VAC3 appears to be here. Valve is apparently streaming code to steam now.
They're manual mapping now instead of using LoadLibrary as they did with VAC2.
As for how it is loaded, they are streaming it on connection to a secure server
It appears to be active in Source Engine games, COD games, streamed from SteamService.dll in steam.exe.
runfunc appears to be the meat of the deal
edit// looks like they changed from crc to md5 to verifiy the file integrity
edit2//active since november in black ops and other games alongside with vac2. probably still in testing
dumped vac3.dll attached
thx to wav & GD
DONT ASK IF THIS OR THAT HACK IS DETECTED DUE TO THIS CHANGE!
We dont know it yet, i will keep this Thread up-to-date
They're manual mapping now instead of using LoadLibrary as they did with VAC2.
As for how it is loaded, they are streaming it on connection to a secure server
It appears to be active in Source Engine games, COD games, streamed from SteamService.dll in steam.exe.
runfunc appears to be the meat of the deal
edit// looks like they changed from crc to md5 to verifiy the file integrity
edit2//active since november in black ops and other games alongside with vac2. probably still in testing
Quote:Couple pieces of news, VAC3 does direct syscalls, namely:
ZwOpenProcess
ZwQueryVirtualMemory
ZwReadProcessMemory
ZwQuerySystemInformation
ZwQueryInformationProcess
ZwClose
The actual code to do the syscalls resides in VAC3 itself.
As for the scan packet sent from the server, it appears the decrypt Ice Key is sent along with it and the packet is validated with CRC32_ProcessBuffer from the SDK.
dumped vac3.dll attached
thx to wav & GD
DONT ASK IF THIS OR THAT HACK IS DETECTED DUE TO THIS CHANGE!
We dont know it yet, i will keep this Thread up-to-date
![[Image: mca.png]](http://mag.racked.eu/image/300/PUT+ON+PANTS+/mca.png)
![[Image: sAng_banghead2.gif]](http://www.forumsextreme.com/images/sAng_banghead2.gif)