As far as I know:
VAC Wiki
Ring 3 detection:
"It uses heuristics to detect possible cheats" - Means checking for open RPM/WPM handles
"compared to a database of banned applications" - They have a nice pack of sigs that they scan your program's code for
Why can't they detect it?
Most of the cheats out there are native C++ or JIT compiled C#
Which means that they can just download it, get a few bytes from the code and scan the "suspicious" process's .text segment for it (in the PolyHack's case this part differs drastically rendering this method ineffective)
In case of non-compiled interpreted languages, the .text segment only consists of legit code and the actual script is accessed from the .data segment
+1 now retards can stop asking
(12-27-2015, 13:27)Woundwart Wrote:  +1 now retards can stop asking

This. Good guy An0, you save us some spam (at least for the few people that aren't handless to check the forums a bit).

Forum Jump:

Users browsing this thread: 1 Guest(s)