gmh5225

anti-cheat-systems

Guide for understanding anti-cheat systems and bypass techniques. Use this skill when researching game protection systems (EAC, BattlEye, Vanguard), anti-cheat architecture, detection methods, or bypass strategies.

gmh5225 2,941 421 Updated 3mo ago
GitHub

Install

npx skillscat add gmh5225/awesome-game-security/anti-cheat-systems

Install via the SkillsCat registry.

SKILL.md

Anti-Cheat Systems & Analysis

Overview

This skill covers anti-cheat systems used in games, their detection mechanisms, and research techniques. Understanding anti-cheat helps both defenders (game developers) and security researchers.

Major Anti-Cheat Systems

Easy Anti-Cheat (EAC)

  • Kernel-mode driver protection
  • Process integrity verification
  • Memory scanning
  • Used by: Fortnite, Apex Legends, Rust

BattlEye

  • Kernel driver with ring-0 access
  • Screenshot capture capability
  • Network traffic analysis
  • Used by: PUBG, Rainbow Six Siege, DayZ

Vanguard (Riot Games)

  • Always-on kernel driver
  • Boot-time initialization
  • Hypervisor detection
  • Used by: Valorant, League of Legends

Valve Anti-Cheat (VAC)

  • User-mode detection
  • Signature-based scanning
  • Delayed ban waves
  • Used by: CS2, Dota 2, TF2

Other Systems

  • PunkBuster: Legacy FPS anti-cheat
  • FairFight: Server-side statistical analysis
  • nProtect GameGuard: Korean anti-cheat solution
  • XIGNCODE3: Mobile game protection
  • ACE (Tencent): Chinese market protection

Detection Mechanisms

Memory Detection

- Signature scanning for known cheats
- Code integrity verification
- Injected module detection
- Memory modification monitoring

Process Detection

- Handle enumeration
- Thread context inspection
- Debug register monitoring
- Stack trace analysis

Kernel-Level Detection

- Driver verification
- Callback registration monitoring
- System call hooking detection
- PatchGuard integration

Behavioral Analysis

- Input pattern analysis
- Movement anomaly detection
- Statistical improbability flagging
- Network packet inspection

Anti-Cheat Architecture

User-Mode Components

  • Process scanner
  • Module verifier
  • Overlay detector
  • Screenshot capture

Kernel-Mode Components

  • Driver loader
  • Memory protection
  • System callback registration
  • Hypervisor detection

Server-Side Components

  • Statistical analysis
  • Replay verification
  • Report processing
  • Ban management

Research Techniques

Static Analysis

  1. Dump and analyze AC drivers
  2. Reverse engineer detection routines
  3. Identify signature patterns
  4. Map callback registrations

Dynamic Analysis

  1. Monitor system calls
  2. Track driver communications
  3. Analyze network traffic
  4. Debug with hypervisor tools

Bypass Categories

Memory Access

  • Physical memory read/write
  • DMA-based access
  • Hypervisor memory virtualization
  • Driver-based access

Code Execution

  • Manual mapping
  • Thread hijacking
  • APC injection
  • Kernel callbacks

Detection Evasion

  • Signature mutation
  • Timing attack mitigation
  • Stack spoofing
  • Module hiding

Security Features Interaction

Windows Security

  • Driver Signature Enforcement (DSE)
  • PatchGuard/Kernel Patch Protection
  • Hypervisor Code Integrity (HVCI)
  • Secure Boot

Virtualization

  • VT-x/AMD-V detection
  • Hypervisor presence checks
  • VM escape detection
  • Timing-based detection

Ethical Considerations

Research Guidelines

  • Focus on understanding, not exploitation
  • Report vulnerabilities responsibly
  • Respect Terms of Service implications
  • Consider impact on gaming communities

Legal Aspects

  • DMCA considerations
  • CFAA implications
  • Regional regulations
  • ToS enforcement

Resources Organization

Detection Research

- Anti-cheat driver analysis
- Detection routine documentation
- Callback enumeration tools

Bypass Research

- Memory access techniques
- Injection methods
- Evasion strategies

Tools

- Custom debuggers
- Driver loaders
- Analysis frameworks

Data Source

Important: This skill provides conceptual guidance and overview information. For detailed information use the following sources:

1. Project Overview & Resource Index

Fetch the main README for the full curated list of repositories, tools, and descriptions:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md

The main README contains thousands of curated links organized by category. When users ask for specific tools, projects, or implementations, retrieve and reference the appropriate sections from this source.

2. Repository Code Details (Archive)

For detailed repository information (file structure, source code, implementation details), the project maintains a local archive. If a repository has been archived, always prefer fetching from the archive over cloning or browsing GitHub directly.

Archive URL format:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/{owner}/{repo}.txt

Examples:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/ufrisk/pcileech.txt
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/archive/000-aki-000/GameDebugMenu.txt

How to use:

  1. Identify the GitHub repository the user is asking about (owner and repo name from the URL).
  2. Construct the archive URL: replace {owner} with the GitHub username/org and {repo} with the repository name (no .git suffix).
  3. Fetch the archive file — it contains a full code snapshot with file trees and source code generated by code2prompt.
  4. If the fetch returns a 404, the repository has not been archived yet; fall back to the README or direct GitHub browsing.

3. Repository Descriptions

For a concise English summary of what a repository does, the project maintains auto-generated description files.

Description URL format:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/{owner}/{repo}/description_en.txt

Examples:

https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/00christian00/UnityDecompiled/description_en.txt
https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/description/ufrisk/pcileech/description_en.txt

How to use:

  1. Identify the GitHub repository the user is asking about (owner and repo name from the URL).
  2. Construct the description URL: replace {owner} with the GitHub username/org and {repo} with the repository name.
  3. Fetch the description file — it contains a short, human-readable summary of the repository's purpose and contents.
  4. If the fetch returns a 404, the description has not been generated yet; fall back to the README entry or the archive.

Priority order when answering questions about a specific repository:

  1. Description (quick summary) — fetch first for concise context
  2. Archive (full code snapshot) — fetch when deeper implementation details are needed
  3. README entry — fallback when neither description nor archive is available

Categories

Docs Gen Game Dev Security
GitHub

Install

npx skillscat add gmh5225/awesome-game-security/anti-cheat-systems

Install via the SkillsCat registry.

Repository Stars

The star count shown is for the parent repository (gmh5225/awesome-game-security), not this specific skill.

.claude/skills/anti-cheat

Recommended Skills

gmh5225
game-engine-resources by gmh5225
2.9K 3mo ago
gmh5225
mobile-security by gmh5225
2.9K 3mo ago
gmh5225
graphics-api-hooking by gmh5225
2.9K 3mo ago
gmh5225
reverse-engineering-tools by gmh5225
2.9K 3mo ago
gmh5225
awesome-game-security-overview by gmh5225
2.9K 3mo ago
gmh5225
game-hacking-techniques by gmh5225
2.9K 3mo ago