Stop battleye detections/simple self-scanner

[Douggem]

If you have to ask how to use this or what it does or what it is for, then this isn't for you.

You could reverse all of Battleye's scans enough to read the sig tables out of memory and scan yourself with them (I did)

OR

You could just check the detection value and be done with it. The detection value is set after a scan matches a sig. It's obfuscated so you can't just read the value, you have to de-obfuscate it. But once you can read it, you can close before a detection report is sent to the server by crashing if the detection value is not equal to zero. This works for the main scans but not the script scan. This also doesn't stop the hook reporting scan or the self integrity scan.

Sometimes the detection value is garbled in memory while BE is loading, but the size of the output buffer (what BE sends reports in) seems to get set to 0 pretty early on, so I check both. There's a little bit of a race condition as it's theoretically possible for a detection to happen right before the server requests a report, and you don't get the detection value checked before that report is sent, but it is unlikely.

Test your code by launching 64 bit Cheat Engine. If your shit aborts, you're good. If you get kicked, you done goofed.

Code:

#define BYTEn(x, n)   (*((BYTE*)&(x)+n))

GHBE = GetModuleHandle(TEXT("BEClient.dll"));
int outputBufferSize = *(int *)((int)GHBE + 0x241E8);
int *random = (int *)((int)GHBE + 0x207B8);

unsigned __int16 detected_o = *(int *)((int)GHBE + 0x2354C);
unsigned __int16 d1 = (*random & ((BYTEn(*random, 3)) | (~(BYTEn(*random, 1))))) << 8;					

int detected = (unsigned __int16)(detected_o ^ d1 ^ (unsigned __int16)(-23920 * (*random) + *((BYTE *)random + 204 * (*random) % 3)));

if(detected && outputBufferSize)
	{
		thatShit.abort();
	}

tl;dr: You can stop detections before they're sent to Battleye and save yourself a ban

[xCyberxx]

Omfgggg... This is FUCKING AWESOME DOUGGEM! +REPPPP OMG THANK YOU SO MUCH

[dayzxhackerx]

how to use it?

[Hammy2]

how to use it?

LOL did not read
"If you have to ask how to use this or what it does or what it is for, then this isn't for you. "

[dayzxhackerx]

LOL did not read
"If you have to ask how to use this or what it does or what it is for, then this isn't for you. "

genius..

[eth0]

Thanks for posting so it gets fixed soon.

[`Rejected]

Someone please explain to me how to do this haha me newb

[`Rejected]

LOL did not read
"If you have to ask how to use this or what it does or what it is for, then this isn't for you. "

I did read it and I still dont know how to do it... I want to know how so in the future I can do it by myself dickhead.

[NoFriend]

I did read it and I still dont know how to do it... I want to know how so in the future I can do it by myself dickhead.

Sorry bro, it's a source code, you need to know something about coding to use it ....
Learn how to code, you'll understand what this is !

[uhZylon]

People are all like " Yeah Thanks For This Best Thing Ever" When it's quite likely they have no idea how to use it.
@Douggem So This should allow me to run a program that has already has been detected by signature scans without Battleye knowing?

[Douggem]

No.

This will let you have your program crash in the event of a detection, before the report is sent to the server, avoiding a ban.

[hidudeshi]

Explaining how to do this shit for nooblets would be a good way to feel good that you helped alot of people.

[asher940]

Thanks man really helpful

[Lystic]

Guys douggem doesn't NEED to explain anything, Its his choice, AND If you do NOT understand it then there is no point in you viewing this thread anymore.

I know how to use this so thank you douggem for sharing

[masterjake912]

Omfgggg... This is FUCKING AWESOME DOUGGEM! +REPPPP OMG THANK YOU SO MUCH

Ok i was a little tired and pissed off that i was getting banned often ik that infistar X is obviously not undetected i was just skipping to random Conclusions on why it wouldn't work with cheat engine