1.) Using Bones & GetFOV is not very accurat. It works but it isn't the best way. I prefer Hiboxes.
2.) You can still use ReadProcessMemory and your cheat will not get detected.
3.) There a a lot of Methods to detect the Cheat. Signature, MD5/CRC32, String detection, ...
4.) Use mouse_event instead of WriteProcessMemory @ +attack
Post Thanks / Like - 1 Thanks
Correct me if I'm wrong but aren't those APIs only detected when they're hooked by the anti-cheat? Never dealt with it
Try creating a lan server, make sure in your console you have "sv_cheats 1" and "sv_lan 1" and "sv_pure -1" to make sure you do not get vac banned when testing your hack. Also, go on OFFLINE mode for steam to be 100% sure. In launch options for the steam game put "-insecure".
I started with Fleep's memory TriggerBot and was looking to improve its functionality a bit. I also wanted to switch it to Counter Strike: Global Offensive. I have a few questions regarding VAC/Anti-Cheat detection and the best practices for a TriggerBot.
The less loops you go thru, the better. The simpler your code, and the easier to understand, is better. Not saying, dumb down your code, just make it efficient. Not going to say wether you should do FoV, Bone, or HitBox, its all up to you.
1.) The first change I would like to make is to improve the accuracy and it seems like using the bone matrix and FOV would be one of the most accurate ways to trigger the clicks. I was curious how many bones should I be checking for this. If I were to check them all for each player would it be too slow? I'm assuming I could cut a lot of the bones like the fingers out but I was curious how much of an impact testing a bone has on the performance of the triggerbot. This check would happen for each player in a loop of all players.
Ihave ZERO experience with any and all anti cheats, so I will direct you to read this here. If you do not understand the terminology, you shouldn't create "undetected hacks".
2.) I read somewhere, I think on UC, that using one ReadProcessMemory(RPM) call would seem less suspicious to an anti-cheat program than multiple. So instead of grabbing the base, the team id, and the bones in separate RPM calls I'm assuming you would grab all the bytes after the base address for a certain length and separate the returned buffer into the variables afterwords. I was curious on someone with a little more experience with anti-cheat software's opinion on this. I would assume it depends on how many bytes you need so assume I would grab all the data relating to HP, Team and All the Bones in one call and the Anti-Cheat is VAC3.
Read what I wrote above.
3.) I was looking at Anti-Cheat detection for external hacks and I read it would be possible for an Anti-Cheat to scan all the processes that used OpenProcess on it and see RPM calls by watching that api. I was curious if there is an alternative way to reading the memory of a process that is less detectable or do people who write external hacks just continue to do so because VAC does not ban for RPM and OpenProcess?
You should give this a look, but I am not confident enough to say it will be undetected, same thing goes with the function sendMessage.
4.) Finally, to send the fire command Fleep writes to memory which is easily detectable. I was curious whats the best(least detectable) way to send fake mouse input and keyboard input.
No problem, I am glad you have asked this question, so when ever someone asks for a source engine/vac related detection question... I can redirect them here.
What ever I wrote here in this post is most likely wrong, so don't rely on my info too much. Do lots of research, look at the dumps of vac, and such to be sure you won't get detected. Have a good day.
Last edited by TastyHorror; 02-15-2014 at 03:03 AM.
Originally Posted by squeenie
Post Thanks / Like - 1 Thanks
Tatted up, mini skirt with my
Just wanted to touch back in with where I'm at, I figure it might help some people coming off of fleep's tutorial.
Also, I appreciate the quick responses rN' and TastyHorror, they helped get me going in the right direction.
The things so far I've noticed with fleep's tutorial in regards to VAC but keep in mind I have not reversed VAC3 and this is general information I have found throughout forums which is a few months out of date.
1) OpenProcess should be changed to have Read Only Permissions.
2) mouse_event should be used instead of writing 4 and 5's to memory. This should remove all the Write Memory Functions. I've heard some people talking about click speed could indicate if someone is cheating so I plan to implement it in a way that simulates my actual click response time, I'm not sure if this is necessary though.
There's probably more to this list and I will try to update it as I go. I'm working pretty slow through this since I'm working full time.
Things to keep in mind:
1) CS:GO is updated pretty frequently and I've noticed with the up to date offset threads that some of the offsets can be wrong. Make sure you know how to get the ones you need. With that said, fleep's code will run with just the offsets updated for CS:GO.
2) The number of player's count that fleep uses does not work online. I simply use 32 as the player count but you could fine tune this to the server you play on ie 10 in competitive, 20 in casual.
As of now I have it working in CS:GO the same way it works in CSS. I have not implemented a more accurate way to trigger the mouse clicks, so far I'm looking into hitboxes and bones with either FOV or vector intersection but its a bit difficult to find straight copy paste code to get a quick understanding of the proper implementation so I will need to go through the data structures and math on my own. A lot of these calculations deal with vectors so I would suggest at least a decent understanding before updating this aspect of the TriggerBot. I'll Post a run through of what I end up doing when I get there.
Last edited by Unorth; 02-15-2014 at 02:13 AM.
Post Thanks / Like - 1 Thanks
I'm pretty sure VAC hooks Readprocessmemory yes, they don't ban directly for it i think tho.
Originally Posted by till0sch97
Nope it doesn't. They would need to hook it in every application running then, which is definitely not done (VAC doesn't load a driver either).
Originally Posted by NTvalk
What VAC does is tracing back handles opened to the game process, so basically even a read only cheat get detected if VAC traces back the handle and uploads the memory of the cheat to their server to analyze it.
1.) Checking for bones will not be to accurate and will as you self says take to much time, use hitbox triggerbot.
2.) Well I don't think it matters if you call it twice or one time, what matters is the open handle which is there when you make 1 or 3 calls no matter what, when doing a triggerbot anyways you have to constantly use RPM to check if enemy is visible or something, unless you have triggerkey.
But always try to minimize your calls, not because of the detection rate because it won't increase it.
but because of the speed, it's faster to split information in the process than calling RPM more times.
3.) There is not alternatives other than writing your own driver, but there is still things you can do, so that the handle won't trigger detections on mostly AC's, VAC has fore sure imported RPM and WPM, I don't know for what, but well they don't do detections on them.
4.) mouse_event, and for other messages use PostMessage and get the lParam for the message with spy++
Last edited by Menalix; 02-16-2014 at 06:51 PM.