If you have to ask how to use this or what it does or what it is for, then this isn't for you.
You could reverse all of Battleye's scans enough to read the sig tables out of memory and scan yourself with them (I did)
OR
You could just check the detection value and be done with it. The detection value is set after a scan matches a sig. It's obfuscated so you can't just read the value, you have to de-obfuscate it. But once you can read it, you can close before a detection report is sent to the server by crashing if the detection value is not equal to zero. This works for the main scans but not the script scan. This also doesn't stop the hook reporting scan or the self integrity scan.
Sometimes the detection value is garbled in memory while BE is loading, but the size of the output buffer (what BE sends reports in) seems to get set to 0 pretty early on, so I check both. There's a little bit of a race condition as it's theoretically possible for a detection to happen right before the server requests a report, and you don't get the detection value checked before that report is sent, but it is unlikely.
Test your code by launching 64 bit Cheat Engine. If your shit aborts, you're good. If you get kicked, you done goofed.
Code:
#define BYTEn(x, n) (*((BYTE*)&(x)+n))
GHBE = GetModuleHandle(TEXT("BEClient.dll"));
int outputBufferSize = *(int *)((int)GHBE + 0x241E8);
int *random = (int *)((int)GHBE + 0x207B8);
unsigned __int16 detected_o = *(int *)((int)GHBE + 0x2354C);
unsigned __int16 d1 = (*random & ((BYTEn(*random, 3)) | (~(BYTEn(*random, 1))))) << 8;
int detected = (unsigned __int16)(detected_o ^ d1 ^ (unsigned __int16)(-23920 * (*random) + *((BYTE *)random + 204 * (*random) % 3)));
if(detected && outputBufferSize)
{
thatShit.abort();
}
tl;dr: You can stop detections before they're sent to Battleye and save yourself a ban