Modifying CSGO's memory from a dll, in another process (example antivirus)

**ZER0MEM0RY** · 06-14-2015

I Have some experience in C++ Programming, I am very familiar with the "debugger" type of hacks, which you run, they modify the game's memory and there you go. This method can be easily detected since vac can presumably see which process is writing/reading it's memory. But, what if i were to write my code in a dll, then force e.g an anti-virus program to load it to it's address space. Wouldn't it look like the anti-virus is modifying the game's memory? Do you have any experience about this method, is it easier or harder to detect? Thanks.

**PashaThePotato** · 06-14-2015

Puddin Poppin' used this method and his OpenGL WH is still undetected. He also made his own Subtle-Aimbot using the same method which was detected months later.

**Blueblood1** · 06-14-2015

Originally Posted by ZER0MEM0RY

I Have some experience in C++ Programming, I am very familiar with the "debugger" type of hacks, which you run, they modify the game's memory and there you go. This method can be easily detected since vac can presumably see which process is writing/reading it's memory. But, what if i were to write my code in a dll, then force e.g an anti-virus program to load it to it's address space. Wouldn't it look like the anti-virus is modifying the game's memory? Do you have any experience about this method, is it easier or harder to detect? Thanks.

VAC3 doesn't have/use heuristics scanning, only signature scanning. So no they can't see which process is reading/writing data to its memory. Also software to change and edit your DLL/Exe's signature is currently enough to get past VAC3. Even if the DLL was injected via Anti-Virus, VAC3 would scan the memory of the Anti-Virus and still find the signature of your DLL, It would do nothing to hide it. This may work if VAC3 used heuristics scanning and not signature scanning.

**ZER0MEM0RY** · 06-14-2015

Originally Posted by Blueblood1

VAC3 doesn't have/use heuristics scanning, only signature scanning. So no they can't see which process is reading/writing data to its memory. Also software to change and edit your DLL/Exe's signature is currently enough to get past VAC3. Even if the DLL was injected via Anti-Virus, VAC3 would scan the memory of the Anti-Virus and still find the signature of your DLL, It would do nothing to hide it. This may work if VAC3 used heuristics scanning and not signature scanning.

Thank you for clearing this up.

Thread: Modifying CSGO's memory from a dll, in another process (example antivirus)

Thread Tools

Display

Modifying CSGO's memory from a dll, in another process (example antivirus)

Similar Threads

[Solved] Abnormal Memory access from a dll by Xtrap

[B]is there a new update from wh.dll[/B]

[Help] New Update from WH.dll pls the LINK!!

[Help] Dealing with pointers from a dll

Help with hooking from a dll

Tags for this Thread