Osiris: Interacting with CS:GO

It looks like now we need to bypass their upcoming DLL checker.

nothing changes except for LoadLibrary, manual mapping will work as before

nothing changes except for LoadLibrary, manual mapping will work as before

It'd best to enroll in Beta and test Manual Mapping.

Manual Mapping works fine. From what I've seen they do something with NtOpenFile function inside csgo.exe (maybe hook).

So most injectors will continue to bypass valves new system?

So most injectors will continue to bypass valves new system?

Hopefully

Manual Mapping works fine. From what I've seen they do something with NtOpenFile function inside csgo.exe (maybe hook).

can u make a new injector source for that? one that has the .dll inside the loader itself to make it look nice XD

Manual Mapping works fine. From what I've seen they do something with NtOpenFile function inside csgo.exe (maybe hook).

Trying to inject osiris or any cheat with
https://github.com/danielkrupinski/curiuminjector-csgo

https://i.imgur.com/GiOmDVQ.jpg

Manual Mapping works fine. From what I've seen they do something with NtOpenFile function inside csgo.exe (maybe hook).

Trying to inject osiris or any cheat with
https://github.com/danielkrupinski/curiuminjector-csgo

https://i.imgur.com/GiOmDVQ.jpg

the injector is 3 years old.

Manual Mapping works fine. From what I've seen they do something with NtOpenFile function inside csgo.exe (maybe hook).

Trying to inject osiris or any cheat with
https://github.com/danielkrupinski/curiuminjector-csgo
https://i.imgur.com/GiOmDVQ.jpg

the injector is 3 years old.

It may be 3 years old, but it is undetectable and works well with the current CSGO version.
It doesn't work with the beta, and I published it because maybe Daniel can later make a modification to keep it working

I doubt Valve are THAT dumb. Manual mapping doesn't change whether the module shows in CSGO or not. Volvo can just enumerate the module list and easily find Osiris.

EDIT: OK, Valve are that dumb. lol They are just hooking LoadLibrary funcs

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

when are we supposed to open this,, when the game is running?
is it a one time only thing or do we do it everytime the game is open

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

when are we supposed to open this,, when the game is running?
is it a one time only thing or do we do it everytime the game is open

the script gives me an error

File "OneByteLdr.py", line 9 address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', ^ SyntaxError: invalid syntax

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

when are we supposed to open this,, when the game is running?
is it a one time only thing or do we do it everytime the game is open

the script gives me an error

File "OneByteLdr.py", line 9 address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', ^ SyntaxError: invalid syntax

Try

import pymem
import re

pm = pymem.Pymem('csgo.exe')
csgo = pymem.process.module_from_name(pm.process_handle, 'csgo.exe')
csgoModule = pm.read_bytes(csgo.lpBaseOfDll, csgo.SizeOfImage)
address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', csgoModule).start()
pm.write_uchar(address, 0xEB if pm.read_uchar(address) == 0x74 else 0x74)
pm.close_process()

Yes, you should be in CS:GO while running the Python script.

Also, you need Pymem, if you don't already have, pip install Pymem into CMD.

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

can you implement this inside an injector?

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

when are we supposed to open this,, when the game is running?
is it a one time only thing or do we do it everytime the game is open

the script gives me an error
File "OneByteLdr.py", line 9 address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', ^ SyntaxError: invalid syntax

Try

import pymem
import re

pm = pymem.Pymem('csgo.exe')
csgo = pymem.process.module_from_name(pm.process_handle, 'csgo.exe')
csgoModule = pm.read_bytes(csgo.lpBaseOfDll, csgo.SizeOfImage)
address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', csgoModule).start()
pm.write_uchar(address, 0xEB if pm.read_uchar(address) == 0x74 else 0x74)
pm.close_process()

Yes, you should be in CS:GO while running the Python script.

Also, you need Pymem, if you don't already have, pip install Pymem into CMD.

Now is OK!
Thanks!

Now I just have to try how to add the source code in C ++ of the bypass in
https://github.com/danielkrupinski/curiuminjector-csgo

// Restore original NtOpenFile from external process
LPVOID ntOpenFile = GetProcAddress(LoadLibraryW(L"ntdll"), "NtOpenFile");
if (ntOpenFile) {
char originalBytes[5];
memcpy(originalBytes, ntOpenFile, 5);
WriteProcessMemory(csgoProcessHandle, ntOpenFile, originalBytes, 5, NULL);
}

I've created simple bypass for that, you may want to check it out https://github.com/danielkrupinski/OneByteLdr.

when are we supposed to open this,, when the game is running?
is it a one time only thing or do we do it everytime the game is open

the script gives me an error
File "OneByteLdr.py", line 9 address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', ^ SyntaxError: invalid syntax

Try
import pymem
import re
pm = pymem.Pymem('csgo.exe')
csgo = pymem.process.module_from_name(pm.process_handle, 'csgo.exe')
csgoModule = pm.read_bytes(csgo.lpBaseOfDll, csgo.SizeOfImage)
address = csgo.lpBaseOfDll + re.search(rb'.\x1A\xF6\x45\x0C\x20', csgoModule).start()
pm.write_uchar(address, 0xEB if pm.read_uchar(address) == 0x74 else 0x74)
pm.close_process()
Yes, you should be in CS:GO while running the Python script.
Also, you need Pymem, if you don't already have, pip install Pymem into CMD.

Now is OK!
Thanks!

Now I just have to try how to add the source code in C ++ of the bypass in
https://github.com/danielkrupinski/curiuminjector-csgo

// Restore original NtOpenFile from external process
LPVOID ntOpenFile = GetProcAddress(LoadLibraryW(L"ntdll"), "NtOpenFile");
if (ntOpenFile) {
char originalBytes[5];
memcpy(originalBytes, ntOpenFile, 5);
WriteProcessMemory(csgoProcessHandle, ntOpenFile, originalBytes, 5, NULL);
}

https://gist.github.com/aljawary/273f75ba831adac1e5a054eafda9966d

To implement OneByteLdr inside a C/ C++ injector, in an easy way, you can simply ..

C/ C++ [Add To The Injector's Source]

::system("python \"C:\\Path\\To\\OneByteLdr.py\"");
::Sleep(128);

Before the injector's code that's meant to inject Osiris.dll.

Python needs to be installed on the computer. Same Pymem. Type pip install Pymem into CMD to install Pymem.

This is just an idea of using OneByteLdr, I am not saying that this is the best way or a better way.

To implement OneByteLdr inside a C/ C++ injector, in an easy way, you can simply ..

C/ C++ [Add To The Injector's Source]

::system("python \"C:\\Path\\To\\OneByteLdr.py\"");
::Sleep(128);

Before the injector's code that's meant to inject Osiris.dll.

Python needs to be installed on the computer. Same Pymem. Type pip install Pymem into CMD to install Pymem.

This is just an idea of using OneByteLdr, I am not saying that this is the best way or a better way.

No, because the idea is to make an injector where the user may or may not have python on his system.
In any case, I already solved it with the pyTOexe program, making an executable .exe with everything included without the user necessarily having python installed.

Thank you