Understanding how cheats work

Published 30.09.2019 в 18:00 | Guide rating: 39


By writing this guide I do not encourage cheaters! But due to curiosity, I do happen to know a bit about how cheats work, and the different types.
So I’m writing this guide as a way to share what I know with others, so you can spot cheaters easier, understand what hacks they using and how they work.
If you want me to add anything or make any corrections, please leave a comment.

Aim Assistance

Here are some different types of aim assistance and what they look like Aimlock - locking onto an enemy targets head.
Aimbot - flicks onto enemy target, shoots, then flicks back.
Trigger bot - shoots when you manually move your crosshair over an enemy targets head (this type of cheat is a lot harder to detect).
recoil reduction, a script that counteracts the recoil pattern of a fire arm, which allows a fully automatic gun to be fired more accurately.


below is a gif of an aimlock being used: aimlock locks onto an enemy target.
Cinque Terre


When a players crosshair is flicking onto an enemy targets head, killing them, then flick back to the previous position, that’s called an aimbot.
Below an aimbot is shown being used: Flicks onto enemy target, shoots, then flicks back.
Cinque Terre

Trigger bot

Trigger bot is a cheat that will only shoot when you manually move your crosshair onto an enemy player.
As soon as your crosshair is on an enemy player trigger bot will kick in and start shooting, if you move your crosshair off the player it will stop shooting.
Trigger bot is a passive cheat that’s looks legit even to people watching it.
if used correctly, trigger bot can be very difficult to spot.
only shoots when you manually move your crosshair onto an enemy player Cinque Terre

Recoil Reduction

recoil reduction is a script that counteracts the recoil pattern of a fire arm, which allow a fully automatic gun to be fired more accurately.
Gif below shows script in use: Cinque Terre

Vision Assistance

Here are some different types of vision assistance and what they look like wallhacks - allows you to see the location of other players on the map, through any surface or wall.
Extra Sensory Perception (ESP) hack - provides user with information they should not have.
Wallhacks are specific to just player locations, ESP hacks on the other hand is a general term that can mean any hack that provides you with information you should not have.
what weapons players are using, what their health is, or just any other information that gives that player an advantage.

Wall Hacks

the image below shows what wall hacks looks like, as you can see the cheat draws a red outline around enemy players Cinque Terre


What makes ESP different to wallhacks is that wallhacks only show the locations of players, where ESP shows other information as well, for example as well as showing the players locations the ESP hack below also shows each players health: Cinque Terre

Movement Assistance

Types of movement assistance bunny hop script - a cheat that allows the player to move faster by jumping a second time just before they hid the ground which increase there velocity Anti-aim - a cheat that makes a player spin around in circles very fast, this is type of anti-cheat, to counteract other cheats an enemy player could be using.
By spinning so fast in circles it messes up the hit boxes of your player model, making it a lot more harder for other cheaters to headshot you.
As the location of your player head is constantly changing, so when an enemy players aimbot fires at your head, it's already in a different location.
Backtrack - a cheat that allows you to kill an enemy that was in a previous position to what they are currently in by using a lag exploit, that sends fake lag to the server.

Bunny hop

the gif below shows a bunny hop script being used Cinque Terre


A cheat that makes a player spin around in circles very fast, here is a gif showing anti-aim Cinque Terre


Backtrack is a type of lag exploit, it allows you to kill an enemy that was in a previous position to what they are currently in, up to roughly 200 milliseconds ago.
This allows you for example to kill a player after they have peaked a corner and returned to safety hidden behind cover.
How does this exploit work? It works by sending the server a fake ping that matches the trajectory of your bullet.
The server will then read this data as, the player fired a shot, but the player was lagging for lets say 150 milliseconds.
The server then looks at where every enemy player was 150 milliseconds ago, it then sees that an enemy player was in the exact trajectory of your bullet when the shot was fired (because the backtrack cheat has sent fake information to the server about your ping to match when the shot was fired), so the server then registers that as a hit.
Finally the server updates that hit, and sends the new data to every player connect to the server.
Usually resulting in the targeted enemy player suddenly dying.
Using backtrack you can kill any player that was within your field of view in any of their previous positions up to around 200 milliseconds ago, even if they not in your field of view now.
the image above shows backtrack being used.
The blue player is the actual position of the enemy player in real time now, all of the white ghost players are previous positions the enemy player was in.
1ms, 2ms, 3ms, 4ms, and so on ago… By sending fake lag to the server that matches when you fired a shot, backtrack can allow you to kill the enemy player after they were in any of those previous positions.
Cinque Terre

How to spot a cheater:

Consistently getting kills through walls, smokes, or just managing to get kills from areas of the map that would be difficult for a normal player to be able to get.
Flicky crosshair, there crosshair appears to flick between players, or on and off a player in a way that does not look human.
Jittering field of view, there crosshair moves in a unnatural matter, this could be the sign of a recoil reduction script.

How do cheats work?

In order to understand how computer game cheats work, it’s important to first understand how RAM works, this: When your using your computer, any data programs are currently using and need to store, is stored in a temporary storage area of your computer called your RAM.
RAM stores anything that a program is currently using from the images you see on webpages in your web browser, to your activity feet on social media, to a document your editing for school.
RAM stores it’s data in memory locations.
Every memory location has its own memory address.
Let’s use this analogy to try understand how RAM works: Imagine picking up a book, you can think of RAM a bit like a book.
And Each page of that book is like a memory location, and each word on that page is like the data.
And each memory address is like the page number.
Now let’s imagine there are certain pages in this book you’re not allowed to view, the owner of the book has said you can’t view them.
So how do you make sure you’re only looking at the correct pages? Well you look at the books index, the index lists every page in the book.
Your RAM also has an index, your computers Operating System (OS) will assign certain memory addresses to certain programs.
You OS can allow or deny any program on your computer access to any memory address it chooses.
The memory addresses of CSGO contains all the information about other players, there locations, weapons, health, and stuff like that.
The reason your computer has this information is so the source engine (graphics engine used by CSGO) knows how to render enemy players on your screen.
If you computer did not have this information stored in RAM, then the only thing you would see is the map, as source would not know where players are, so wouldn’t be able to render them on your screen.
All cheats work by attempt to access this information, cheats usually fall into 2 categories depending on how they get access to this information: direct and indirect Cinque Terre


Direct cheats involve directly injecting code into another programs memory space.
A commonly used method is DLL Injection.
Direct Link Library (DLL) files store code that is executed by an application.
A DLL injection would be when you inject code directly into CSGO’s memory space, allowing code to be executed that is not part of the game.
And make changes to or read memory addresses that usually would only be accessible by CSGO.
A special program called a DLL injector, will take a DLL file (the cheat), it will then request access from your computer operating system to be able to write to CSGO’s memory space.
it will then write the contents of the DLL file, the code that makes the cheat to memory.
CSGO will then execute this new code as if it was just another part of the game.
The DLL injector program can then be closed (and you can even delete the file if you want), it is no longer needed, the code stored in memory will still execute without its original DLL file or DLL injector.
This type of cheat will not appear in task manager (it just looks like another feature of CSGO as it executes within the games memory space), and it won’t display any command prompt terminal windows or anything, DLL injection cheats are basically invisible, anyone that uses your computer will have no idea that you used a cheat because It just becomes another part of the game temporarily.
This makes DLL injection perfect for LAN parties for example, if an admin tries to check your computer you can just delete all the files and the cheat will still work in game, as Forsaken the cheater from OpTic India tried to do.
However, if you close CSGO, the cheat will be lost.
A DLL injection needs to be preformed every time you start the game.


Indirect cheats runs along side CSGO as a separate executable (.
exe file), Indirect cheats will request access from your computer operating system to read data within CSGO memory space, very similarly to how a DLL injector would.
But they don’t inject any code, instead they just read the memory, get the data that they need (such as player locations etc.
), then using that data the program will then send keystrokes (i.
aim assistance) to simulate moving your keyboard and mouse.
For example the program could move your mouse onto an enemy player head then press left click to kill the player, then move your mouse back to its previous position (e.
an aimbot), all completely automatically without you having to do anything, It sends the keystrokes moves your mouse all by itself.
Indirect cheats are harder to spot by anti-cheat programs because they are not directly make any changes to the game.
sure they could if they wanted to, but most of the time they are just simply reading data, then sending appropriate keystrokes.
Those keystrokes are sent via your keyboard and mouse driver, or using the C++ SendKeys.
Send class from the Windows API for example, they have nothing to do with CSGO, and CSGO can’t really tell the difference between when a user clicks the mouse or when a cheat program does it.