CSRSS); 139 | if (procid == OpenedProcessID) 140 | { 141 | return OB_PREOP_SUCCESS; 142 | } 143 | } 144 | 145 | // Ensure we don't fuck with CSGO. 146 | if (CsgoID == OpenedProcessID) 147 | { 148 | return OB_PREOP_SUCCESS; 149 | } 150 | 151 | // If VAC is trying get information say fuck you. (Change the access completely) 152 | // https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights 153 | if (OpenedProcessID == ControllerID && ProtectController == 1) 154 | { 155 | if (OperationInformation->Operation == OB_OPERATION_HANDLE_CREATE) 156 | { 157 | OperationInformation->Parameters->CreateHandleInformation.DesiredAccess = (SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION); 158 | DebugMessageNormal("OB_OPERATION_HANDLE_CREATE for Controller denied.\n"); 159 | } 160 | else 161 | { 162 | OperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess = (SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION); 163 | DebugMessageNormal("OB_OPERATION_HANDLE_CREATE Duplicate for Controller denied.\n"); 164 | } 165 | } 166 | else if (OpenedProcessID == RankReaderID && ProtectRankReader == 1) 167 | { 168 | if (OperationInformation->Operation == OB_OPERATION_HANDLE_CREATE) 169 | { 170 | OperationInformation->Parameters->CreateHandleInformation.DesiredAccess = (SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION); 171 | DebugMessageNormal("OB_OPERATION_HANDLE_CREATE for RankReader denied.\n"); 172 | } 173 | else 174 | { 175 | OperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess = (SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION); 176 | DebugMessageNormal("OB_OPERATION_HANDLE_CREATE Duplicate for RankReader denied.\n"); 177 | } 178 | } 179 | 180 | return OB_PREOP_SUCCESS; 181 | } -------------------------------------------------------------------------------- /LEGACY_GarhalController/Entity.cpp: -------------------------------------------------------------------------------- 1 | #pragma warning (disable : 26451) 2 | 3 | #include "Entity.hpp" 4 | 5 | #include 6 | #include 7 | #include "offsets.hpp" 8 | #include "sdk.hpp" 9 | 10 | // hazedumper namespace 11 | using namespace hazedumper::netvars; 12 | using namespace hazedumper::signatures; 13 | 14 | 15 | class BoneMatrix 16 | { 17 | public: 18 | byte pad3[12]; 19 | float x; 20 | byte pad1[12]; 21 | float y; 22 | byte pad2[12]; 23 | float z; 24 | }; 25 | 26 | bool Entity::IsDormant() 27 | { 28 | bool isDormant = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_bDormant, sizeof(uint8_t)); 29 | return isDormant; 30 | } 31 | 32 | bool Entity::IsDefusing() 33 | { 34 | bool Defusing = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_bIsDefusing, sizeof(uint8_t)); 35 | return Defusing; 36 | } 37 | 38 | void Entity::SetFlashAlpha(float num) 39 | { 40 | // No Flash if set to 0 41 | Driver.WriteVirtualMemory(ProcessId, EntityAddress + m_flFlashMaxAlpha, num, 8); 42 | } 43 | 44 | uint8_t Entity::getTeam() 45 | { 46 | uint8_t OurTeam = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_iTeamNum, sizeof(uint8_t)); 47 | return OurTeam; 48 | } 49 | 50 | bool Entity::isInAir() 51 | { 52 | uint32_t flags = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_fFlags, sizeof(uint32_t)); 53 | return flags == 256 || flags == 258 || flags == 260 || flags == 262; 54 | } 55 | 56 | bool Entity::IsCrouching() 57 | { 58 | uint32_t flags = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_fFlags, sizeof(uint32_t)); 59 | return flags & FL_DUCKING; 60 | } 61 | 62 | uint8_t Entity::getHealth() 63 | { 64 | uint8_t health = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_iHealth, sizeof(uint8_t)); 65 | return health; 66 | } 67 | 68 | 69 | void Entity::SetForceJump(uint8_t value) 70 | { 71 | Driver.WriteVirtualMemory(ProcessId, ClientAddress + dwForceJump, value, sizeof(value)); 72 | } 73 | 74 | bool Entity::isValidPlayer() 75 | { 76 | int health = getHealth(); 77 | bool isDormant = IsDormant(); 78 | 79 | return health > 0 && health <= 100 && !isDormant; 80 | } 81 | 82 | Vector3 Entity::getAbsolutePosition() 83 | { 84 | Vector3 position = getFeetPosition(); 85 | //position(2) += Driver.ReadVirtualMemory(ProcessId, EntityAddress + 0x10c, sizeof(float)); 86 | return position; 87 | } 88 | 89 | Vector3 Entity::getFeetPosition() 90 | { 91 | Vector3 position = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_vecOrigin, sizeof(Vector3)); 92 | return position; 93 | } 94 | 95 | Vector3 Entity::getAimPunch() 96 | { 97 | Vector3 aimPunch = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_aimPunchAngle, sizeof(Vector3)); 98 | return aimPunch; 99 | } 100 | 101 | Vector3 Entity::getVelocity() 102 | { 103 | Vector3 vel = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_vecVelocity, sizeof(Vector3)); 104 | return vel; 105 | } 106 | 107 | /*Vector3 Entity::getBonePosition(uint32_t boneId) 108 | { 109 | int boneBase = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_dwBoneMatrix, sizeof(int)); 110 | 111 | Vector3 bonePosition; 112 | bonePosition(0) = Driver.ReadVirtualMemory(ProcessId, boneBase + 0x30 * boneId + 0x0C, sizeof(float)); 113 | bonePosition(1) = Driver.ReadVirtualMemory(ProcessId, boneBase + 0x30 * boneId + 0x1C, sizeof(float)); 114 | bonePosition(2) = Driver.ReadVirtualMemory(ProcessId, boneBase + 0x30 * boneId + 0x2C, sizeof(float)); 115 | 116 | return bonePosition; 117 | }*/ 118 | 119 | Vector3 Entity::GetBonePosition(uint32_t targetBone) 120 | { 121 | DWORD boneMatrixOffset = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_dwBoneMatrix, sizeof(DWORD)); 122 | BoneMatrix baoneMatrix = Driver.ReadVirtualMemory(ProcessId, boneMatrixOffset + sizeof(BoneMatrix) * targetBone, sizeof(BoneMatrix)); 123 | return Vector3(baoneMatrix.x, baoneMatrix.y, baoneMatrix.z); 124 | } 125 | 126 | Vector3 Entity::getHeadPosition() 127 | { 128 | Vector3 Origin = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_vecOrigin, sizeof(Vector3)); 129 | Vector3 ViewOffset = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_vecViewOffset, sizeof(Vector3)); 130 | Vector3 LocalEyeOrigin = Origin + ViewOffset; 131 | if (this->IsCrouching()) 132 | { 133 | LocalEyeOrigin(1) = LocalEyeOrigin(1) - 1.5f; 134 | } 135 | 136 | return LocalEyeOrigin; 137 | } 138 | 139 | uint16_t Entity::getCrosshairId() 140 | { 141 | return Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_iCrosshairId, sizeof(uint16_t)); 142 | } 143 | 144 | uint8_t Entity::getForceAttack() 145 | { 146 | return Driver.ReadVirtualMemory(ProcessId, EntityAddress + dwForceAttack, sizeof(uint8_t)); 147 | } 148 | 149 | void Entity::setForceAttack(uint8_t value) 150 | { 151 | Driver.WriteVirtualMemory(ProcessId, EntityAddress + dwForceAttack, value, sizeof(value)); 152 | } 153 | 154 | void Entity::setForceAttack2(uint8_t value) 155 | { 156 | Driver.WriteVirtualMemory(ProcessId, EntityAddress + dwForceAttack2, value, sizeof(value)); 157 | } 158 | 159 | void Entity::shoot() 160 | { 161 | if (TriggerBot && TriggerBotDelay) 162 | { 163 | srand(time(NULL)); 164 | uint16_t rnd = rand() % (TriggerBotDelayMax - TriggerBotDelayMin + 1) + TriggerBotDelayMin; 165 | Sleep(rnd); 166 | } 167 | 168 | mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0); 169 | Sleep(1); 170 | mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0); 171 | /*uint8_t forceAttack = getForceAttack(); 172 | if (forceAttack == 4) 173 | { 174 | setForceAttack(5); 175 | } 176 | else 177 | { 178 | setForceAttack(4); 179 | }*/ 180 | } 181 | 182 | uint16_t Entity::getShotsFired() 183 | { 184 | return Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_iShotsFired, sizeof(uint16_t)); 185 | } 186 | 187 | uint32_t Entity::GetEntityAddress() 188 | { 189 | return EntityAddress; 190 | } 191 | 192 | uint32_t Entity::GetGlowIndex() 193 | { 194 | uint32_t GlowIndex = Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_iGlowIndex, sizeof(uint32_t)); 195 | return GlowIndex; 196 | } 197 | 198 | DWORD Entity::GetWeaponHandle() 199 | { 200 | return Driver.ReadVirtualMemory(ProcessId, EntityAddress + m_hActiveWeapon, sizeof(DWORD)); 201 | } 202 | 203 | uint16_t Entity::GetWeaponIndex() 204 | { 