Go Back   Steam Users' Forums > Steam Discussions > VAC Discussion

Closed Thread
 
Thread Tools Display Modes
Old 05-20-2012, 03:05 PM   #16
Iconoclast XVII
 
 
 
Join Date: Nov 2009
Reputation: 1802
Posts: 4,516
You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.
Iconoclast XVII is offline  
Old 05-20-2012, 03:06 PM   #17
Stryker7990
 
 
 
Join Date: Jan 2010
Reputation: 17
Posts: 47
Quote:
Originally Posted by wildfire678 View Post
My guess none, I do respect your loyalty to your son though. Perhaps he will return it one day.
Thank you wildfire678
Stryker7990 is offline  
Old 05-20-2012, 03:42 PM   #18
Tito Shivan
 
 
 
Join Date: Oct 2010
Reputation: 3384
Posts: 9,025
Quote:
Originally Posted by Antichrist XVII View Post
You know, when I drive, I speed. I've been speeding for years. Actually, I've been speeding ever since I got that car. I have yet to get pulled over for it. It's not like the second I go over the speed limit, I get faxed a ticket. Kinda like how VAC won't instantly ban anyone who is using a cheat.
But a ticket doesn't work as a deterrent, you'll keep going over the speed limit...
Instead of faxing you a ticket, let's make the police put you in jail, sell your car and ban you from ever being able to buy or own another car, or use a highway.
That will teach you not to go over the speed limit
Tito Shivan is offline  
Old 05-20-2012, 03:50 PM   #19
DarkLite123
 
 
 
Join Date: May 2010
Reputation: 2641
Posts: 1,885
Quote:
Originally Posted by L.o.D. View Post
And how is it supposed to catch the private hacks unless people submit said files? So unless you are submitting said files, you can't really complain since you are not helping to resolve the issue.
Is there even such a thing as a deterring anti-cheat?
Don't think so.
A bunch of things off the top of my head.
  • Check for HWBPs on key functions.
  • Check the bytes of various functions (memcpy/memcmp).
  • Enumerate threads and check for start addresses outside the .code section.
  • Check Ntdll/kernel32 imports for hooks.
  • Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.
  • Check if functions are called from outside the .code section.
  • VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).
DarkLite123 is offline  
Old 05-20-2012, 04:04 PM   #20
Stryker7990
 
 
 
Join Date: Jan 2010
Reputation: 17
Posts: 47
[QUOTE=DarkLite123;30833636]A bunch of things off the top of my head.
  • Check for HWBPs on key functions.
  • Check the bytes of various functions (memcpy/memcmp).
  • Enumerate threads and check for start addresses outside the .code section.
  • Check Ntdll/kernel32 imports for hooks.
  • Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.
  • Check if functions are called from outside the .code section.
  • VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).

Great Post reply Darklite, At leasst you know what your talking about
Stryker7990 is offline  
Old 05-20-2012, 04:06 PM   #21
L.o.D.
 
Join Date: Apr 2006
Reputation: 1647
Posts: 22,671
Quote:
Originally Posted by Stryker7990 View Post
LOD, How many were wrongly banned as well?
Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.
L.o.D. is offline  
Old 05-20-2012, 04:12 PM   #22
Stryker7990
 
 
 
Join Date: Jan 2010
Reputation: 17
Posts: 47
Quote:
Originally Posted by L.o.D. View Post
Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.
Thanks for your answer there L.o.D i did'nt relise that happened
Stryker7990 is offline  
Old 05-20-2012, 06:23 PM   #23
L.o.D.
 
Join Date: Apr 2006
Reputation: 1647
Posts: 22,671
Valve will always reverse a wrongful ban, when one is found to be wrongful. Which doesn't happen very often.
L.o.D. is offline  
Old 05-20-2012, 08:29 PM   #24
bha2597
 
 
 
Join Date: Aug 2011
Reputation: 2
Posts: 330
Vac works
bha2597 is offline  
Old 05-20-2012, 09:24 PM   #25
book
 
Join Date: Jul 2007
Reputation: 12
Posts: 139
Quote:
Originally Posted by DarkLite123 View Post
A bunch of things off the top of my head.
  • Check for HWBPs on key functions.
  • Check the bytes of various functions (memcpy/memcmp).
  • Enumerate threads and check for start addresses outside the .code section.
  • Check Ntdll/kernel32 imports for hooks.
  • Get the LDR_MODULE lists from the PEB and check for modules outside the .code section.
  • Check if functions are called from outside the .code section.
  • VirtualQueryEx to go through regions, GetMappedFileName on MEM_IMAGE regions and check the module file path.

There's a huge range of things that can be done to spot hacks, even without checksums of the actual injected code. Unfortunately, there's an even bigger range of things that can be done to hide them (since the hacker has total control over the system, while the anticheat does not).
1. VAC already does that
2. VAC does that as well for game code
3. Now you're treading water. A lot of legitimate applications inject code at varying points and you can't just assume out of module execution is cheat code. Besides GetThreadContext can fail due to 3rd party software that is legitimate.
4. See above for concerns.
5. Uh... What? What does outside the .text section have to do with anything?
6. Uh... code execution branches... that's the point you know...
7. Check VAC. They've been doing this since 2006.

So, if you have anything NEW to add to the discussion feel free. VAC can detect some private hacks already because of their did you really think I was going to give it away code. Banning them however requires the hashes to be added to the database and blacklisted. Keep in mind we're talking hashes of individual functions, not entire memory regions.

Last edited by book: 05-20-2012 at 09:32 PM.
book is offline  
Old 05-20-2012, 11:38 PM   #26
kakkerlak
 
Banned
Join Date: Feb 2004
Reputation: 2165
Posts: 24,009
Quote:
Originally Posted by L.o.D. View Post
Depends on what you define as "wrongly".
VAC "wrongly" banned thousands of people last year in MW3 due to an unsigned file issue caused by steam itself.
VAC caught the issue and banned people thereafter.
But Valve caught it & reversed said bans.
it was longer ago with MW2 about 12000 got banned.
kakkerlak is offline  
Old 05-21-2012, 12:16 AM   #27
Tito Shivan
 
 
 
Join Date: Oct 2010
Reputation: 3384
Posts: 9,025
Quote:
Originally Posted by kakkerlak View Post
it was longer ago with MW2 about 12000 got banned.
And were unbanned and gifted a L4D2 copy if i'm not mistaken.
Tito Shivan is offline  
Old 05-21-2012, 12:19 AM   #28
kakkerlak
 
Banned
Join Date: Feb 2004
Reputation: 2165
Posts: 24,009
two copies , all gifts if you owned it.
kakkerlak is offline  
Old 05-21-2012, 10:44 AM   #29
NabsterHax
 
 
 
Join Date: Aug 2008
Reputation: 336
Posts: 1,971
Quote:
Originally Posted by Misguided View Post
It can't detect private cheats, which the vast majority of cheaters use. If VAC can't ban the majority of cheaters, than it isn't working. Vac doesn't even work as a deterrent, because everyone knows it doesn't catch Private cheats.
I'd just like to say that this is a ridiculous statement. You have no evidence of your claim that most cheaters use privately coded cheats.

VAC does work as a deterrent to those who don't know how to code their own cheats. Everyone knows it doesn't catch private cheats, but that doesn't mean everyone can create their own private cheats.

Without VAC, servers would be full to the brim with "download-and-go" cheats.
NabsterHax is offline  
Old 05-22-2012, 05:27 AM   #30
alexryden
 
Join Date: Apr 2011
Reputation: 19
Posts: 179
There is also the fact that, as several people have mentioned, VAC is not supposed to be the only thing stopping cheaters. Server administrators are supposed to serve as a first line of defense, with VAC preventing them form coming back. MW3 does not use administrators, which means there is no one policing the games and looking for people who might be using hard to find hacks.
alexryden is offline  
Closed Thread

Go Back   Steam Users' Forums > Steam Discussions > VAC Discussion


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -7. The time now is 02:10 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site Content Copyright Valve Corporation 1998-2012, All Rights Reserved.