Solved External TriggerBot Questions

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Unorth

Newbie
Jan 31, 2013
2
924
0
I started with Fleep's memory TriggerBot and was looking to improve its functionality a bit. I also wanted to switch it to Counter Strike: Global Offensive. I have a few questions regarding VAC/Anti-Cheat detection and the best practices for a TriggerBot.

1.) The first change I would like to make is to improve the accuracy and it seems like using the bone matrix and FOV would be one of the most accurate ways to trigger the clicks. I was curious how many bones should I be checking for this. If I were to check them all for each player would it be too slow? I'm assuming I could cut a lot of the bones like the fingers out but I was curious how much of an impact testing a bone has on the performance of the triggerbot. This check would happen for each player in a loop of all players.

2.) I read somewhere, I think on UC, that using one ReadProcessMemory(RPM) call would seem less suspicious to an anti-cheat program than multiple. So instead of grabbing the base, the team id, and the bones in separate RPM calls I'm assuming you would grab all the bytes after the base address for a certain length and separate the returned buffer into the variables afterwords. I was curious on someone with a little more experience with anti-cheat software's opinion on this. I would assume it depends on how many bytes you need so assume I would grab all the data relating to HP, Team and All the Bones in one call and the Anti-Cheat is VAC3.

3.) I was looking at Anti-Cheat detection for external hacks and I read it would be possible for an Anti-Cheat to scan all the processes that used OpenProcess on it and see RPM calls by watching that api. I was curious if there is an alternative way to reading the memory of a process that is less detectable or do people who write external hacks just continue to do so because VAC does not ban for RPM and OpenProcess?

4.) Finally, to send the fire command Fleep writes to memory which is easily detectable. I was curious whats the best(least detectable) way to send fake mouse input and keyboard input.

Thanks for your time.


Edit: Typos and Wording
 
Last edited:

rN'

Jr.Hacker
Meme Tier VIP
Jan 19, 2014
340
6,268
41
1.) Using Bones & GetFOV is not very accurat. It works but it isn't the best way. I prefer Hiboxes.
2.) You can still use ReadProcessMemory and your cheat will not get detected.
3.) There a a lot of Methods to detect the Cheat. Signature, MD5/CRC32, String detection, ...
4.) Use mouse_event instead of WriteProcessMemory @ +attack
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Correct me if I'm wrong but aren't those APIs only detected when they're hooked by the anti-cheat? Never dealt with it
 

TastyHorror

Coder
Dank Tier Donator
Nobleman
Oct 11, 2012
179
2,268
8
I started with Fleep's memory TriggerBot and was looking to improve its functionality a bit. I also wanted to switch it to Counter Strike: Global Offensive. I have a few questions regarding VAC/Anti-Cheat detection and the best practices for a TriggerBot.
Try creating a lan server, make sure in your console you have "sv_cheats 1" and "sv_lan 1" and "sv_pure -1" to make sure you do not get vac banned when testing your hack. Also, go on OFFLINE mode for steam to be 100% sure. In launch options for the steam game put "-insecure".

1.) The first change I would like to make is to improve the accuracy and it seems like using the bone matrix and FOV would be one of the most accurate ways to trigger the clicks. I was curious how many bones should I be checking for this. If I were to check them all for each player would it be too slow? I'm assuming I could cut a lot of the bones like the fingers out but I was curious how much of an impact testing a bone has on the performance of the triggerbot. This check would happen for each player in a loop of all players.
The less loops you go thru, the better. The simpler your code, and the easier to understand, is better. Not saying, dumb down your code, just make it efficient. Not going to say wether you should do FoV, Bone, or HitBox, its all up to you.

2.) I read somewhere, I think on UC, that using one ReadProcessMemory(RPM) call would seem less suspicious to an anti-cheat program than multiple. So instead of grabbing the base, the team id, and the bones in separate RPM calls I'm assuming you would grab all the bytes after the base address for a certain length and separate the returned buffer into the variables afterwords. I was curious on someone with a little more experience with anti-cheat software's opinion on this. I would assume it depends on how many bytes you need so assume I would grab all the data relating to HP, Team and All the Bones in one call and the Anti-Cheat is VAC3.
Ihave ZERO experience with any and all anti cheats, so I will direct you to read this here. If you do not understand the terminology, you shouldn't create "undetected hacks".

3.) I was looking at Anti-Cheat detection for external hacks and I read it would be possible for an Anti-Cheat to scan all the processes that used OpenProcess on it and see RPM calls by watching that api. I was curious if there is an alternative way to reading the memory of a process that is less detectable or do people who write external hacks just continue to do so because VAC does not ban for RPM and OpenProcess?
Read what I wrote above.

4.) Finally, to send the fire command Fleep writes to memory which is easily detectable. I was curious whats the best(least detectable) way to send fake mouse input and keyboard input.
You should give this a look, but I am not confident enough to say it will be undetected, same thing goes with the function sendMessage.

Thanks for your time.
No problem, I am glad you have asked this question, so when ever someone asks for a source engine/vac related detection question... I can redirect them here.

What ever I wrote here in this post is most likely wrong, so don't rely on my info too much. Do lots of research, look at the dumps of vac, and such to be sure you won't get detected. Have a good day.
 
Last edited:

Unorth

Newbie
Jan 31, 2013
2
924
0
Just wanted to touch back in with where I'm at, I figure it might help some people coming off of fleep's tutorial.
Also, I appreciate the quick responses rN' and TastyHorror, they helped get me going in the right direction.

The things so far I've noticed with fleep's tutorial in regards to VAC but keep in mind I have not reversed VAC3 and this is general information I have found throughout forums which is a few months out of date.
1) OpenProcess should be changed to have Read Only Permissions.
2) mouse_event should be used instead of writing 4 and 5's to memory. This should remove all the Write Memory Functions. I've heard some people talking about click speed could indicate if someone is cheating so I plan to implement it in a way that simulates my actual click response time, I'm not sure if this is necessary though.

There's probably more to this list and I will try to update it as I go. I'm working pretty slow through this since I'm working full time.

Things to keep in mind:
1) CS:GO is updated pretty frequently and I've noticed with the up to date offset threads that some of the offsets can be wrong. Make sure you know how to get the ones you need. With that said, fleep's code will run with just the offsets updated for CS:GO.
2) The number of player's count that fleep uses does not work online. I simply use 32 as the player count but you could fine tune this to the server you play on ie 10 in competitive, 20 in casual.

As of now I have it working in CS:GO the same way it works in CSS. I have not implemented a more accurate way to trigger the mouse clicks, so far I'm looking into hitboxes and bones with either FOV or vector intersection but its a bit difficult to find straight copy paste code to get a quick understanding of the proper implementation so I will need to go through the data structures and math on my own. A lot of these calculations deal with vectors so I would suggest at least a decent understanding before updating this aspect of the TriggerBot. I'll Post a run through of what I end up doing when I get there.
 
Last edited:

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
Correct me if I'm wrong but aren't those APIs only detected when they're hooked by the anti-cheat? Never dealt with it
I'm pretty sure VAC hooks Readprocessmemory yes, they don't ban directly for it i think tho.
 

brinkz

Coder
Meme Tier VIP
Sep 3, 2012
209
1,688
12
I'm pretty sure VAC hooks Readprocessmemory yes, they don't ban directly for it i think tho.
Nope it doesn't. They would need to hook it in every application running then, which is definitely not done (VAC doesn't load a driver either).
What VAC does is tracing back handles opened to the game process, so basically even a read only cheat get detected if VAC traces back the handle and uploads the memory of the cheat to their server to analyze it.
 

Menalix

Newbie
Trump Tier Donator
Full Member
Jan 24, 2014
7
632
0
1.) Checking for bones will not be to accurate and will as you self says take to much time, use hitbox triggerbot.

2.) Well I don't think it matters if you call it twice or one time, what matters is the open handle which is there when you make 1 or 3 calls no matter what, when doing a triggerbot anyways you have to constantly use RPM to check if enemy is visible or something, unless you have triggerkey.
But always try to minimize your calls, not because of the detection rate because it won't increase it.
but because of the speed, it's faster to split information in the process than calling RPM more times.

3.) There is not alternatives other than writing your own driver, but there is still things you can do, so that the handle won't trigger detections on mostly AC's, VAC has fore sure imported RPM and WPM, I don't know for what, but well they don't do detections on them.

4.) mouse_event, and for other messages use PostMessage and get the lParam for the message with spy++
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Similar threads

Community Mods