Source Code Simple CSGO Wall Hack

  • CSGO recently moved logic from 'client_panorama.dll' to 'client.dll', you must update all code that uses 'client_panorama.dll' and replace it with 'client.dll' or the code will not work.
Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Clash's

Newbie
Jan 23, 2016
2
32
0
//Edit by Rake
Credits 100% to VirtualCoder check him out here:
https://www.youtube.com/watch?v=JPlAqPb4izs
//

C#:
#define C_P

typedef unsigned char uint8_t;

template <typename T, size_t N>

size_t countof(T(&array)[N])
{
	return N;
}

DWORD (void)dwLocalPlayer; //will be scanned
DWORD (void)dwEntityList;  //will be scanned
DWORD (void)dwGlow;        //will be scanned

DWORD dwTeam = 0xF0;
DWORD dwDormant = 0xE9;

struct PModule
{
	DWORD dwBase;
	DWORD dwSize;
};

/* Debugger/Process API implementation class */

class process
{

public:
	bool Attach(char* pName, DWORD rights)
	{
		HANDLE handle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
		PROCESSENTRY32 entry;
		entry.dwSize = sizeof(entry);

		do
			if (!strcmp(entry.szExeFile, pName)) {
				pID = entry.th32ProcessID;
				CloseHandle(handle);
				_process = OpenProcess(rights, false, pID);
				return true;
			}
		while (Process32Next(handle, &entry));
		return false;
	}
	PModule GetModule(char* moduleName) {
		HANDLE module = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pID);
		MODULEENTRY32 mEntry;
		mEntry.dwSize = sizeof(mEntry);

		do {
			if (!strcmp(mEntry.szModule, (LPSTR)moduleName)) {
				CloseHandle(module);

				PModule mod = { (DWORD)mEntry.hModule, mEntry.modBaseSize };
				return mod;
			}
		} while (Module32Next(module, &mEntry));

		PModule mod = { (DWORD)false, (DWORD)false };
		return mod;
	}

	template <class T>
	T Read(DWORD addr) {
		T _read;
		ReadProcessMemory(_process, (LPVOID)addr, &_read, sizeof(T), NULL);
		return _read;
	}
	template <class T>
	void Write(DWORD addr, T val) {
		WriteProcessMemory(_process, (LPVOID)addr, &val, sizeof(T), NULL);
	}

	DWORD FindPattern(DWORD start, DWORD size, const char* sig, const char* mask) {
		BYTE* data = new BYTE[size];

		unsigned long bytesRead;
		if (!ReadProcessMemory(_process, (LPVOID)start, data, size, &bytesRead)) {
			return NULL;
		}

		for (DWORD i = 0; i < size; i++) {
			if (DataCompare((const BYTE*)(data + i), (const BYTE*)sig, mask)) {
				return start + i;
			}
		}
		return NULL;
	}

	DWORD FindPatternArray(DWORD start, DWORD size, const char* mask, int count, ...) {
		char* sig = new char[count + 1];
		va_list ap;
		va_start(ap, count);
		for (int i = 0; i < count; i++) {
			char read = va_arg(ap, char);
			sig[i] = read;
		}
		va_end(ap);
		sig[count] = '\0';
		return FindPattern(start, size, sig, mask);
	}


private:
	HANDLE _process;
	DWORD pID;
	bool DataCompare(const BYTE* pData, const BYTE* pMask, const char* pszMask) {
		for (; *pszMask; ++pszMask, ++pData, ++pMask) {
			if (*pszMask == 'x' && *pData != *pMask) {
				return false;
			}
		}
		return (*pszMask == NULL);
	}
};

/* Glow Object structure in csgo */
struct glow_t
{
	DWORD dwBase;
	float r;
	float g;
	float b;
	float a;
	uint8_t unk1[16];
	bool m_bRenderWhenOccluded;
	bool m_bRenderWhenUnoccluded;
	bool m_bFullBloom;
	uint8_t unk2[10];
};

/* Entity structure in csgo */
struct Entity
{
	DWORD dwBase;
	int team;
	bool is_dormant;
};

/* Player structure in csgo */
struct Player
{
	DWORD dwBase;
	bool isDormant;
};

#ifdef C_P
#error C_P
#endif

process memory;
process _modClient;
process* mem;
PModule modClient;

int int iFriendlies;
int int iEnemies;

