Process Hacker and Windows discussion

 
Lance_Lake
Member
Posts: 14

Re: VAC banned by Process Hacker

23 Jun 2017, 18:56

or wait... Am I to understand option 2 means that PH is no longer an issue for running with VAC servers?
 
emakemae

VAC ban

26 Jun 2017, 09:51

Has anyone in recent time (since v2.39) gotten an actual VAC ban from using ph?
 
NVinside
New User
Posts: 1
OS: Windows 10 X64 LTSB
Location: Swiss

Re: VAC banned by Process Hacker

07 Jul 2017, 15:10

Not only VAC also BattleEye.

Image
 
User avatar
viksoftru
Member
Posts: 444
OS: Win7 (Live! DVD), BSD

Re: VAC banned by Process Hacker

07 Jul 2017, 21:02

For check try temporary stop driver KProcessHacker2 (KProcessHacker3) -> Services tab - Ctrl-K -> KprocessHacker... -> Apps or RMsClick -> Stop and test the game again.
 
User avatar
dmex
Admin
Posts: 1244
Location: Australia

Re: VAC banned by Process Hacker

08 Jul 2017, 11:20

NVinside wrote:
07 Jul 2017, 15:10
Not only VAC also BattleEye.

Image
Sorry about that... I accidently merged some changes yesterday that were not compatible with BattlEye and the nightly builds were automatically blocked by BattlEye anticheat protection. I've reverted those changes and it's fixed the problem. Please update to the latest nightly build and you'll be able to use Process Hacker with BattlEye once again.

If anyone is still having issues with BattlEye after updating to the nightly release then please create a new bug report :thumbup:


RE: VAC

Valve refuses to discuss why they're blocking Process Hacker and we have not been able to identify code or reproduce evidence of Process Hacker having ever been used to cheat in any Valve games.

The simple fact that you're only kicked from Valve games instead of getting permanently banned shows that Valve also don't even consider Process Hacker a cheating tool.

Process Hacker is also compatible with BattlEye anti-cheat and all features are compatible with BattlEye protected games. Both of those features they want removed can be very easily disabled using the ObRegisterCallbacks API and if Valve was using that function they would be able block a large number of cheaters overnight and every other anti-cheat has been using that function for this exact reason (e.g. BattlEye).

All Valve is doing by blocking Process Hacker is preventing users from being able to identify performance problems and from being able to check processes for malicious activity and what does removing features exactly achieve when those features can be easily disabled?

Here's what every other anti-cheat company has done:
1. Downloaded this code: https://github.com/Microsoft/Windows-dr ... obcallback
2. Compiled it.
3. Signed it.
4. Used it.
5. Stopped blocking Process Hacker.

Microsoft wrote that code for this exact reason and it's very easy to setup and configure... Valve already have a certificate to sign the code so this whole process would take less than an hour to configure and setup but here we are 1 year and 7 months later and Valve has done absolutely nothing to stop anyone cheating and continued to target Process Hacker instead... :?
 
Lance_Lake
Member
Posts: 14

Re: VAC banned by Process Hacker

08 Jul 2017, 12:20

As I saw the message from Valve, can't you just show the warning and then they can approve it?

It sounds like they are willing to fix the issue.
 
User avatar
TETYYS
Plugin Developer
Posts: 466
OS: Win 7 x64

Re: VAC banned by Process Hacker

08 Jul 2017, 12:21

Lance_Lake wrote:
08 Jul 2017, 12:20
It sounds like they are willing to fix the issue.
for 18 months already
 
Lance_Lake
Member
Posts: 14

Re: VAC banned by Process Hacker

08 Jul 2017, 12:24

He was told 2 solutions. I understand how he doesn't want to do number one. But number two sounds reasonable. Has he put in the warning and Valve won't follow through?
 
User avatar
TETYYS
Plugin Developer
Posts: 466
OS: Win 7 x64

Re: VAC banned by Process Hacker

08 Jul 2017, 12:26

do you think valve will bother to implement something that doesn't make money for 0.01% of players instead of just blocking them?
 
Lance_Lake
Member
Posts: 14

Re: VAC banned by Process Hacker

08 Jul 2017, 12:29

They said that they would. They don't have to implement anything. As I read it, it is up to DMX to show the warning.

Have you tried doing this and telling Valve that it has it now?
 
User avatar
dmex
Admin
Posts: 1244
Location: Australia

Re: VAC banned by Process Hacker

08 Jul 2017, 14:38

Lance_Lake wrote:
08 Jul 2017, 12:20
It sounds like they are willing to fix the issue.
That email was from almost two years ago... Valve have not replied even once to at least 5 emails and 3 support tickets over the last 18 months.
Lance_Lake wrote:
08 Jul 2017, 12:20
As I saw the message from Valve, can't you just show the warning and then they can approve it?
Warning messages were the first thing we added:
https://github.com/processhacker2/plugi ... alog.c#L27

That code used to be part of Process Hacker but it was discontinued and removed 11 months ago. The terminator was a feature for terminating malware processes and rootkits using 13 or so different methods of terminating a processes on Windows and one of those methods would overwrite process memory with garbage (NULLs) - which causes the process to terminate - but writing to process memory (even when its just zeros which does nothing!) triggered a VAC account ban.

A number of users including Jason Fossen (SANS Institute) have already mentioned how useful the feature was for SANS training courses on this thread:
viewtopic.php?f=5&t=2295&p=8054#p7746

Alex Ionescu (CrowdStrike) and Jason Fossen (SANS) have included Process Hacker as part of their IT security training courses and train thousands of developers every year. Those exact same features are compatible with BattlEye and are easily disabled so why should we destroy valuable security training for developers based on a single email from an anonymous Valve email address when it's completely unnecessary?
Lance_Lake wrote:
08 Jul 2017, 12:29
They said that they would. They don't have to implement anything.
If Valve were using the ObRegisterCallbacks routine then we wouldn't need to implement anything either. The ObRegisterCallbacks routine is how anti-cheat software like BattlEye blocks Process Hacker features and there's even code on Github from Microsoft showing how it works.
 
Lance_Lake
Member
Posts: 14

Re: VAC banned by Process Hacker

08 Jul 2017, 14:44

Ok. I will see what I can find out. I know some people in the company and I will see if I can push this forward. It should've been handled by now.

Though I will point out that VAC is not going to do what you suggest since the delayed banning is part of what makes VAC effective (and no, I don't want to get into a debate as to if it is or not). But let me see what is going on.

Who is online

Users browsing this forum: No registered users and 3 guests