Originally Posted by
WasserEsser
Many legit processes read and write memory from other processes. A legit process could utilize ProcMem, hence it's not going to get sigged.
You have to understand how the compiler generates the underlying assembly from your source code to know why it has a different signature even though it kind of works the same. Different compiler options and different compilers in general generate different assembly code. That's why signature scanning is so effective without having false positives. You can detect individual binaries with the signature scanning technique.
No one else than valve knows if they get multiple signatures out of one file or if they get one signature. I personally think they read the entire file and use some algorithm to break it down into a 32 byte or whatever long unique identifier.
It doesn't make any sense to use polyloader with a cheat which you won't share with the public.