A kernel-level software solution designed for reading and writing memory in CS:2.
This project leverages a custom kernel driver to interact with the game process securely and efficiently from an external user-mode application.
It is intended for educational and research purposes.
This software is provided for educational use only.
Using software like this in online multiplayer games is a violation of the terms of service for most games and will likely result in a permanent ban.
The author of this repository is not responsible for any damage or consequences that may result from the use of this software. Use it at your own risk.
- Kernel-Mode Memory Access: All memory read/write operations are performed by a kernel driver for enhanced security and to bypass common anti-cheat mechanisms.
- External User-Mode Application: A clean separation between the low-level driver and the high-level application logic and user interface.
- System Call Hooking: Communication between the user-mode application and the kernel driver is established by hooking a Windows system call.
- ImGui Overlay: A simple graphical user interface for interacting with the software, built with Dear ImGui.
The project is split into two primary components that work together:
a user-mode application and a kernel-mode driver.
- This is the main executable that you run.
- Handles rendering the GUI, managing features, and gathering the necessary information (e.g., memory addresses to read).
- Cannot directly access the game's memory. Instead, it sends requests to the kernel driver.
- Operates at the highest privilege level (ring 0).
- Sole responsibility is to securely execute memory operations on behalf of the user-mode application.
- Directly reads or writes to the target process's memory using kernel functions like
MmCopyVirtualMemory.
-
Driver Loading & Hooking
- When
kernel-driver.sysis loaded into kernel space, itsDriverEntryfunction executes. - This function hooks the
NtOpenCompositionSurfaceSectionInfosystem call by overwriting its initial bytes with a jump to our customhook_handler.
- When
-
Sending a Request
- The user-mode application populates a
COPY_MEMORYstruct with the details (process ID, address, data buffer, size, type of operation). - It then calls the original
NtOpenCompositionSurfaceSectionInfofunction.
- The user-mode application populates a
-
Handling the Request
- Since the system call is hooked, the driver’s
hook_handleris executed. - The handler performs the requested kernel-level memory operation and updates the
COPY_MEMORYstruct with results.
- Since the system call is hooked, the driver’s
-
Receiving the Result
- Control returns to the user-mode application, which reads the results from the struct.
👉 This method avoids obvious communication channels (like DeviceIoControl) that anti-cheat systems monitor.
- Windows 10/11 (x64)
- Microsoft Visual Studio (with C++ Desktop development workload)
- Windows Driver Kit (WDK)
- Open
csgo-legit-external.slnin Visual Studio. - Set the build configuration to Release and platform to x64.
- Build the kernel-driver project first → produces
kernel-driver.sys. - Build the csgo-legit-external project → produces
csgo-legit-external.exe.
- Update Offsets: Must be updated manually in source code.
- Map the Driver: Use a driver mapper (e.g.,
kdmapper.exe) to loadkernel-driver.sys. Requires administrator privileges. - Launch CS:2.
- Run the Executable: Start
csgo-legit-external.exeas administrator.
- This project is unfinished and no longer actively maintained.
- Some features may be incomplete or buggy.
- No support will be provided. You are expected to know how to use and modify the code.
- Signature scanning has been removed → you must keep game offsets up to date manually.