Procmem -Signature

[antep2727]

Hey,

i just started into Csgo hacking and came accross procmem. Can i just copypaste it into my cheat, or can it get detected too by VAC since the signature is probably detected (?).

[4773n0x]

If you're worried about VAC, why not just make your own memory class? You will learn much more instead of just copy pasting and it isn't difficult to do anyway. Just get the process handle with FindWindow and GetWindowThreadProcessId. Then just make templates for reading and writing memory. Simple stuff.

[WasserEsser]

Can it get detected by VAC? - Yes.
Is it likely that they detect you because you're using ProcMem? - No.

As said before, just make your own.

[antep2727]

Can it get detected by VAC? - Yes.
Is it likely that they detect you because you're using ProcMem? - No.

As said before, just make your own.

there is still something i dont understand. I looked up many sources and people either copy pasted the procmem or made a 5% change to it. Why is VAC not generating a signature out of procmem that would detected 90% of hacks on mpgh?

Also i was trying to understand how glow esp worked and again i see people doing the nearly exact step others have done in their hacks such as copying the same classes and structs for glowesp (most of the time the code was just 10% different). Why does this work? Is vac not making more than 1 signature out of a hack (1 signature of complete hack?)?

Also does it make sense to utilize the polyloader with your self coded hack?

[WasserEsser]

there is still something i dont understand. I looked up many sources and people either copy pasted the procmem or made a 5% change to it. Why is VAC not generating a signature out of procmem that would detected 90% of hacks on mpgh?

Many legit processes read and write memory from other processes. A legit process could utilize ProcMem, hence it's not going to get sigged.

Also i was trying to understand how glow esp worked and again i see people doing the nearly exact step others have done in their hacks such as copying the same classes and structs for glowesp (most of the time the code was just 10% different). Why does this work? Is vac not making more than 1 signature out of a hack (1 signature of complete hack?)?

You have to understand how the compiler generates the underlying assembly from your source code to know why it has a different signature even though it kind of works the same. Different compiler options and different compilers in general generate different assembly code. That's why signature scanning is so effective without having false positives. You can detect individual binaries with the signature scanning technique.

No one else than valve knows if they get multiple signatures out of one file or if they get one signature. I personally think they read the entire file and use some algorithm to break it down into a 32 byte or whatever long unique identifier.

Also does it make sense to utilize the polyloader with your self coded hack?

It doesn't make any sense to use polyloader with a cheat which you won't share with the public.

[antep2727]

Many legit processes read and write memory from other processes. A legit process could utilize ProcMem, hence it's not going to get sigged.



You have to understand how the compiler generates the underlying assembly from your source code to know why it has a different signature even though it kind of works the same. Different compiler options and different compilers in general generate different assembly code. That's why signature scanning is so effective without having false positives. You can detect individual binaries with the signature scanning technique.

No one else than valve knows if they get multiple signatures out of one file or if they get one signature. I personally think they read the entire file and use some algorithm to break it down into a 32 byte or whatever long unique identifier.



It doesn't make any sense to use polyloader with a cheat which you won't share with the public.

In the case of public poly hacks how do you think vac is detecting those? Scanning for Md5, Window Title or more (complex) signatures out of original cheat (without the polymorphism features)?

[WasserEsser]

In the case of public poly hacks how do you think vac is detecting those? Scanning for Md5, Window Title or more (complex) signatures out of original cheat (without the polymorphism features)?

I have never used poly hacks, but i assume that people that have compiled poly hacks themself have not been banned.
They can ban people for using a publicly available binary, but they can't ban people that compile the cheat themself ( unless the randomization of poly loader is predictable ). If they wanted to, they could download the source code and specifically signature scan the parts that are not randomized by poly loader.

[Graaff]

Also it should be mentioned here that function names are being removed from binary at compile time.

[antep2727]

Also it should be mentioned here that function names are being removed from binary at compile time.

Yes i know that, but thanks

[Hunter]

Believe this has been solved.

/Closed.