Information - Valve Anit-Cheat (VAC) -What's detected?

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

NubTIK

Jr.Coder
Full Member
Nobleman
Dec 5, 2012
58
1,573
1
Valve Anti-Cheat (VAC)

So if you're wondering if your hacks are detected by VAC or not?

Well I am going to try to explain a few things about VAC That might help you out.

Internal Hacking:

If you have made a DLL Injection/Internal based hook hack that injects into the game, there is a bigger risk of you getting banned.

The cheat itself might not be detected but your INJECTION Method might be the reason your cheat would trigger a VAC Ban, Also if your cheat is using VTable Hooks, You may be banned by VAC. More Information

External Hacking:

If you are making an External hack, The risk of getting banned is lower. However, There are things about External hacks that makes it very easy for VAC To detect it.
For example, Let's say youre making a hack thats writing a value to a CVar .. r_drawothermodels for example. This will NOT trigger a vac ban because that CVar is in a .data section in the memory.

However if you write to CVars/Other values that are located inside of:
.text
.rdata

There is a high risk of you getting banned.

However if you're only reading from any of those sections, The risk of getting banned is not that high.
 

brinkz

Coder
Meme Tier VIP
Sep 3, 2012
209
1,688
12
To the Internal Hacking:
Not only VTable Hooks are detected, this detection just was added with the last update.
That's why Loader can't make Cheats UD. And Undetected Cheats don't really get detected by using Injection Methods.
Module Hiding and Undetected Hooks are the way you should go.
 

NubTIK

Jr.Coder
Full Member
Nobleman
Dec 5, 2012
58
1,573
1
can share the tutorial please ?
It'd be nice if you could link it (way of sharing it) , But if you are just going to copy the text in it, maybe u could put my name as credits? :D
 

dydrax

Newbie
Full Member
Jan 8, 2013
22
234
0
It'd be nice if you could link it (way of sharing it) , But if you are just going to copy the text in it, maybe u could put my name as credits? :D
if then ,u can use the clue ,not explain all,,
like example short source code
 

Shadoninja

Newbie
Dank Tier Donator
Apr 24, 2013
36
214
0
Valve Anti-Cheat (VAC)

So if you're wondering if your hacks are detected by VAC or not?

Well I am going to try to explain a few things about VAC That might help you out.

Internal Hacking:

If you have made a DLL Injection/Internal based hook hack that injects into the game, there is a bigger risk of you getting banned.

The cheat itself might not be detected but your INJECTION Method might be the reason your cheat would trigger a VAC Ban, Also if your cheat is using VTable Hooks, You may be banned by VAC. More Information

External Hacking:

If you are making an External hack, The risk of getting banned is lower. However, There are things about External hacks that makes it very easy for VAC To detect it.
For example, Let's say youre making a hack thats writing a value to a CVar .. r_drawothermodels for example. This will NOT trigger a vac ban because that CVar is in a .data section in the memory.

However if you write to CVars/Other values that are located inside of:
.text
.rdata

There is a high risk of you getting banned.

However if you're only reading from any of those sections, The risk of getting banned is not that high.

Thank you for sharing info on VAC! I am going to be learning as much as I can about it in the near future. If you have old, detected hooking methods, it would be cool for you to share them since they are useless now anyway!
 
Last edited:

ELExTrO

Newbie
Full Member
Dec 4, 2012
26
274
0
Valve Anti-Cheat (VAC)

So if you're wondering if your hacks are detected by VAC or not?

Well I am going to try to explain a few things about VAC That might help you out.

Internal Hacking:

If you have made a DLL Injection/Internal based hook hack that injects into the game, there is a bigger risk of you getting banned.

The cheat itself might not be detected but your INJECTION Method might be the reason your cheat would trigger a VAC Ban, Also if your cheat is using VTable Hooks, You may be banned by VAC. More Information
not at all as far as u dont modify the .text parts or do asm (w/o a bypass) ohh and ffs please crypt your strings :D

i use a vtable hook in 2 game L4D2 (left 4 dead 2) and Killing Floor both are vac protected games

C++:
int iDIRECT3D(void)
{

	
	HMODULE hD3D = NULL;

	do 
	{
		hD3D = GetModuleHandle("d3d9.dll");
		Sleep(100);
	} 
	while(!hD3D);


	DWORD_PTR *  pDevice = FindDevice((DWORD)hD3D);
    DWORD_PTR * Vtable = 0;
    *(DWORD_PTR *)&Vtable = *(DWORD_PTR *)pDevice;

	pReset					= (oReset)					DetourCreateE9((DWORD)VirtualFuncResolver(pDevice, &IDirect3DDevice9::Reset),(DWORD)myReset,6);
	pPresent				= (oPresent)				DetourCreateE9((DWORD)VirtualFuncResolver(pDevice, &IDirect3DDevice9::Present),(DWORD)myPresent,6);
	pDrawIndexedPrimitive	= (oDrawIndexedPrimitive)	DetourCreateE9((DWORD)VirtualFuncResolver (pDevice, &IDirect3DDevice9::DrawIndexedPrimitive), (DWORD)hkDrawIndexedPrimitive,12);//unhooked
	
	return 0;
}	




void MainProc(void)
{

	if(help.CheckVersion())
	{

m_Man->_CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)iDIRECT3D, NULL, NULL, NULL);
m_Man->_CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HackThread, NULL, NULL, NULL);