Entity entEnemies[32];
Entity entFriendlies[32];
Entity me;

void update_entity_data(Entity* e, DWORD dwBase)
{
	int dormant = memory.Read<int>(dwBase + dwDormant);
	e->dwBase = dwBase;
	e->team = memory.Read<int>(dwBase + dwTeam);
	e->is_dormant = dormant == 1;
}
/* Get Pointer To Client.dll*/
PModule* GetClientModule() {
	if (modClient.dwBase == 0 && modClient.dwSize == 0) {
		modClient = memory.GetModule("client.dll");
	}
	return &modClient;
}

Entity* GetEntityByBase(DWORD dwBase) {

	for (int i = 0; i < iFriendlies; i++) {
		if (dwBase == entFriendlies[i].dwBase) {
			return &entFriendlies[i];
		}
	}
	for (int i = 0; i < iEnemies; i++) {
		if (dwBase == entEnemies[i].dwBase) {
			return &entEnemies[i];
		}
	}
	return nullptr;
}

/* offset updating class, that uses patterns to find memory addresses */
class offset
{
private:
	static void update_local_player() {
		DWORD lpStart = mem->FindPatternArray(modClient.dwBase, modClient.dwSize, "xxx????xx????xxxxx?", 19, 0x8D, 0x34, 0x85, 0x0, 0x0, 0x0, 0x0, 0x89, 0x15, 0x0, 0x0, 0x0, 0x0, 0x8B, 0x41, 0x8, 0x8B, 0x48, 0x0);
		DWORD lpP1 = mem->Read<DWORD>(lpStart + 3);
		BYTE lpP2 = mem->Read<BYTE>(lpStart + 18);
		dwLocalPlayer = (lpP1 + lpP2) - modClient.dwBase;
	}

	static void update_entity_list() {
		DWORD elStart = mem->FindPatternArray(modClient.dwBase, modClient.dwSize, "x????xx?xxx", 11, 0x5, 0x0, 0x0, 0x0, 0x0, 0xC1, 0xE9, 0x0, 0x39, 0x48, 0x4);
		DWORD elP1 = mem->Read<DWORD>(elStart + 1);
		BYTE elP2 = mem->Read<BYTE>(elStart + 7);
		dwEntityList = (elP1 + elP2) - modClient.dwBase;
	}

	static void update_glow() {
		DWORD gpStart = mem->FindPatternArray(modClient.dwBase, modClient.dwSize, "xx????x????xxx????xx????xx", 27, 0x8D, 0x8F, 0, 0, 0, 0, 0xA1, 0, 0, 0, 0, 0xC7, 0x4, 0x2, 0, 0, 0, 0, 0x89, 0x35, 0x0, 0x0, 0x0, 0x0, 0x8B, 0x51);
		dwGlow = mem->Read<DWORD>(gpStart + 7) - modClient.dwBase;
	}
public:
	static void get_offset(process* m) {
		mem = m;
		modClient = mem->GetModule("client.dll");
		update_local_player();
		update_entity_list();
		update_glow();
	}

	//constantly scanning & updating our offsets
	static DWORD WINAPI scan_offsets(LPVOID PARAM)
	{
		Entity players[64];
		while (true) {
			DWORD playerBase = memory.Read<DWORD>(GetClientModule()->dwBase + dwLocalPlayer);
			int cp = 0;

			update_entity_data(&me, playerBase);
			for (int i = 1; i < 64; i++) {
				DWORD entBase = memory.Read<DWORD>((GetClientModule()->dwBase + dwEntityList) + i * 0x10);

				if (entBase == NULL)
					continue;

				update_entity_data(&players[cp], entBase);

				cp++;
			}
			int cf = 0, ce = 0;
			for (int i = 0; i < cp; i++) {
				if (players[i].team == me.team) {
					entFriendlies[cf] = players[i];
					cf++;
				}
				else {
					entEnemies[ce] = players[i];
					ce++;
				}
			}
			iEnemies = ce;
			iFriendlies = cf;
		}
	}
};


class virtualesp
{
private:
	static void glow_player(DWORD mObj, float r, float g, float b)
	{
		memory.Write<float>(mObj + 0x4, r);
		memory.Write<float>(mObj + 0x8, g);
		memory.Write<float>(mObj + 0xC, b);
		memory.Write<float>(mObj + 0x10, 1.0f);
		memory.Write<BOOL>(mObj + 0x24, true);
		memory.Write<BOOL>(mObj + 0x25, false);
	}

