Joined: 17 Feb 2008 Posts: 524 Location: Inside the Intel CET shadow stack
Posted: Fri Aug 14, 2009 9:23 am Post subject: Theory of bypassing anti-cheat
I'm interested in how bypassing anti-cheat systems work. I've seen people hooking CreateProcess to stop the execution of the anti-cheat, and hooking functions that the anti-cheat uses in order to fake results, but that's about all.
I noticed Dark Byte mentioned that GG might look at the file that a module was loaded from - would it be possible to copy that module to a random place, inject it into the application, remove the file handle, then delete the file? The module would be loaded into memory, so it shouldn't cause a problem, right?
Also, would it not be possible to create something that runs in the kernel that masks the loaded modules in a process?
I suppose my question is what are the most commonly used methods to break anti-cheat? _________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
In my mind, there are three ways to bypass an anti-cheat system. Pick one, and stick to one. Mixing and matching just ends badly.
Be Passive: Don't do anything noticable or extreme. Manually loading a module into a processes memory (after rebasing it and such in your own process) is a good example of this. Another passive method is copying the kernel beforehand to bypass their hooks.
Be Aggressive (B-E-AGGRESSIVE): Hooks, hooks, and more hooks. Do everything you can to stop the anti-cheat from working properly. The main difference between this and above, is that with this method you are targeting the anti-cheat, whereas above you are just trying to run under the radar. Did I mention you use a lot of hooks?
Emulate It: Completely reverse the anti-cheat and build the heartbeat generator from the ground up. Best one of the three, but the hardest to pull off.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum