I don't think VAC works - Page 2

Antichrist XVII · 05-20-2012, 03:05 PM

You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.

Stryker7990 · 05-20-2012, 03:06 PM

Quote:

Originally Posted by wildfire678

My guess none, I do respect your loyalty to your son though. Perhaps he will return it one day.

Thank you wildfire678

Tito Shivan · 05-20-2012, 03:42 PM

Quote:

Originally Posted by Antichrist XVII

You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.

But a ticket doesn't work as a deterrent, you'll keep going over the speed limit...
Instead of faxing you a ticket, let's make the police put you in jail, sell your car and ban you from ever being able to buy or own another car, or use a highway.
That will teach you not to go over the speed limit

DarkLite123 · 05-20-2012, 03:50 PM

Quote:

Originally Posted by L.o.D.

And how is it supposed to catch the private hacks unless people submit said files? So unless you are submitting said files, you can't really complain since you are not helping to resolve the issue.
Is there even such a thing as a deterring anti-cheat?
Don't think so.

A bunch of things off the top of my head.

Check for HWBPs on key functions.
Check the bytes of various functions (memcpy/memcmp).
Enumerate threads and check for start addresses outside the .code section.
Check Ntdll/kernel32 imports for hooks.
Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.
Check if functions are called from outside the .code section.
VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

Stryker7990 · 05-20-2012, 04:04 PM

[QUOTE=DarkLite123;30833636]A bunch of things off the top of my head.

Check for HWBPs on key functions.
Check the bytes of various functions (memcpy/memcmp).
Enumerate threads and check for start addresses outside the .code section.
Check Ntdll/kernel32 imports for hooks.
Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.
Check if functions are called from outside the .code section.
VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

Great Post reply Darklite, At leasst you know what your talking about

L.o.D. · 05-20-2012, 04:06 PM

Quote:

Originally Posted by Stryker7990

LOD, How many were wrongly banned as well?

Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.

Stryker7990 · 05-20-2012, 04:12 PM

Quote:

Originally Posted by L.o.D.

Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.

Thanks for your answer there L.o.D i did'nt relise that happened

L.o.D. · 05-20-2012, 06:23 PM

Valve will always reverse a wrongful ban, when one is found to be wrongful. Which doesn't happen very often.

bha2597 · 05-20-2012, 08:29 PM

Vac works

book · 05-20-2012, 09:24 PM

Quote:

Originally Posted by DarkLite123

A bunch of things off the top of my head.

Check for HWBPs on key functions.
Check the bytes of various functions (memcpy/memcmp).
Enumerate threads and check for start addresses outside the .code section.
Check Ntdll/kernel32 imports for hooks.
Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.
Check if functions are called from outside the .code section.
VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

1. VAC already does that
2. VAC does that as well for game code
3. Now you're treading water. A lot of legitimate applications inject code at varying points and you can't just assume out of module execution is cheat code. Besides GetThreadContext can fail due to 3rd party software that is legitimate.
4. See above for concerns.
5. Uh... What? What does outside the .text section have to do with anything?
6. Uh... code execution branches... that's the point you know...
7. Check VAC. They've been doing this since 2006.

So, if you have anything NEW to add to the discussion feel free. VAC can detect some private hacks already because of their did you really think I was going to give it away code. Banning them however requires the hashes to be added to the database and blacklisted. Keep in mind we're talking hashes of individual functions, not entire memory regions.

kakkerlak · 05-20-2012, 11:38 PM

Quote:

Originally Posted by L.o.D.

Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.

it was longer ago with MW2 about 12000 got banned.

Tito Shivan · 05-21-2012, 12:16 AM

Quote:

Originally Posted by kakkerlak

it was longer ago with MW2 about 12000 got banned.

And were unbanned and gifted a L4D2 copy if i'm not mistaken.

kakkerlak · 05-21-2012, 12:19 AM

two copies , all gifts if you owned it.

NabsterHax · 05-21-2012, 10:44 AM

Quote:

Originally Posted by Misguided

It can't detect private cheats, which the vast majority of cheaters use. If VAC can't ban the majority of cheaters, than it isn't working. Vac doesn't even work as a deterrent, because everyone knows it doesn't catch Private cheats.

I'd just like to say that this is a ridiculous statement. You have no evidence of your claim that most cheaters use privately coded cheats.

VAC does work as a deterrent to those who don't know how to code their own cheats. Everyone knows it doesn't catch private cheats, but that doesn't mean everyone can create their own private cheats.

Without VAC, servers would be full to the brim with "download-and-go" cheats.

alexryden · 05-22-2012, 05:27 AM

There is also the fact that, as several people have mentioned, VAC is not supposed to be the only thing stopping cheaters. Server administrators are supposed to serve as a first line of defense, with VAC preventing them form coming back. MW3 does not use administrators, which means there is no one policing the games and looking for people who might be using hard to find hacks.

05-20-2012, 04:04 PM	#20
Stryker7990 Join Date: Jan 2010 Reputation: 17 Posts: 47	[QUOTE=DarkLite123;30833636]A bunch of things off the top of my head. Check for HWBPs on key functions. Check the bytes of various functions (memcpy/memcmp). Enumerate threads and check for start addresses outside the .code section. Check Ntdll/kernel32 imports for hooks. Get the LDR_MODULE lists from the PEB and check for modules outside the .code section. Check if functions are called from outside the .code section. VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path. There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not). Great Post reply Darklite, At leasst you know what your talking about

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-20-2012, 03:05 PM	#16
Antichrist XVII Join Date: Nov 2009 Reputation: 983 Posts: 3,424	You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.

05-20-2012, 06:23 PM	#23
L.o.D. Join Date: Apr 2006 Reputation: 1647 Posts: 22,671	Valve will always reverse a wrongful ban, when one is found to be wrongful. Which doesn't happen very often.

05-20-2012, 08:29 PM	#24
bha2597 Join Date: Aug 2011 Reputation: 2 Posts: 325	Vac works

05-21-2012, 12:19 AM	#28
kakkerlak Banned Join Date: Feb 2004 Reputation: 2165 Posts: 24,015	two copies , all gifts if you owned it.

05-22-2012, 05:27 AM	#30
alexryden Join Date: Apr 2011 Reputation: 19 Posts: 179	There is also the fact that, as several people have mentioned, VAC is not supposed to be the only thing stopping cheaters. Server administrators are supposed to serve as a first line of defense, with VAC preventing them form coming back. MW3 does not use administrators, which means there is no one policing the games and looking for people who might be using hard to find hacks.