205 | return GetWeaponHandle() & 0xFFF; 206 | } 207 | 208 | DWORD Entity::GetCurrentWeapon() 209 | { 210 | return Driver.ReadVirtualMemory(ProcessId, ClientAddress + dwEntityList + (GetWeaponIndex() - 1) * 0x10, sizeof(DWORD)); 211 | } 212 | 213 | uint16_t Entity::GetCurrentWeaponID() 214 | { 215 | return Driver.ReadVirtualMemory(ProcessId, GetCurrentWeapon() + m_iItemDefinitionIndex, sizeof(uint16_t)); 216 | } 217 | 218 | void Entity::SetCorrectGlowStruct(uint8_t OurTeam, uint32_t GlowObject) 219 | { 220 | int ReadTeam = this->getTeam(); 221 | bool Defusing = this->IsDefusing(); 222 | 223 | GlowStruct EGlow; 224 | EGlow = Driver.ReadVirtualMemory(ProcessId, GlowObject + (this->GetGlowIndex() * 0x38) + 0x4, sizeof(GlowStruct)); 225 | EGlow.alpha = 0.5f; 226 | EGlow.renderWhenOccluded = true; 227 | EGlow.renderWhenUnOccluded = false; 228 | 229 | if (OurTeam != ReadTeam) 230 | { 231 | EGlow.red = 255.0f; 232 | EGlow.green = 0.0f; 233 | EGlow.blue = 0.0f; 234 | 235 | if (Defusing) 236 | { 237 | EGlow.green = 60.0f; 238 | } 239 | } 240 | else 241 | { 242 | EGlow.red = 0.0f; 243 | EGlow.green = 0.0f; 244 | EGlow.blue = 255.0f; 245 | 246 | if (Defusing) 247 | { 248 | EGlow.green = 60.0f; 249 | } 250 | } 251 | 252 | Driver.WriteVirtualMemory(ProcessId, GlowObject + (this->GetGlowIndex() * 0x38) + 0x4, EGlow, sizeof(EGlow)); 253 | } 254 | 255 | 256 | Entity::Entity(uint32_t EntityAddress) 257 | { 258 | this->EntityAddress = EntityAddress; 259 | } 260 | 261 | Entity::Entity() 262 | { 263 | } 264 | 265 | Entity::~Entity() 266 | { 267 | 268 | } -------------------------------------------------------------------------------- /GarhalController/csgo_menu.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "csgo_settings.hpp" 3 | #include "imgui_extensions.h" 4 | #include "overlay.h" 5 | 6 | class CSGORender : public OverlayRender 7 | { 8 | 9 | void render_aimbot_settings() 10 | { 11 | static ImGuiTextFilter filter; 12 | ImGui::CheckboxNew("Enable TriggerBot", &csgo_settings::TriggerBot); 13 | 14 | // TODO: Custom hotkeys are relatively easy to implement. 15 | // Do them yourself, maybe I'll introduce a solution to the project later. 16 | ImGui::ListBox("Aimbot State", &csgo_settings::AimbotState, csgo_settings::aimbotOptions); 17 | if (csgo_settings::AimbotState > 0) 18 | { 19 | ImGui::SameLine(); 20 | ImGui::ListBox("AimbotTarget", &csgo_settings::AimbotTarget, csgo_settings::aimbotTargets); 21 | ImGui::SliderIntNew("AimbotBullets", &csgo_settings::AimbotBullets, 0, 100); 22 | } 23 | 24 | if (csgo_settings::TriggerBot) 25 | { 26 | ImGui::CheckboxNew("Enable TriggerBotDelay", &csgo_settings::TriggerBotDelay); 27 | ImGui::SliderIntNew("TriggerBot MinDelay", &csgo_settings::TriggerBotDelayMin, 0, 100); 28 | ImGui::SliderIntNew("TriggerBot MaxDelay", &csgo_settings::TriggerBotDelayMax, 0, 100); 29 | 30 | 31 | filter.Draw(); 32 | if (ImGui::BeginCombo("Allowed WeaponIds", "")) 33 | { 34 | int i = 0; 35 | for (auto iter = csgo_settings::weaponIds.begin(); iter != csgo_settings::weaponIds.end(); ++iter) 36 | { 37 | if (!filter.PassFilter(iter->first.c_str())) continue; 38 | ImGui::Selectable(iter->first.c_str(), &csgo_settings::selectedWeaponIds[i], 39 | ImGuiSelectableFlags_::ImGuiSelectableFlags_DontClosePopups, ImVec2(0, 0)); 40 | i++; 41 | } 42 | 43 | ImGui::EndCombo(); 44 | } 45 | } 46 | } 47 | 48 | void render_visuals_settings() 49 | { 50 | ImGui::CheckboxNew("Use vSync", &csgo_settings::useVsync); 51 | ImGui::Separator(); 52 | ImGui::CheckboxNew("Enable Wallhack", &csgo_settings::Wallhack); 53 | ImGui::CheckboxNew("Enable Radar (Flagged)", &csgo_settings::Radar); 54 | ImGui::CheckboxNew("Enable NoFlash (Flagged)", &csgo_settings::NoFlash); 55 | ImGui::CheckboxNew("Enable Bhop (Flagged)", &csgo_settings::Bhop); 56 | 57 | } 58 | 59 | void render_settings() 60 | { 61 | ImGui::PushFont(mapFont[18]); 62 | ImGui::Text("Blah blah whatever info we want here"); 63 | 64 | ImGuiStyle* style = &ImGui::GetStyle(); 65 | ImGui::Separator(); 66 | 67 | if (ImGui::Button("Save Settings", ImVec2(ImGui::GetContentRegionAvail().x * 0.5f - style->WindowPadding.x * 0.5f, 0))) 68 | { 69 | csgo_settings::WriteConfig("settings.json"); 70 | } 71 | ImGui::SameLine(); 72 | if (ImGui::Button("Load Settings", ImVec2(ImGui::GetContentRegionAvail().x, 0))) 73 | { 74 | csgo_settings::ReadConfig("settings.json"); 75 | } 76 | ImGui::PopFont(); 77 | } 78 | 79 | BOOL useVSync() override 80 | { 81 | return csgo_settings::useVsync; 82 | } 83 | 84 | public: 85 | 86 | CSGORender() 87 | { 88 | // Read config values. 89 | csgo_settings::ReadConfig("settings.json"); 90 | } 91 | 92 | void display() override 93 | { 94 | if (ImGui::IsCustomKeyPressed(VK_HOME, false)) 95 | { 96 | csgo_settings::showMenu = !csgo_settings::showMenu; 97 | } 98 | 99 | if (!csgo_settings::showMenu) 100 | { 101 | return; 102 | } 103 | 104 | 105 | ImGui::SetMenuLocation(ImVec2(xScreen, yScreen)); 106 | ImGui::Begin("All Settings", &csgo_settings::showMenu, ImGuiWindowFlags_NoTitleBar | ImGuiWindowFlags_AlwaysAutoResize | ImGuiWindowFlags_NoClipping); 107 | { 108 | ImGuiWindow* window = ImGui::GetCurrentWindow(); 109 | ImDrawList* draw = window->DrawList; 110 | ImGuiStyle* style = &ImGui::GetStyle(); 111 | 112 | ImVec2 window_position = ImGui::GetWindowPos(); 113 | ImRect window_background(window_position, window_position + window->SizeFull); //Calculate axes of main window (for getting correct pos in future) 114 | 115 | ImRect top_panel(ImFloor(ImVec2(window_position.x, window_position.y)), ImFloor(ImVec2(window_position.x + window->SizeFull.x, window_position.y + window->SizeFull.y * 1/16))); 116 | ImRect logo_panel(top_panel.Min, ImVec2(top_panel.Min.x + top_panel.GetHeight(), top_panel.Max.y)); 117 | 118 | enum Tabs_ 119 | { 120 | Tab_Info = 0, 121 | Tab_Aimbot = 1, 122 | Tab_Visuals = 2 123 | }; 124 | static int CurrentTab = 0; 125 | ImGui::SetCursorPos(ImVec2(0, 0)); 126 | ImGui::SetNextWindowBgAlpha(1); 127 | ImGui::PushStyleVar(ImGuiStyleVar_ItemSpacing, ImVec2(0, 0)); 128 | ImGui::PushStyleVar(ImGuiStyleVar_WindowPadding, ImVec2(0, 0)); 129 | ImGui::BeginChild("TabsChild##Top", top_panel.GetSize(), true, ImGuiWindowFlags_NoClipping); 130 | { 131 | ImGuiWindow* chwindow = ImGui::GetCurrentWindow(); 132 | 133 | ImRect tabs_panel(ImVec2(logo_panel.Max.x, top_panel.Min.y), top_panel.Max); 134 | ImRect tab_one(ImFloor(tabs_panel.Min), ImFloor(ImVec2(tabs_panel.Min.x + tabs_panel.GetWidth() * 0.5f, tabs_panel.Max.y))); 135 | ImRect tab_two(ImFloor(ImVec2(tab_one.Max.x, tabs_panel.Min.y)), ImFloor(tabs_panel.Max)); 136 | 137 | ImGui::SetCursorPos(ImVec2(0, 0)); 138 | ImGui::BeginGroup(); 139 | ImGui::PushFont(mapFont[(int)(top_panel.GetHeight() * 0.75f)]); 140 | if (ImGui::TabNew("##Logo", CurrentTab == Tab_Info, logo_panel.GetSize(), LogoTexture)) 141 | CurrentTab = Tab_Info; 142 | ImGui::SameLine(); 143 | 144 | if (ImGui::TabNew("Aimbot", CurrentTab == Tab_Aimbot, tab_one.GetSize())) 145 | CurrentTab = Tab_Aimbot; 146 | 147 | ImGui::SameLine(); 148 | if (ImGui::TabNew("Visuals", CurrentTab == Tab_Visuals, tab_two.GetSize())) 149 | CurrentTab = Tab_Visuals; 150 | ImGui::PopFont(); 151 | ImGui::EndGroup(); 152 | } 153 | ImGui::EndChild(); 154 | ImGui::PopStyleVar(2); 155 | ImGui::Spacing(); 156 | bool border = true; 157 | 158 | if (CurrentTab == Tab_Info) 159 | { 160 | ImGui::BeginChild("Info", ImVec2(0, 0), border, ImGuiWindowFlags_NoClipping | ImGuiWindowFlags_AlwaysUseWindowPadding); 161 | { 162 | render_settings(); 163 | } 164 | ImGui::EndChild(); 165 | } 166 | else if (CurrentTab == Tab_Aimbot) 167 | { 168 | ImGui::BeginChild("Aimbot", ImVec2(0, 0), border, ImGuiWindowFlags_NoClipping | ImGuiWindowFlags_AlwaysUseWindowPadding); 169 | { 170 | render_aimbot_settings(); 171 | } 172 | ImGui::EndChild(); 173 | } 174 | else if (CurrentTab == Tab_Visuals) 175 | { 176 | ImGui::BeginChild("Visuals", ImVec2(0, 0), border, ImGuiWindowFlags_NoClipping | ImGuiWindowFlags_AlwaysUseWindowPadding); 177 | { 178 | render_visuals_settings(); 179 | } 180 | ImGui::EndChild(); 181 | } 182 | 183 | } 184 | ImGui::End(); 185 | } 186 | }; -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.idea 10 | *.user 11 | *.userosscache 12 | *.sln.docstates 13 | 14 | # User-specific files (MonoDevelop/Xamarin Studio) 15 | *.userprefs 16 | 17 | # Mono auto generated files 18 | mono_crash.* 19 | 20 | # Build results 21 | [Dd]ebug/ 22 | [Dd]ebugPublic/ 23 | [Rr]elease/ 24 | [Rr]eleases/ 25 | x64/ 26 | x86/ 27 | [Ww][Ii][Nn]32/ 28 | [Aa][Rr][Mm]/ 29 | [Aa][Rr][Mm]64/ 30 | bld/ 31 | [Bb]in/ 32 | [Oo]bj/ 33 | [Ll]og/ 34 | [Ll]ogs/ 35 | 36 | # Visual Studio 2015/2017 cache/options directory 37 | .vs/ 38 | # Uncomment if you have tasks that create the project's static files in wwwroot 39 | #wwwroot/ 40 | 41 | # Visual Studio 2017 auto generated files 42 | Generated\ Files/ 43 | 44 | # MSTest test Results 45 | [Tt]est[Rr]esult*/ 46 | [Bb]uild[Ll]og.* 47 | 48 | # NUnit 49 | *.VisualState.xml 50 | TestResult.xml 51 | nunit-*.xml 52 | 53 | # Build Results of an ATL Project 54 | [Dd]ebugPS/ 55 | [Rr]eleasePS/ 56 | dlldata.c 57 | 58 | # Benchmark Results 59 | BenchmarkDotNet.Artifacts/ 60 | 61 | # .NET Core 62 | project.lock.json 63 | project.fragment.lock.json 64 | artifacts/ 65 | 66 | # ASP.NET Scaffolding 67 | ScaffoldingReadMe.txt 68 | 69 | # StyleCop 70 | StyleCopReport.xml 71 | 72 | # Files built by Visual Studio 73 | *_i.c 74 | *_p.c 75 | *_h.h 76 | *.ilk 77 | *.meta 78 | *.obj 79 | *.iobj 80 | *.pch 81 | *.pdb 82 | *.ipdb 83 | *.pgc 84 | *.pgd 85 | *.rsp 86 | *.sbr 87 | *.tlb 88 | *.tli 89 | *.tlh 90 | *.tmp 91 | *.tmp_proj 92 | *_wpftmp.csproj 93 | *.log 94 | *.vspscc 95 | *.vssscc 96 | .builds 97 | *.pidb 98 | *.svclog 99 | *.scc 100 | 101 | # Chutzpah Test files 102 | _Chutzpah* 103 | 104 | # Visual C++ cache files 105 | ipch/ 106 | *.aps 107 | *.ncb 108 | *.opendb 109 | *.opensdf 110 | *.sdf 111 | *.cachefile 112 | *.VC.db 113 | *.VC.VC.opendb 114 | 115 | # Visual Studio profiler 116 | *.psess 117 | *.vsp 118 | *.vspx 119 | *.sap 120 | 121 | # Visual Studio Trace Files 122 | *.e2e 123 | 124 | # TFS 2012 Local Workspace 125 | $tf/ 126 | 127 | # Guidance Automation Toolkit 128 | *.gpState 129 | 130 | # ReSharper is a .NET coding add-in 131 | _ReSharper*/ 132 | *.[Rr]e[Ss]harper 133 | *.DotSettings.user 134 | 135 | # TeamCity is a build add-in 136 | _TeamCity* 137 | 138 | # DotCover is a Code Coverage Tool 139 | *.dotCover 140 | 141 | # AxoCover is a Code Coverage Tool 142 | .axoCover/* 143 | !.axoCover/settings.json 144 | 145 | # Coverlet is a free, cross platform Code Coverage Tool 146 | coverage*[.json, .xml, .info] 147 | 148 | # Visual Studio code coverage results 149 | *.coverage 150 | *.coveragexml 151 | 152 | # NCrunch 153 | _NCrunch_* 154 | .*crunch*.local.xml 155 | nCrunchTemp_* 156 | 157 | # MightyMoose 158 | *.mm.* 159 | AutoTest.Net/ 160 | 161 | # Web workbench (sass) 162 | .sass-cache/ 163 | 164 | # Installshield output folder 165 | [Ee]xpress/ 166 | 167 | # DocProject is a documentation generator add-in 168 | DocProject/buildhelp/ 169 | DocProject/Help/*.HxT 170 | DocProject/Help/*.HxC 171 | DocProject/Help/*.hhc 172 | DocProject/Help/*.hhk 173 | DocProject/Help/*.hhp 174 | DocProject/Help/Html2 175 | DocProject/Help/html 176 | 177 | # Click-Once directory 178 | publish/ 179 | 180 | # Publish Web Output 181 | *.[Pp]ublish.xml 182 | *.azurePubxml 183 | # Note: Comment the next line if you want to checkin your web deploy settings, 184 | # but database connection strings (with potential passwords) will be unencrypted 185 | *.pubxml 186 | *.publishproj 187 | 188 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 189 | # checkin your Azure Web App publish settings, but sensitive information contained 190 | # in these scripts will be unencrypted 191 | PublishScripts/ 192 | 193 | # NuGet Packages 194 | *.nupkg 195 | # NuGet Symbol Packages 196 | *.snupkg 197 | # The packages folder can be ignored because of Package Restore 198 | **/[Pp]ackages/* 199 | # except build/, which is used as an MSBuild target. 200 | !**/[Pp]ackages/build/ 201 | # Uncomment if necessary however generally it will be regenerated when needed 202 | #!**/[Pp]ackages/repositories.config 203 | # NuGet v3's project.json files produces more ignorable files 204 | *.nuget.props 205 | *.nuget.targets 206 | 207 | # Microsoft Azure Build Output 208 | csx/ 209 | *.build.csdef 210 | 211 | # Microsoft Azure Emulator 212 | ecf/ 213 | rcf/ 214 | 215 | # Windows Store app package directories and files 216 | AppPackages/ 217 | BundleArtifacts/ 218 | Package.StoreAssociation.xml 219 | _pkginfo.txt 220 | *.appx 221 | *.appxbundle 222 | *.appxupload 223 | 224 | # Visual Studio cache files 225 | # files ending in .cache can be ignored 226 | *.[Cc]ache 227 | # but keep track of directories ending in .cache 228 | !?*.[Cc]ache/ 229 | 230 | # Others 231 | ClientBin/ 232 | ~$* 233 | *~ 234 | *.dbmdl 235 | *.dbproj.schemaview 236 | *.jfm 237 | *.pfx 238 | *.publishsettings 239 | orleans.codegen.cs 240 | 241 | # Including strong name files can present a security risk 242 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 243 | #*.snk 244 | 245 | # Since there are multiple workflows, uncomment next line to ignore bower_components 246 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 247 | #bower_components/ 248 | 249 | # RIA/Silverlight projects 250 | Generated_Code/ 251 | 252 | # Backup & report files from converting an old project file 253 | # to a newer Visual Studio version. Backup files are not needed, 254 | # because we have git ;-) 255 | _UpgradeReport_Files/ 256 | Backup*/ 257 | UpgradeLog*.XML 258 | UpgradeLog*.htm 259 | ServiceFabricBackup/ 260 | *.rptproj.bak 261 | 262 | # SQL Server files 263 | *.mdf 264 | *.ldf 265 | *.ndf 266 | 267 | # Business Intelligence projects 268 | *.rdl.data 269 | *.bim.layout 270 | *.bim_*.settings 271 | *.rptproj.rsuser 272 | *- [Bb]ackup.rdl 273 | *- [Bb]ackup ([0-9]).rdl 274 | *- [Bb]ackup ([0-9][0-9]).rdl 275 | 276 | # Microsoft Fakes 277 | FakesAssemblies/ 278 | 279 | # GhostDoc plugin setting file 280 | *.GhostDoc.xml 281 | 282 | # Node.js Tools for Visual Studio 283 | .ntvs_analysis.dat 284 | node_modules/ 285 | 286 | # Visual Studio 6 build log 287 | *.plg 288 | 289 | # Visual Studio 6 workspace options file 290 | *.opt 291 | 292 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 293 | *.vbw 294 | 295 | # Visual Studio LightSwitch build output 296 | **/*.HTMLClient/GeneratedArtifacts 297 | **/*.DesktopClient/GeneratedArtifacts 298 | **/*.DesktopClient/ModelManifest.xml 299 | **/*.Server/GeneratedArtifacts 300 | **/*.Server/ModelManifest.xml 301 | _Pvt_Extensions 302 | 303 | # Paket dependency manager 304 | .paket/paket.exe 305 | paket-files/ 306 | 307 | # FAKE - F# Make 308 | .fake/ 309 | 310 | # CodeRush personal settings 311 | .cr/personal 312 | 313 | # Python Tools for Visual Studio (PTVS) 314 | __pycache__/ 315 | *.pyc 316 | 317 | # Cake - Uncomment if you are using it 318 | # tools/** 319 | # !tools/packages.config 320 | 321 | # Tabs Studio 322 | *.tss 323 | 324 | # Telerik's JustMock configuration file 325 | *.jmconfig 326 | 327 | # BizTalk build output 328 | *.btp.cs 329 | *.btm.cs 330 | *.odx.cs 331 | *.xsd.cs 332 | 333 | # OpenCover UI analysis results 334 | OpenCover/ 335 | 336 | # Azure Stream Analytics local run output 337 | ASALocalRun/ 338 | 339 | # MSBuild Binary and Structured Log 340 | *.binlog 341 | 342 | # NVidia Nsight GPU debugger configuration file 343 | *.nvuser 344 | 345 | # MFractors (Xamarin productivity tool) working folder 346 | .mfractor/ 347 | 348 | # Local History for Visual Studio 349 | .localhistory/ 350 | 351 | # BeatPulse healthcheck temp database 352 | healthchecksdb 353 | 354 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 355 | MigrationBackup/ 356 | 357 | # Ionide (cross platform F# VS Code tools) working folder 358 | .ionide/ 359 | 360 | # Fody - auto-generated XML schema 361 | FodyWeavers.xsd 362 | /DvlErrLog.txt 363 | -------------------------------------------------------------------------------- /Libraries/imgui/imconfig.h: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // COMPILE-TIME OPTIONS FOR DEAR IMGUI 3 | // Runtime options (clipboard callbacks, enabling various features, etc.) can generally be set via the ImGuiIO structure. 4 | // You can use ImGui::SetAllocatorFunctions() before calling ImGui::CreateContext() to rewire memory allocation functions. 5 | //----------------------------------------------------------------------------- 6 | // A) You may edit imconfig.h (and not overwrite it when updating Dear ImGui, or maintain a patch/branch with your modifications to imconfig.h) 7 | // B) or add configuration directives in your own file and compile with #define IMGUI_USER_CONFIG "myfilename.h" 8 | // If you do so you need to make sure that configuration settings are defined consistently _everywhere_ Dear ImGui is used, which include 9 | // the imgui*.cpp files but also _any_ of your code that uses Dear ImGui. This is because some compile-time options have an affect on data structures. 10 | // Defining those options in imconfig.h will ensure every compilation unit gets to see the same data structure layouts. 11 | // Call IMGUI_CHECKVERSION() from your .cpp files to verify that the data structures your files are using are matching the ones imgui.cpp is using. 12 | //----------------------------------------------------------------------------- 13 | 14 | #pragma once 15 | 16 | //---- Define assertion handler. Defaults to calling assert(). 17 | // If your macro uses multiple statements, make sure is enclosed in a 'do { .. } while (0)' block so it can be used as a single statement. 18 | //#define IM_ASSERT(_EXPR) MyAssert(_EXPR) 19 | //#define IM_ASSERT(_EXPR) ((void)(_EXPR)) // Disable asserts 20 | 21 | //---- Define attributes of all API symbols declarations, e.g. for DLL under Windows 22 | // Using dear imgui via a shared library is not recommended, because of function call overhead and because we don't guarantee backward nor forward ABI compatibility. 23 | //#define IMGUI_API __declspec( dllexport ) 24 | //#define IMGUI_API __declspec( dllimport ) 25 | 26 | //---- Don't define obsolete functions/enums/behaviors. Consider enabling from time to time after updating to avoid using soon-to-be obsolete function/names. 27 | //#define IMGUI_DISABLE_OBSOLETE_FUNCTIONS 28 | 29 | //---- Disable all of Dear ImGui or don't implement standard windows. 30 | // It is very strongly recommended to NOT disable the demo windows during development. Please read comments in imgui_demo.cpp. 31 | //#define IMGUI_DISABLE // Disable everything: all headers and source files will be empty. 32 | //#define IMGUI_DISABLE_DEMO_WINDOWS // Disable demo windows: ShowDemoWindow()/ShowStyleEditor() will be empty. Not recommended. 33 | //#define IMGUI_DISABLE_METRICS_WINDOW // Disable debug/metrics window: ShowMetricsWindow() will be empty. 34 | 35 | //---- Don't implement some functions to reduce linkage requirements. 36 | //#define IMGUI_DISABLE_WIN32_DEFAULT_CLIPBOARD_FUNCTIONS // [Win32] Don't implement default clipboard handler. Won't use and link with OpenClipboard/GetClipboardData/CloseClipboard etc. 37 | //#define IMGUI_DISABLE_WIN32_DEFAULT_IME_FUNCTIONS // [Win32] Don't implement default IME handler. Won't use and link with ImmGetContext/ImmSetCompositionWindow. 38 | //#define IMGUI_DISABLE_WIN32_FUNCTIONS // [Win32] Won't use and link with any Win32 function (clipboard, ime). 39 | //#define IMGUI_ENABLE_OSX_DEFAULT_CLIPBOARD_FUNCTIONS // [OSX] Implement default OSX clipboard handler (need to link with '-framework ApplicationServices', this is why this is not the default). 40 | //#define IMGUI_DISABLE_DEFAULT_FORMAT_FUNCTIONS // Don't implement ImFormatString/ImFormatStringV so you can implement them yourself (e.g. if you don't want to link with vsnprintf) 41 | //#define IMGUI_DISABLE_DEFAULT_MATH_FUNCTIONS // Don't implement ImFabs/ImSqrt/ImPow/ImFmod/ImCos/ImSin/ImAcos/ImAtan2 so you can implement them yourself. 42 | //#define IMGUI_DISABLE_DEFAULT_FILE_FUNCTIONS // Don't implement ImFileOpen/ImFileClose/ImFileRead/ImFileWrite so you can implement them yourself if you don't want to link with fopen/fclose/fread/fwrite. This will also disable the LogToTTY() function. 43 | //#define IMGUI_DISABLE_DEFAULT_ALLOCATORS // Don't implement default allocators calling malloc()/free() to avoid linking with them. You will need to call ImGui::SetAllocatorFunctions(). 44 | 45 | //---- Include imgui_user.h at the end of imgui.h as a convenience 46 | //#define IMGUI_INCLUDE_IMGUI_USER_H 47 | 48 | //---- Pack colors to BGRA8 instead of RGBA8 (to avoid converting from one to another) 49 | //#define IMGUI_USE_BGRA_PACKED_COLOR 50 | 51 | //---- Use 32-bit for ImWchar (default is 16-bit) to support full unicode code points. 52 | //#define IMGUI_USE_WCHAR32 53 | 54 | //---- Avoid multiple STB libraries implementations, or redefine path/filenames to prioritize another version 55 | // By default the embedded implementations are declared static and not available outside of imgui cpp files. 56 | //#define IMGUI_STB_TRUETYPE_FILENAME "my_folder/stb_truetype.h" 57 | //#define IMGUI_STB_RECT_PACK_FILENAME "my_folder/stb_rect_pack.h" 58 | //#define IMGUI_DISABLE_STB_TRUETYPE_IMPLEMENTATION 59 | //#define IMGUI_DISABLE_STB_RECT_PACK_IMPLEMENTATION 60 | 61 | //---- Unless IMGUI_DISABLE_DEFAULT_FORMAT_FUNCTIONS is defined, use the much faster STB sprintf library implementation of vsnprintf instead of the one from the default C library. 62 | // Note that stb_sprintf.h is meant to be provided by the user and available in the include path at compile time. Also, the compatibility checks of the arguments and formats done by clang and GCC will be disabled in order to support the extra formats provided by STB sprintf. 63 | // #define IMGUI_USE_STB_SPRINTF 64 | 65 | //---- Define constructor and implicit cast operators to convert back<>forth between your math types and ImVec2/ImVec4. 66 | // This will be inlined as part of ImVec2 and ImVec4 class declarations. 67 | 68 | #define IM_VEC2_CLASS_EXTRA \ 69 | ImVec2 operator+ (const ImVec2& other) { return ImVec2(x + other.x, y + other.y); } \ 70 | ImVec2 operator- (const ImVec2& other) { return ImVec2(x - other.x, y - other.y); } \ 71 | /* 72 | #define IM_VEC4_CLASS_EXTRA \ 73 | ImVec4(const MyVec4& f) { x = f.x; y = f.y; z = f.z; w = f.w; } \ 74 | operator MyVec4() const { return MyVec4(x,y,z,w); } 75 | */ 76 | 77 | //---- Use 32-bit vertex indices (default is 16-bit) is one way to allow large meshes with more than 64K vertices. 78 | // Your renderer back-end will need to support it (most example renderer back-ends support both 16/32-bit indices). 79 | // Another way to allow large meshes while keeping 16-bit indices is to handle ImDrawCmd::VtxOffset in your renderer. 80 | // Read about ImGuiBackendFlags_RendererHasVtxOffset for details. 81 | //#define ImDrawIdx unsigned int 82 | 83 | //---- Override ImDrawCallback signature (will need to modify renderer back-ends accordingly) 84 | //struct ImDrawList; 85 | //struct ImDrawCmd; 86 | //typedef void (*MyImDrawCallback)(const ImDrawList* draw_list, const ImDrawCmd* cmd, void* my_renderer_user_data); 87 | //#define ImDrawCallback MyImDrawCallback 88 | 89 | //---- Debug Tools: Macro to break in Debugger 90 | // (use 'Metrics->Tools->Item Picker' to pick widgets with the mouse and break into them for easy debugging.) 91 | //#define IM_DEBUG_BREAK IM_ASSERT(0) 92 | //#define IM_DEBUG_BREAK __debugbreak() 93 | 94 | //---- Debug Tools: Have the Item Picker break in the ItemAdd() function instead of ItemHoverable(), 95 | // (which comes earlier in the code, will catch a few extra items, allow picking items other than Hovered one.) 96 | // This adds a small runtime cost which is why it is not enabled by default. 97 | //#define IMGUI_DEBUG_TOOL_ITEM_PICKER_EX 98 | 99 | //---- Debug Tools: Enable slower asserts 100 | //#define IMGUI_DEBUG_PARANOID 101 | 102 | //---- Tip: You can add extra functions within the ImGui:: namespace, here or in your own headers files. 103 | /* 104 | namespace ImGui 105 | { 106 | void MyFunction(const char* name, const MyMatrix44& v); 107 | } 108 | */ 109 | --------------------------------------------------------------------------------