Yes, I agree with that, for example a program could check for the loading of the driver that has a vulnerability and then trigger some action. But I doubt that VAC will implement a technique like that any time soon.
- - - Updated - - -
*Couldn't Edit post so*
This is what such technique using user mode application would look like:
Remember, this program does not interfere with cs:go nor steam in any way.
Zer0Mem0ry
C/C++ Programmer, Youtuber, software enthusiast & hobbyist.
Donate: (bitcoin): 1JhSKGgRQmir8rRF4Sm5CP4fDDofKFAypd
Youtube: https://www.youtube.com/channel/UCDk...ariJF2Dn2j5WKA
Skype: virtual_coder
Because it's not a proactive anti cheat.
It's one of the best anti cheats taking in consideration that it's ring3, isn't proactive and cares about privacy.
- - - Updated - - -
If you're manually mapping your driver into kernel space, you are still in memory. Your driver is present in memory which can get detected, especially if you're using anything that can get caught easily such as strings etc.. Your driver is also running a thread just like any other application, as described in a thread about TDL on another forum already.
VAC is not a proactive anti cheat and therefore doesn't detect your driver unless they want to detect it. This though is the same for any other coded cheat, they won't detect it until you give them a reason to.
Because someone would have spotted it, and it likely would be in the uc wikia & all over different forums.
- - - Updated - - -
Well this was kind of what I was looking for, this technique would be undetected for as long as it wouldn't have so many users that valve would actually bother to take action against it.
- - - Updated - - -
VAC is still designed in the manner of being as profitable for valve as possible, and not for the interest of community / players. To be effective, it should actually have some heuristic capabilities, and not rely on human and signature based detection only.
Zer0Mem0ry
C/C++ Programmer, Youtuber, software enthusiast & hobbyist.
Donate: (bitcoin): 1JhSKGgRQmir8rRF4Sm5CP4fDDofKFAypd
Youtube: https://www.youtube.com/channel/UCDk...ariJF2Dn2j5WKA
Skype: virtual_coder
Yeah, of course. Valve developers are more professional and experienced of what you think they are, they are not like 10 guys from a random forum of cheats and hacks for games. I don't think they fear those '10 guys', and if they don't make the anti-cheat operative it means they are often busy to do something other.
In fact, as I was correctly thinking: https://en.wikipedia.org/wiki/Valve_Anti-Cheat#History
In February 2014, rumors spread that the system was monitoring websites users had visited by accessing their DNS cache. Gabe Newell responded via Reddit, clarifying that the purpose of the check was to act as a secondary counter-measure to detect kernel level cheats, and that it affected one tenth of one percent of clients checked which resulted in 570 bans
That dns cache analysis is merely a proof that VAC is interested about kernel mode cheats, something more specific is going to be needed. Also, obviously it does not do shit if the hack does not establish any connections to anywhere. I bet that there are some other techniques VAC uses to identify kernel level cheats, other than that (also it was later on removed). But I really doubt that VAC does have countermeasures against manually loaded drivers, as of this date.
Zer0Mem0ry
C/C++ Programmer, Youtuber, software enthusiast & hobbyist.
Donate: (bitcoin): 1JhSKGgRQmir8rRF4Sm5CP4fDDofKFAypd
Youtube: https://www.youtube.com/channel/UCDk...ariJF2Dn2j5WKA
Skype: virtual_coder