The Truth About VAC Detection

[AsianNguyen]

Awesome post man, although seems like majority of people still do not understand this even though you simplified it so much. Much Props to you.

[MegaStaff]

Interesting to know how VAC system works in CS:GO Thanks for your post.

[RedBull53860]

I'm using the Unbreakable multihack source code, say I wanted to make it undetected, all I would need is a different signature? I've stripped out some of the features that I don't want to use and changed the binds. What else would I have to keep it UD?
The hack also has different hashes, but apparently that makes no difference.

[Giertek]

What is the easiest way to change signature?

[Quanto]

so enigma vmprotect and thermida can be detected too?

[rwby]

so enigma vmprotect and thermida can be detected too?

Yes. // 2short

[INAX93]

i don't use cheats and do not make neither but its a good info to have thanks for it

[TheMostHated]

Fascinating post... thanks!

[Dantelius]

what if i use both enigma and vmware. will that work and if so, will it make it more undetected or more detectable?

[[MPGH]Ahl]

what if i use both enigma and vmware. will that work and if so, will it make it more undetected or more detectable?

It will make it less detectable. Honestly, just find a hack that uses polyloader and you should be better off as it changes the signature everytime the hack is loaded.

However, that doesn't mean Overwatch won't detected. Also Untrusted bans can easily happen to you if you decide to use a hack that is outdated where the offsets are incorrect.

[nullptr_t]

Signature scanning works by scanning the RAM (all the running processes)

This is not actually how it works, VAC never dumps / sigscans the whole RAM of the system, this would be considered really intrusive.

Instead VAC looks for processes that has opened HANDLEs to games protected by it. Only when process meets such a requirement, the process is scanned and or sent for further analysis by VAC.

[VirtualRoot]

Technically speaking, it is scanning your virtual memory which contains data of frames from your physical memory and your harddrive (on disk).
So in a way, it kinda is scanning your game-memory and processes that have access to the game's memory address space. But only the game's virtual memory pages and the memory pages of processes that tries to access the game's memory.
That is the main reason as to why inserted data in the game oftenly triggers detection if not cleaned up properly.

"A virtual page is 2k consecutive bytes, which is super word-aligned. This is the page the program thinks it is dealing with. This page can either be in RAM (physical memory) and/or disk."

So yeah, we're already "invasive", the question is where we're invasive. There's a difference between being intrusive inside your own game and being intrusive to your system. ESEA is intrusive to your system in the way where it encorporates its scans onto your kernel memory and user-mode memory.

[hackerboy2211]

So if I use Enigma on a downloaded public cheat exe do I not have to add junk code as you said it before? Because you said to someone that he shoudlnt fuck up the junk code?!

[OptimumLevel]

So if I use Enigma on a downloaded public cheat exe do I not have to add junk code as you said it before? Because you said to someone that he shoudlnt fuck up the junk code?!

Enigma doesn't do shit

[manuelsantos92]

nice Tutorial! I will make cheat own