	static float SanitizeColor(int value)
	{
		if (value > 255) value = 255;
		if (value < 0) value = 0;
		return (float)value / 255;
	}
public:
	static void start_engine() {
		while (!memory.Attach((void)"csgo.exe", PROCESS_ALL_ACCESS)) {
			Sleep(100);
		}
		do {
			Sleep(1000);
			offset::get_offset(&memory);
		} while (dwLocalPlayer < 65535);
		CreateThread(NULL, NULL, &offset::scan_offsets, NULL, NULL, NULL);
	}

	static unsigned long __stdcall esp_thread(void*)
	{
		int objectCount;
		DWORD pointerToGlow;
		Entity* Player = NULL;
		float Friend = SanitizeColor(100);
		float Enemy = SanitizeColor(140);

		while (true)
		{
			Sleep(10000000);
			pointerToGlow = memory.Read<DWORD>(GetClientModule()->dwBase + dwGlow);
			objectCount = memory.Read<DWORD>(GetClientModule()->dwBase + dwGlow + 0x4);
			if (pointerToGlow != NULL && objectCount > 0)
			{
				for (int i = 0; i < objectCount; i++)
				{
					DWORD mObj = pointerToGlow + i * sizeof(glow_t);
					glow_t glowObject = memory.Read<glow_t>(mObj);
					Player = GetEntityByBase(glowObject.dwBase);

					if (glowObject.dwBase == NULL || Player == nullptr || Player->is_dormant) {
						continue;
					}
					if (me.team == Player->team) {
						glow_player(mObj, 0, 0, Friend);
					}
					else {
						glow_player(mObj, Enemy, 0, 0);
					}
				}
			}
		}
		return EXIT_SUCCESS;
	}
};


int entryfunction(int arg, char* argv[INFINITE])
{
	bool enabled = false;
	HANDLE ESP = NULL;

	virtualesp::start_engine();
	while (TRUE)
	{
		if (GetAsyncKeyState(VK_F1) & 1) {
			enabled = !enabled;
			if (enabled) {
				std::cout << "ESP: on" << std::endl;
				ESP = CreateThread(NULL, NULL, &virtualesp::esp_thread, NULL, NULL, NULL);
			}
			else {
				std::cout << "ESP: off" << std::endl;
				TerminateThread(ESP, 0);
				CloseHandle(ESP);
			}
		}
	}
}

Enjoy ^^ :cool:
 
Last edited by a moderator:

Alex

Sober linux neb
Dank Tier Donator
Nobleman
Nov 26, 2015
150
828
1
I must say it's really bad looking and it's not even finished, lol
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
C++:
#define C_P
True

EDIT:
Oh lol, that's the anti copy paste.


EDIT2:
Credits to ZER0MEM0RY on mpqh.
 
Last edited:

iQuintennn

Newbie
Silenced
Jan 23, 2016
5
31
0
This, pisses, me, the, xxxx, off k?

And wallhack is such easier lol

Recreate the glowobject structure in csgo;

struct GlowObj {
DWORD theEntity;
float r; RGBA Ofciyrse <--- I can't type that fast m8
float g;
float b;
float a;
Vortex xxxx here
bool Learn2ReadCommunitym9;
bool youNerd;
bool I2;
More Vortex xxxx;
}

correct me if I'm wrong with the glow structure m8
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
This, pisses, me, the, xxxx, off k?

And wallhack is such easier lol

Recreate the glowobject structure in csgo;

struct GlowObj {
DWORD theEntity;
float r; RGBA Ofciyrse <--- I can't type that fast m8
float g;
float b;
float a;
Vortex xxxx here
bool Learn2ReadCommunitym9;
bool youNerd;
bool I2;
More Vortex xxxx;
}

correct me if I'm wrong with the glow structure m8
Close m8

C++:
	struct GlowObjectDefinition_t {
		//virtual bool ShouldDraw( int nSlot ) = 0;
		//virtual bool IsUnused( ) = 0;
		//virtual void DrawModel( ) = 0;

		CBaseEntity* m_pEntity; // 0x00
		Vector m_vGlowColor; // 0x04
		float m_flGlowAlpha; // 0x10
		int m_hSomeHandle; // 0x14
		int fill1; // 0x18
		float m_flBloomAmount; // 0x1C
		int fill2; // 0x20
		bool m_bRenderWhenOccluded; // 0x24
		bool m_bRenderWhenUnoccluded; // 0x25
		bool m_bFullBloomRender; // 0x26
		bool unk;
		int m_nFullBloomStencilTestValue; // 0x28 only render full bloom objects if stencil is equal to this value (value of -1 implies no stencil test)
		int m_nSplitScreenSlot; // 0x2C
		int useless;			// 0x30 Linked list of free slots
		int m_nNextFreeSlot; // 0x34
		// Special values for GlowObjectDefinition_t::m_nNextFreeSlot
	};
 

iQuintennn

Newbie
Silenced
Jan 23, 2016
5
31
0
Close m8

C++:
	struct GlowObjectDefinition_t {
		//virtual bool ShouldDraw( int nSlot ) = 0;
		//virtual bool IsUnused( ) = 0;
		//virtual void DrawModel( ) = 0;

