FYI Your handle hijacking doesn't work.

[SigmaSkid]

NtQuerySystemInformation finds the open handle, with the path to the cheats .exe, instead of the process whose handle we're trying to hijack. Hope this helps <3

[ifBars]

Care to elaborate? In my tests it seemed like the program was reading and writing to the memory of the hijacked handle just fine, and if the cheats are working, which they were during my testing, then it's obviously writing and reading memory from the right process, correct me if I am wrong.

Of course just because the cheats work doesn't mean the handle is hijacked successfully, but the program does output whether it is using the hijacked handle or open process to read and write memory, therefore if it's outputting that it is using said hijacked handle, then I would assume that reading/writing to memory would not work, aka the cheats would not work, due to the fact that the hijacked handle is not correct (in your theory). Sorry if this is a bit unclear.

[SigmaSkid]

What I'm saying, is that it's detected by this old vac module: https://github.com/danielkrupinski/VAC/blob/master/VAC/Modules/ProcessHandleList/ProcessHandleList.c A vac dummy I'm using for testing successfully detects and blocks the handle, then prints the path to the cheats.exe. One of the recent windows updates seems to have made changes to https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-zwduplicateobject

[ifBars]

What I'm saying, is that it's detected by this old vac module:

https://github.com/danielkrupinski/VAC/blob/master/VAC/Modules/ProcessHandleList/ProcessHandleList.c

A vac dummy I'm using for testing successfully detects and blocks the handle, then prints the path to the cheats.exe.

One of the recent windows updates seems to have made changes to https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-zwduplicateobject

That makes more sense now. Even though it is detected, VAC doesn't do anything with it in CS2 currently. It falls between that fine line of detected but not bannable, for now at least. If anyone doesn't believe me feel free to try it yourself, hijacking a handle doesn't result in a ban or lowered trust, even though VAC can detect it with no problems at all.

[IMXNOOBX]

Thanks for explaining this issue clearly, i will try to investigate it further more. Also take into account that if the handle hijack fails to get a handle, it will fall back to the normal open handle, this is done to make it simpler for the user as many are inexperienced, they just want it to work right away, and as @ifBars said it doesn't affect the tf or causing bans in cs2.

https://github.com/IMXNOOBX/cs2-external-esp/blob/b817fc46a98b448eb5fd999265f2c1cb2c600949/memory-external/memory/memory.cpp#L99-L105