BattlEye has for the past year been detecting unknown cheats using memory heuristics combined with a method known as stack walking: https://vmcall.blog/battleye-stack-walking/ …
-
-
As far as I know yeah, at the time I was working against BE I think it was only used on the Arma series. It would have hardcoded acceptable RVAs against the game module base and if the ret address didn't match then you got popped.
-
BE 1.204 - BP set: https://cloud.binary.ninja/bn/f9460893-6304-4a59-af3e-f0e0afd62b6a?view=Disassembly&function=268448560&address=268448560 … BP integrity check: https://cloud.binary.ninja/bn/f9460893-6304-4a59-af3e-f0e0afd62b6a?view=Disassembly&function=268448848&address=268448848 … And I think this is the exception dispatcher, though it's been like 6 years since I've looked at any of this:https://cloud.binary.ninja/bn/f9460893-6304-4a59-af3e-f0e0afd62b6a?view=Linear+Disassembly&address=268547296 …
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.