	Sleep(300);
	}

}




BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved){
switch(dwReason)
{
	case DLL_PROCESS_ATTACH:
		m_Man = new MemoryManage();
		m_Man->InitNtKExt();
		help.StarLog(hDll);
		help.HideDLL(hDll);
		help.EraseHeader(hDll);
	
		help.WriteLog("%s=>***********************************************",help.GetTime());
		help.WriteLog("%s=>*         | ELExTrO D3D Ho0ok Started |       *",help.GetTime());
		help.WriteLog("%s=>***********************************************",help.GetTime());
		help.WriteLog(" ");
		help.WriteLog("%s=> Starting Procedure...", help.GetTime() );
		help.WriteLog("%s=> Checking Version...", help.GetTime() );
		
		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)MainProc, NULL, NULL, NULL);		


		
	break;

	case DLL_PROCESS_DETACH:

	break;

}
return TRUE;
}


sorry cant get L4D2 screen at this time im on my laptop and it doesnt support L4D XD

External Hacking:

If you are making an External hack, The risk of getting banned is lower. However, There are things about External hacks that makes it very easy for VAC To detect it.
For example, Let's say youre making a hack thats writing a value to a CVar .. r_drawothermodels for example. This will NOT trigger a vac ban because that CVar is in a .data section in the memory.

However if you write to CVars/Other values that are located inside of:
.text
.rdata

There is a high risk of you getting banned.

However if you're only reading from any of those sections, The risk of getting banned is not that high.
actually reading/compareing(srry if its wrong term)/writing will trigger a detection, curious thing is how can u handle to read/compareing(memcmp)/writing ie if u directly read this sections will trigger a detection but there are few methods like not using same apis over and over again :D by the way external hacks can get detected as same as internal hacks

so in other words to be completly safe: Dont use public stuff, dont modify .rdata .text unless you are pretending to fully bypass VAC, test your stuff in free games such as TF2, if you pretend release to public protect your code as hell so it wont get patched so fast, use ring0 api´s, use low level SSDT hooks (wich is very hard) ^^ , FFS crypt your strings :p¨
 
Last edited:

brinkz

Coder
Meme Tier VIP
Sep 3, 2012
209
1,688
12
"Do Asm" ?
Using ASM for getting the spread e.g is perfectly fine.
And yeah VTable Hooks normally should be fine, but remember that VAC does not care as much about changes in d3d9.dll (if they care lol) as about changes in e.g client.dll or engine.dll
Releasing hooks to the public is never a good idea unless you are trying to sell the Cheat, but your points are pretty much true, yeah.
 

ELExTrO

Newbie
Full Member
Dec 4, 2012
26
274
0
"Do Asm" ?
Using ASM for getting the spread e.g is perfectly fine.
And yeah VTable Hooks normally should be fine, but remember that VAC does not care as much about changes in d3d9.dll (if they care lol) as about changes in e.g client.dll or engine.dll
Releasing hooks to the public is never a good idea unless you are trying to sell the Cheat, but your points are pretty much true, yeah.
what i mean with asm is writememory for example in CoD to make no recoil you do it with WriteMemmory wich overwrites the original bytes and that triggers a detection thought it was a bit clear srry for that
 

dem0

Newbie
Full Member
Aug 14, 2013
7
172
0
This is probably a dumb question, but how do I check what CVar is in which section?
I have a couple of addresses, but can't seem to find out how to check which section they are in.
 
Last edited:

WiTH

Jr.Coder
Full Member
Nobleman
May 24, 2012
58
458
1
This is probably a dumb question, but how do I check what CVar is in which section?
I have a couple of addresses, but can't seem to find out how to check which section they are in.

av0id
In ollydbg you can select the Memory map and check the section.
 

dem0

Newbie
Full Member
Aug 14, 2013
7
172
0
In ollydbg you can select the Memory map and check the section.
In Memory Map, I cant find the address in neither can I find anything related to client.dll. But there are some sections printed.
Screenshot:
wqU2cth.jpg
 

ELExTrO

Newbie
Full Member
Dec 4, 2012
26
274
0
In Memory Map, I cant find the address in neither can I find anything related to client.dll. But there are some sections printed.
Screenshot:
View attachment 1989
your executable might be packed or obfuscated to make it difficult to read try to use something like https://www.peid.info/ (however its in chinnese) or most recently try to use https://pid.gamecopyworld.com/ wich is updated, after you get what packer has been used, unpack your executable or dump it and try to debug the file again i would suggest to use IDA PRO with Hex Rays (latest version) as it makes life easier :D
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,188
12,638
76
Isn't that how people make vac bypass hacks (as well as some other anti-cheats)...well one method anyways.
Not exactly, but since vtable won't modify anything in the .text, those hooks aren't usually checked. Although vtable hooks are actually very easy to detect and can be done in many ways.
 

TastyHorror

Coder
Dank Tier Donator
Nobleman
Oct 11, 2012
179
2,268
9
Not exactly, but since vtable won't modify anything in the .text, those hooks aren't usually checked. Although vtable hooks are actually very easy to detect and can be done in many ways.
So they are not usually checked, but could be by vac or any other anti-cheat in many ways... is that what you mean?
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,188
12,638
76
So they are not usually checked, but could be by vac or any other anti-cheat in many ways... is that what you mean?
Yes, exactly. For example they could see where the virtual method pointer is pointing to (which module space), or hash the table and check for modifications, or deference it and then compare to a sig (battleye does that).. etc.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts