Question Reflecting on first VAC Ban

[SPQR]

Game Name

CS GO

Anticheat

VAC

How long you been coding/hacking?

6 months

Coding Language

C++

After writing some more cheats for cs go, I thought it'd finally be fun to try and see if I could take any of the cheats online.

I decided to try and create a skinchanger that I could use online, as that wouldn't cause any issues regarding an overwatch ban.

...And I got banned after a day

I followed the 5 simple steps from how to bypass VAC, but obviously I did something wrong, so I want to ask a few questions to get an idea of where the problem could have been.

Hooks:

1. How far should you hook with a mid-function hook?
I used mid-function hooks for the CS GO functions I hooked, and used NtProtectVirtualMemory over the regular VirtualMemory as I've read that VAC hooks VirtualProtect.
However, sometimes I only hooked 12 bytes into the function, rather than farther in. Is this bad practice or should I have been fine going 12 bytes into the function?

2. How much would using GetModuleHandle affect it?
I didn't even realize I had done this, but I used GetModuleHandle when that's an obvious function that VAC hooks. So that was stupid.
I wrote all of this code myself (besides the fact that it is based on many concepts I've learned from GH) and I'm wondering whether overlooking
this small detail would have caused the ban.

3. Would using FindWindow and SetWindowLongPtr have caused a crash?
I used these functions when setting up imGui, and I'm wondering whether I should have opted for a stealthier option.

Console:

1. Does using a console affect detection? I'd assume not, but want to be sure. I used the console to initially debug some problems specific to MM.

Injection:

1. Does the time of injection matter?
I wasn't able to auto-inject right on game start, so I decided to try to just inject while I was already in-game. I had read a post from 2016 under the Bypass VAC thread that you should inject before, but reading around recent threads it didn't seem to be of great importance for many people, so I thought I'd just try it.

2. Should uninjecting a manually mapped DLL crash your game?
I've read that you can't just use FreeLibraryAndExitThread() to properly exit a manually mapped dll, yet I used it and found that my game never crashed so I just put off properly implementing manually mapped uninjection until later. I'm assuming this doesn't pertain to the ban but was curious anyway.

Going for Round Two

- How much needs to be changed for the cheat's signature to be different than the last one?
This isn't the worst thing since my code is shit anyways and could use rewriting, but definitely want an idea of what needs to be changed to ensure the signature is different.

I don't expect all of these questions to be answered for me without any work on my end, but I thought I'd organize them here for anyone that knows the answer immediately to some of the questions as these are what I'm going to be looking into in the coming weeks to figure out where I went wrong.

Thank you for any feedback for this troglodyte who failed to bypass VAC

Not sure whether to label this as Q&A or discussion since there likely won't be a straightforward answer, but I'll set it to Q&A for now.

 

[Rake]

I don't think any of this bullshit you're mentioning caused your ban, I think you got banned for something else you did earlier.

This has been the case almost every time someone starts this line of questioning.

People have been hacking for years and never had any problem. Typically people make a stupid mistake that they overlook that is the actual cause for the ban.

 

[SPQR]

I don't think any of this bullshit you're mentioning caused your ban, I think you got banned for something else you did earlier.

This has been the case almost every time someone starts this line of questioning.

People have been hacking for years and never had any problem. Typically people make a stupid mistake that they overlook that is the actual cause for the ban.

Before I tried this I was launching in insecure mode, and haven't went out of insecure mode until yesterday.

Does insecure still flag your account for suspicious activity when you're testing cheats in insecure mode? I just assumed nothing would happen when I stopped using insecure and it'd be just like a fresh account, but I suppose that's a stupid assumption.

 

[Kix]

Before I tried this I was launching in insecure mode, and haven't went out of insecure mode until yesterday.

Does insecure still flag your account for suspicious activity when you're testing cheats in insecure mode? I just assumed nothing would happen when I stopped using insecure and it'd be just like a fresh account, but I suppose that's a stupid assumption.

It definitely could cause a flag of some sort. Unfortunately, these days ppl spew misinformation out of their butts trying to impress others so I don't know much truthful info on it. Maybe somebody more experienced with csgo can answer. I know it won't ban you if you play legit because I used insecure mode back when I cheated in it but was fine online with no hacks.

 

[SPQR]

It definitely could cause a flag of some sort. Unfortunately, these days ppl spew misinformation out of their butts trying to impress others so I don't know much truthful info on it. Maybe somebody more experienced with csgo can answer. I know it won't ban you if you play legit because I used insecure mode back when I cheated in it but was fine online with no hacks.

Yeah, pinning down something like this is damn near impossible.
I guess it's good to know there's a decent chance I didn't write anything too stupid regarding the code and just made a stupid decision like this somewhere.

 

[Braindrool]

It definitely could cause a flag of some sort. Unfortunately, these days ppl spew misinformation out of their butts trying to impress others so I don't know much truthful info on it. Maybe somebody more experienced with csgo can answer. I know it won't ban you if you play legit because I used insecure mode back when I cheated in it but was fine online with no hacks.

Strictly a rumor, but I've heard CSGO trust factor can be affected by -insecure mode. Can not prove or disprove

 

[Kix]

Strictly a rumor, but I've heard CSGO trust factor can be affected by -insecure mode. Can not prove or disprove

Yup I heard that too but I didn't want to be apart of the spreading (Not saying you are)

 

[SPQR]

Strictly a rumor, but I've heard CSGO trust factor can be affected by -insecure mode. Can not prove or disprove

What's interesting is you'd think this would be true, but when I queued with friends for MM, it actually didn't say my trust factor was significantly lower. Maybe it just secretly marks it down though.

Even then, unless low trust factor causes VAC to scan memory more strictly, it should only influence whether you get into the overwatch queue.

Although like you said this is all speculation so this is definitely bad info to go off of.

 

[Kekz]

I highly doubt it has anything to do with your hooks or a console, with my first CSGO cheat I did all the things you said you tried to avoid and only got banned after 1 month (Tested stuff with -insecure and also played on official servers daily). The only thing I did differently is injecting immediately after starting the game.
As I understand it, FreeLibraryAndExitThread shouldn't crash your game, it just won't free your memory and only do the ExitThread part.
You were probably just unlucky, may have been flagged previously. Also did you play competitive or casual (Deathmach etc...). In the 1 month I mentioned earlier I mostly played on Deathmatch servers and only started playing competitve in the last 7 - 12 days.
Did you use GH Injector and if so what were your settings?
You could try to clear some of the hooks that VAC places: Guide - How To Bypass VAC Valve Anti Cheat Info
Or just use a public bypass danielkrupinski/VAC-Bypass (don't know if it still works, haven't done anything CSGO related in half a year)

 

[Lars]

Strictly a rumor, but I've heard CSGO trust factor can be affected by -insecure mode. Can not prove or disprove

In July of 2020 Valve rolled out the "trusted mode" update.
It says the following:

— To allow third party software to interact with CS:GO, you can start the game with the -untrusted launch option. Note that in this case your Trust score may be negatively affected.

It doesn't mention -insecure affecting your trustfactor. But it does mention the -untrusted launch option.
This is probably where people got the "rumors" from.
I am assuming OP got VAC banned, so it can't be anything with -insecure or -untrusted.

 

[SPQR]

I highly doubt it has anything to do with your hooks or a console, with my first CSGO cheat I did all the things you said you tried to avoid and only got banned after 1 month (Tested stuff with -insecure and also played on official servers daily). The only thing I did differently is injecting immediately after starting the game.
As I understand it, FreeLibraryAndExitThread shouldn't crash your game, it just won't free your memory and only do the ExitThread part.
You were probably just unlucky, may have been flagged previously. Also did you play competitive or casual (Deathmach etc...). In the 1 month I mentioned earlier I mostly played on Deathmatch servers and only started playing competitve in the last 7 - 12 days.
Did you use GH Injector and if so what were your settings?
You could try to clear some of the hooks that VAC places: Guide - How To Bypass VAC Valve Anti Cheat Info
Or just use a public bypass danielkrupinski/VAC-Bypass (don't know if it still works, haven't done anything CSGO related in half a year)

Interesting.

I played competitive day one of finishing up the cheat.

I ended up using Extreme Injector with manual mapping, stealth inject, and erase PE.
The GH injector has been really finicky for me regarding manual mapping. It works after I've already injected with extreme injector but never on its own.

I didn't think I needed to hide the module or scramble, but is that actually not the case? When I was looking up settings, those options didn't seem necessary, but maybe I just didn't research enough.

In July of 2020 Valve rolled out the "trusted mode" update.
It says the following:

It doesn't mention -insecure affecting your trustfactor. But it does mention the -untrusted launch option.
This is probably where people got the "rumors" from.
I am assuming OP got VAC banned, so it can't be anything with -insecure or -untrusted.

Yes, I got VAC banned.

I did get banned by both VAC and overwatch, so I'm wondering: is that normal?

It only lists a VAC ban on my account but I received 2 messages.

Not sure why I would have gotten overwatch banned unless a ton of people judged that because I sat in spawn at the start and played decently well that I was cheating, which I guess isn't an unfair assessment but I wouldn't assume it would happen so fast and be accompanied alongside a VAC ban.