Add-Type @' using System; using System.Runtime.InteropServices; public struct Win32 { [StructLayout(LayoutKind.Sequential)] public struct MODULEINFO { public IntPtr lpBaseOfDll; public uint SizeOfImage; public IntPtr EntryPoint; } [DllImport("psapi.dll")] public static extern int EnumProcessModulesEx(IntPtr hProcess, [Out] IntPtr[] lphModule, uint cb, out uint lpcbNeeded, uint dwFilterFlag); [DllImport("psapi.dll", CharSet = CharSet.Unicode)] public static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] string lpBaseName, uint nSize); [DllImport("psapi.dll")] public static extern bool GetModuleInformation(IntPtr hProcess, IntPtr hModule, out MODULEINFO lpmodinfo, uint cb); [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(int access, bool inheritHandler, uint processId); [DllImport("kernel32.dll")] public static extern bool WriteProcessMemory(IntPtr process, IntPtr address, byte[] buffer, uint size, out uint written); [DllImport("Kernel32.dll")] public static extern bool ReadProcessMemory(IntPtr process, IntPtr address, [In, Out] byte[] buffer, uint size, out uint read); } '@ while($True) { $process = [diagnostics.process]::GetProcessesByName("csgo") if($process) { break } Start-Sleep -m 500 } $process $handle = [Win32]::OpenProcess(0x438, $True, [UInt32]$process[0].Id) $size = New-Object UInt32 Function FindModule($name, [ref] $modulesize) { $modules = New-Object IntPtr[] 1024 $cbneeded = New-Object UInt32 [void][Win32]::EnumProcessModulesEx($handle, $modules, 4096, [ref] $size, 0x03) $allmodulec = $size / 4 for ($i = 0; $i -lt $allmodulec; $i++) { [string] $s = New-Object char[] 1024 $l = [Win32]::GetModuleFileNameEx($handle, $modules[$i], $s, $s.Length) if ($s.Substring(0, $l).EndsWith($name)) { $info = New-Object Win32+MODULEINFO [void][Win32]::GetModuleInformation($handle, $modules[$i], [ref] $info, [System.Runtime.InteropServices.Marshal]::SizeOf([System.Type][Win32+MODULEINFO])); $modulesize.Value = $info.SizeOfImage return $modules[$i] } } } $clientsize = New-Object UInt32 while($True) { $client = FindModule "bin\client.dll" ([ref]$clientsize) if($client) { break } Start-Sleep -m 100 } Function PatternScanner($pattern, $mask, $module, $modulesize) { $buffer = New-Object byte[] $modulesize [void][Win32]::ReadProcessMemory($handle, $module, $buffer, $modulesize, [ref] $size) for ($i = 0; $i -lt $modulesize - $mask.Length; $i++) { $j = 0 while ($buffer[$i + $j] -eq $pattern[$j] -or $mask[$j] -eq '?') { if (++$j -eq $mask.Length - 1) { return $i } } } } Function MaskFromPattern($pattern) { foreach ($i in $pattern) { if ($i -eq 0) { $s += '?' } else { $s += 'x' } } return $s; } $pattern = 0x8D, 0x34, 0x85, 0x00, 0x00, 0x00, 0x00, 0x89, 0x15, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x41, 0x08, 0x8B, 0x48 $mask = MaskFromPattern $pattern $address = PatternScanner $pattern $mask $client $clientsize $address += [int]$client + 3 $buffer = New-Object byte[] 16 [void][Win32]::ReadProcessMemory($handle, $address, $buffer, 16, [ref] $size) $local = [BitConverter]::ToInt32($buffer, 0) + $buffer[15] $pattern = 0xA1, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x04, 0x02, 0x00, 0x00, 0x00, 0x00, 0x89, 0x35, 0x00, 0x00, 0x00, 0x00, 0x8D, 0xB7, 0x00, 0x00, 0x00, 0x00, 0xEB, 0x08 $mask = MaskFromPattern $pattern $address = PatternScanner $pattern $mask $client $clientsize $address += [int]$client + 1 $buffer = New-Object byte[] 4 [void][Win32]::ReadProcessMemory($handle, $address, $buffer, 4, [ref] $size) $glowbase = [BitConverter]::ToInt32($buffer, 0) Remove-Variable pattern Remove-Variable mask $glowobj = New-Object byte[] 0x34 $glowon = 0x01, 0x00 $color = New-Object byte[] 16 $buffer = New-Object byte[] 8 $localplayer = New-Object byte[] 0x90 $player = New-Object byte[] 0x99 $plocal = New-Object byte[] 4 while($True) { [void][Win32]::ReadProcessMemory($handle, $local, $plocal, 4, [ref] $size) $localptr = [BitConverter]::ToInt32($plocal, 0) if($localptr -ne 0) { [void][Win32]::ReadProcessMemory($handle, $localptr + 0x64, $localplayer, 0x90, [ref] $size) [void][Win32]::ReadProcessMemory($handle, $glowbase, $buffer, 8, [ref] $size) $glow = [BitConverter]::ToInt32($buffer, 0) $glowslength = [BitConverter]::ToInt32($buffer, 4) * 0x34 $glows = New-Object byte[] $glowslength [void][Win32]::ReadProcessMemory($handle, $glow, $glows, $glowslength, [ref] $size) for ($i = 0; $i -lt $glowslength; $i+=0x34) { $ent = [BitConverter]::ToInt32($glows, $i) if($ent -eq 0 -or $ent -eq $localptr) { continue } [void][Win32]::ReadProcessMemory($handle, $ent + 0x64, $player, 0x99, [ref] $size) if($player[0] -eq 0 -or $player[0x8C] -eq 0) { continue } elseif($player[0x8C] -eq $localplayer[0x8C]) { [float]$r = 0 [float]$g = 1 [float]$b = 0 [float]$a = 0.7 } else { if ($player[0x98] -ne 0) { [void][Win32]::WriteProcessMemory($handle, $ent + 0x935, [byte]1, 1, [ref] $size) if($player[0x85] -eq 1) { [float]$r = 0.2 [float]$g = 0.2 [float]$b = 0.2 [float]$a = 0.9 } elseif($player[0x98] -lt 25) { [float]$r = 1 [float]$g = 0 [float]$b = 0 [float]$a = 1 } else { [float]$r = 0.5 [float]$g = 0 [float]$b = 0.5 [float]$a = 1 } } else { [float]$r = 1 [float]$g = 0 [float]$b = 0 [float]$a = 1 } } [Array]::Copy([BitConverter]::GetBytes($r), 0, $color, 0, 4) [Array]::Copy([BitConverter]::GetBytes($g), 0, $color, 0x4, 4) [Array]::Copy([BitConverter]::GetBytes($b), 0, $color, 0x8, 4) [Array]::Copy([BitConverter]::GetBytes($a), 0, $color, 0xC, 4) $diff = $False for($j = 0; $j -lt 16; $j++) { if($color[$j] -ne $glows[$i + $j]) { $diff = $True break } } if($diff) { [void][Win32]::WriteProcessMemory($handle, $glow + $i + 0x4, $color, 16, [ref] $size) [void][Win32]::WriteProcessMemory($handle, $glow + $i + 0x24, $glowon, 2, [ref] $size) } } } Start-Sleep -m 1 }