VAC is located in steam(not in the actual game), it uses a variety of APIs to detect your hack(ReadProcessMemory, Module32First/next and ALOT more).
Patching things in the .text section leads to detection, so only write to memory in the .data section
Also, unlinking your module is not enough, gotta destroy the PE and everything else that could possibly indicate an injected dll(you could try writing the functions you want to use to the .data section and creating a remote thread)
Ah we-a blaze the fyah, make it bun dem!
The Following User Says Thank You to Hell_Demon For This Useful Post: