Why Does Not Enimga/VMProtect Actually Make Your Cheats VAC Proof?

[nullptr_t]

You hear this a lot here on the forums, but nobody ever actually explain why.

[Hunter]

/Moved to the correct section.

[WasserEsser]

VAC doesn't necessarily have to scan running executables.

Enigma is virtualizing parts of the code by encrypting them and on a later date decrypting them when necessary.
This technique is useless when a static analysis aka read from disk analysis is used, since the bytes are the same.
VAC can just look up the file path of the executable and load your file into memory from disk, signature scan over it and catch you.

You can't delete files while they are being executed, which means you couldn't delete executables or dynamic link libraries. This means the only way you could actually try to escape it is by manual mapping bytes into csgo. Valve knows which application has written bytes to CSGO, so they could look for the loader. If they can't find it because you deleted it, they can simply issue the widely known "An issue with your computer is blocking the VAC system." error. If they find your loader, they could simply sig scan that one.

VAC isn't banning you for having files on your computer, they are banning you for having files running while you are connected to a VAC secure server. But if the loader isn't running while being connected to a VAC secure server, why are people still getting banned? Well, they can see that you have bytes mapped into CSGO that aren't supposed to be there while being connected to a VAC secure server. By scanning over those bytes, they can identify ( even if it's encrypted by enigma ) the bytes and know which file mapped the bytes into CSGO.



The above is only an example of signature scanning. VAC has a lot more to offer when it comes down to detecting cheats, they simply just don't use their full potentional on free cheats. When it comes down to detecting paid cheats, they have a wide set of features they can use to detect those.

[Hunter]

That's pretty much it, there isn't really anything else to discuss.

/Closed.