Valve's anti-cheat module: VAC2.
Sticky Threads
While being efficiently bored I decided to in my awesomeness continue messing around with VAC. I took a whack at analyzing their scan decode/encode stuff whilst not in any true detail such as decoding it manually and such. Perhaps my most interesting findings were: 13BE236E 8360 10 00 ...
Use the following thread to discuss, various vac2 information, just a few rules as iam the owner of the thread :D 1.) Dont ask "How can i make something vac proof" 2.) Dont ask "Can i have 'x' Cheat because its vac proof" Request that shit somewhere else, lets just discuss what we know...
Note that this reversal took some reconnects to get everything so the VAC:2 packet dumps are different 131FF4D8 00000918 |hFile = 00000918 (window) 131FF4DC 131FFF28 |Buffer = 131FFF28 131FF4E0 00000004 |BytesToRead = 4 131FF4E4 131FF4F8 |pBytesRead = 131FF4F8 131FF4E8 00000000...
This is just a really short tutorial on VAC 2 Proof hooking since many people asked for it. So what do we do? We cause an Accessviolation at a certain address, the address we want to hook actually. Once we did that windows calles it's default exception handler which we interrupt to preform out...
I had this idea a long time ago but I never got myself to do a somewhat decent implementation... until now. So here is how it works. First you are required to create a callgate for each hook you have. so lets say you want to detour something it would look like this: DetourFunc(...
As all (well most) of you may have noticed V.A.C. started a huge offensive against cheats. So i thought it would be good if i explained how this new method works and if would list some methods to bypass it. First V.A.C.'s new method enumerates all running processes and modules. They use the ...
Gentlemen behold, VAC2 IDA Database: http://www.patrick-schaufuss.com/Pawt0w/VAC2.rar <- IDA 4.2 http://www.patrick-schaufuss.com/Pawt0w/VAC2_IDA47.rar <- IDA 4.7 tetsuo give me 4.8 :disappoin Well i was to lazy to 'decode' the whole Database since i found this little exploit.
Normal Threads
I'm logging some scans in some Source game, and what I've noticed is a bit confusing. What I see happening is that there are only a handful of the 14 total scan functions being called in a loop at random intervals. What I'm guessing is that certain calls are used in different games which Valve...
is creatmove hooking detected ? just asking ;)
Hey everybody :), I came up with the Idea of hiding a not manual mapped modules from the Kernel. Its basically the same like hiding a manual mapped module from the kernel -> hooking ntReadVirtualMemory, NtQueryVirtualMemory. But the problem is that the module will still be findable in the...
Hello everybody, was using azorbix mousehook: BOOL WINAPI hkGetCursorPos( LPPOINT lpPoint ) { BOOL bRet = FALSE; if( pGetCursorPos != NULL ) bRet = pGetCursorPos( lpPoint );
The idea of creating my own OpenGL wallhack for Counter-Strike on HL1 platform crossed my mind and i started to wonder; Is VAC or any kind of steam protection system detecting the injection of a .dll file? Will I have to think about the bypass, before making the cheat, or not? As for me the...
there is no vac support on mac os x at the moment, all steamclient.dynlib has so far is stub code. i am guessing that it is possible to hack stuff so that win32 clients can send this to the steam servers and get away with cheating until they stop this from running disassembly of an interesting...
just finished dumping these, someone will have a use for these if they're new to VAC. the es_process just means encrypted string; these offsets should match VAC as of june 1st, 2010 .data:10022FC8 off_10022FC8 dd offset es_kernel32_dll ; DATA XREF: sub_10010904+58r .data:10022FCC...
Hey GD, I just have a simple question: Should i call my ModuleHider Before CreateThread or after? So far i've called it after, idk if that is right... It just seems logic to me that you hide it after you hooked stuff, instead of you hide your module, createthread and BOOM it's visible...
I recently got flagged on one of my older accounts (half-life original 10 dollars), so I'm thinking that VAC2 can pick up my GetProcessAddress hook. I have no real knowledge of how VAC2 detects or anything like that but I've looked around and all of the 'Detours are Vac2proof' things seem to be...
I am detouring FX_FireBullets with MS Detours 1.5, it changes the MD5 hash of the .text section. Wouldn't this cause VAC2 to flag it as a detection? What method of detouring could I use instead? FX_FireBullets_o = (FX_FireBullets_def)DetourFunction((PBYTE)dwFX_FireBulletsAddr,...
I'm kind of a noob to anticheats, and after I did a bit of research on VAC, I came up with this concept on how to bypass it: 1. API functions are detoured via breakpoints 2. If VAC checks memory pages which have these detours in them, VirtualQueryEx will always return Read/Execute 3....
Hi guy´s. What can you tell me about d3d hooking? I would like to know, if vac can detect hooking of d3d functions. I know that previous for example d3d crosshair, clocks etc was ud, but what about chams? Sorry, for my bad englisch, i hope you can understand me.
void __stdcall VacSpoofer( int iSlotID, DWORD dwResponseCode1, DWORD dwResponseCode2 ) { //add_log( "Vac2 scan intercepted %i, %x, %x", iSlotID, dwResponseCode1, dwResponseCode2 ); g_dwRetCode1 = g_dwResponseTable1; g_dwRetCode2 = g_dwResponseTable2; } __declspec( naked ) void...
Hey Guys :), I Hooked NtReadVirtualMemory with my driver and commit my modules BaseAddress And Size through the drivers IO. If NtReadVirtualMemory is called within my Module I just return a zero buffer. (works Great) My Module is also manual mapped. So my Question ist : Do I have to hide...
Hello , before some while i red that now VAC2 Detects memmory hacks , is that realy true , would my hack be detected (exe) with just few RPM Calls? The purpose of RPM Calls in my case , is to force sv_cheats and sv_consistency in Left 4 Dead , If its realy true that its detected , then how can...
since it's not going to be with (something like) WINE VAC will be 1. completely remade or 2. very easy to be bypassed on a Mac "Q: Hmm, that all sounds pretty good. But I'll bet I can't play with my friends who own Macs if I'm on my PC. A: Mac and PC users will all play together, on the same...
I've been noticing a lot of new games using steamworks are also using "anticheat" however it doesn't specify if it's VAC or not. I was curious to know if there's an actual method of checking whether a game uses VAC or not. Anyone got an answer? Thanks.
*title*
so um could you take say this ring-0- injector use any dll and have on vac and not be detected
I wrote a program in C# which manually maps my dll into CS:S' memory and I do the simple things like erase the PE header from my loader, I don't use any code to remove my module from the PEB(because it doesn't exist there?) But I was just wondering if I have to do something else to hide my hack?...
Hey guys Would anyone happen to know what the status is for packet sniffers (such as wireshark) in regards to VAC? Is it a bannable offence if you are running a packet sniffer in the background whilest playing in a VAC secured server? Thanks
Well, I found it interesting. :) http://www.youtube.com/watch?v=D9pop7Mheng
However, this thread belongs under 2 categories - VAC2 and beginner source engine. I am working on a legitimate program (HLSS clone with in-game d3d menu). At the moment, I am using asynckeystate (indirectly) inside of EndScene. I'd rather not get the state of the keyboard and compare it with...
Hi, I've decided to hack MW2 and I'd like to ask some information regarding your previous experience with VAC and their bans policy since I never played a game supported by it. I don't need information on how to bypass their specific checks because that's something I'm trying to avoid. What I'd...
Hey all, I'm just wondering whether using SourceHook to hook some functions in IBaseClientDLL will trigger VAC, even if I'm not modifying any return values or arguments. It will be loaded via plugin, so I'm not injecting anything into the game. Thanks in advance,
Theres a guy going round on my MSN offering people some private cheat for CSS called ventrilo.exe claiming its undetectable by all anti-cheats. (VAC2/X-Ray/ESEA/Aequitas) I asked him if he made it and he said no. I asked him if he had the source code and he said no. He then proceeded to...
Hi guys, today I wanted to look at VAC so ive lurked around in steam.exe with my debugger where i found that steam creates a file xxx.tmp and writes a file called sourinit.dat ( which turned out to be vac.dll actually after some research, lol D: ) in it then loads & executes a export from it. ...
Merely any suitable place to post this thread, plz allow me to ask here. I want to make a hack mostly like CDD which can join an C-D required server without opening C-D by emulating the cheating-death. I know there are connections between C-D and the server, and messages are certainly...
Hello - It's been a long time since I last developed for this game. I was curious to know if VAC had made any changes for HL1 mods, or if it was still possible to disable VAC by not allowing it to create any threads. If not, I have quite a bit of work to do.
Hi, Can i be detected with the following code ? no functions hooking, just execute. DLL injected with Winject 1.7a. typedef void (*g_hlds_ctext)( const char *fmt, ... ); void initialize()
There are currently 1 users browsing this forum. (0 members & 1 guests)
Use this control to limit the display of threads to those newer than the specified time frame.
Allows you to choose the data by which the thread list will be sorted.
Order threads in...
Note: when sorting by date, 'descending order' will show the newest results first.
Forum Rules
