Yes they can detect it. They will check the modules they include.
Let's say for instance I modify a DLL that csgo routinely uses in windows, and calls functions in it. Therefore I have full access to CSGO's memory without ever having to call OpenProcess or anything like that. I get the return address to CSGO's engine/client via one of the functions CSGO calls in that dll. Let's say I were to read memory from the player table by doing something such as Mov EAX, DWord Ptr DS:[base + offset], since I already have the base address. Can VAC detect this? I have asked quite a few people and no one seems to give me a clear answer. Since I'm never calling OpenProcess and the dll is already legitimately loaded by csgo, how would VAC detect it? If not, what about writing?
Last edited by click4dylan; 03-12-2016 at 06:23 PM.
Yes they can detect it. They will check the modules they include.