		CBaseEntity* m_pEntity; // 0x00
		Vector m_vGlowColor; // 0x04
		float m_flGlowAlpha; // 0x10
		int m_hSomeHandle; // 0x14
		int fill1; // 0x18
		float m_flBloomAmount; // 0x1C
		int fill2; // 0x20
		bool m_bRenderWhenOccluded; // 0x24
		bool m_bRenderWhenUnoccluded; // 0x25
		bool m_bFullBloomRender; // 0x26
		bool unk;
		int m_nFullBloomStencilTestValue; // 0x28 only render full bloom objects if stencil is equal to this value (value of -1 implies no stencil test)
		int m_nSplitScreenSlot; // 0x2C
		int useless;			// 0x30 Linked list of free slots
		int m_nNextFreeSlot; // 0x34
		// Special values for GlowObjectDefinition_t::m_nNextFreeSlot
	};
thanks for correcting me m8

But you can also use this m9

C++:
struct GlowObj {
    DWORD pEntity;
	float r;
	float g;
	float b;
	float a;
        Vector Thing
	bool RenderWhenOccluded;
	bool RenderWhenUnoccluded;
	bool FullBloom;
	Vector thingy;
};
I used this structure in my hack, also thnx for code sharing m9 (Not that I am gonna use it lol)
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
thanks for correcting me m8

But you can also use this m9

C++:
struct GlowObj {
    DWORD pEntity;
	float r;
	float g;
	float b;
	float a;
        Vector Thing
	bool RenderWhenOccluded;
	bool RenderWhenUnoccluded;
	bool FullBloom;
	Vector thingy;
};
I used this structure in my hack, also thnx for code sharing m9 (Not that I am gonna use it lol)
True m10, bloom amount is fun to play with though, not really code sharing, basically direct copy pasta from the source sdk with 4 bytes added cause of csgo
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,061
78,998
2,370
C++:
#define C_P

#ifdef C_P
#error C_P
#endif
OMG this is the best thing I've ever seen.

Clash's did you post this as a joke or what?
 

Dretch

Newbie
Full Member
Sep 17, 2015
26
229
2
C++:
	struct GlowObjectDefinition_t {
		//virtual bool ShouldDraw( int nSlot ) = 0;
		//virtual bool IsUnused( ) = 0;
		//virtual void DrawModel( ) = 0;

		CBaseEntity* m_pEntity; // 0x00
		Vector m_vGlowColor; // 0x04
		float m_flGlowAlpha; // 0x10
		int m_hSomeHandle; // 0x14
		int fill1; // 0x18
		float m_flBloomAmount; // 0x1C
		int fill2; // 0x20
		bool m_bRenderWhenOccluded; // 0x24
		bool m_bRenderWhenUnoccluded; // 0x25
		bool m_bFullBloomRender; // 0x26
		bool unk;
		int m_nFullBloomStencilTestValue; // 0x28 only render full bloom objects if stencil is equal to this value (value of -1 implies no stencil test)
		int m_nSplitScreenSlot; // 0x2C
		int useless;			// 0x30 Linked list of free slots
		int m_nNextFreeSlot; // 0x34
		// Special values for GlowObjectDefinition_t::m_nNextFreeSlot
	};
How does one find a pointer to this structure so I can play with it? I tried searching for changed values in TF2 as a spectator turning on a turning off tf_spec_xray, I have found couple of things but it did not really do what I wanted it to do. Also it crashed the game often, when I tried to change it. o.0
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
in source engine games they're part of an array from the glow object manager, you can find it near a string somewhere I forget where though, just dig through the source SDK and search for "glow" or something like that, and you should be able to find it eventually
 

Clash's

Newbie
Jan 23, 2016
2
32
0
Rake;39874 said:
C++:
#define C_P

#ifdef C_P
#error C_P
#endif
OMG this is the best thing I've ever seen.

Clash's did you post this as a joke or what?
No I have Watched in a tutorie ofl Virtual Coder
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods