Skip to content

Changes assembly by adding extra instructions, these instructions don't change the end result of the register. We do this as vac scans for patterns of code, by changing the assembly, we make the pattern scanning harder for the anticheat. This is not a vac bypass, only should be used as a way to bypass the anti cheat whilst using other methods.

Notifications You must be signed in to change notification settings

b1gnout/Vac-Polymorphic

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

Valve Anti-Cheat Pattern Detection Mitigation

Here you can see the binaries when we add the inline polymorphic junk code. It makes any anticheats job harder as long as it searches for patterns or signatures inside of code. In addition, it doesnt change any values held in registers, it just adds a little bit of useless asm to make signature detection harder.

alt text

The way you use the procedure is you would call it now and again throughout your code, primarily on anything that would trigger signature detection such as OpenProcess(PROCESS_ALL_ACCESS, 0, TargetProc). Surround these procedures with the plymorphic, this makes it so much harder for the anticheat to find.

Although this method isn't perfect, it is much better than junk code. You should use this mitigation in addition with other things such as api hooks on the anticheat. This best serves for anticheats such as Valve-Anti-Cheat.

About

Changes assembly by adding extra instructions, these instructions don't change the end result of the register. We do this as vac scans for patterns of code, by changing the assembly, we make the pattern scanning harder for the anticheat. This is not a vac bypass, only should be used as a way to bypass the anti cheat whilst using other methods.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages