Official site anti-cheat Ultra Core Protector

Home Download F.A.Q. Addons Monitor Forum Support Advertise English version site UCP Anti-Cheat  Russian version site UCP Anti-Cheat
Ultra Core Protector - is the client-server anti-cheat freeware, for server protection from unscrupulous players.

Abilities Supported games  
Half-Life
Condition Zero
Counter-Strike 1.6
Day of Defeat
Adrenaline Gamer
Team Fortress Classic
Counter-Strike Source
MU Online
Ragnarok Online
Half-Life 2 Deathmatch
Adrenaline Gamer 2
Team Fortress 2
System Service Hijacking Ban

I’ve been developing several different bypasses for fun, but one bypass that keeps getting me banned by BE is exploiting a system service.

Currently, before the game is started, I am using a simple, hand-made LoadLibrary injector w/ SEDebug Priv to load a DLL into a system service. It then creates a remote thread and sits dormant for a few minutes while I start up the game. After 2 minutes, it steals a HANDLE to the target game and begins to RPM/WPM.

The DLL itself is not packed, but all give-aways like Strings are XORd. In addition, nothing is C+P since it was written from scratch.

However, I seem to be getting banned from this process after a few days. Anyone see a glaring detection vector or have some pointers about what might be getting detected? I have been trying to the isolate different parts of it, but it’s time consuming due to BE’s ban delay.

Another weird observation is that if I run it during the lobby and the first 5-10 min of the game, I never get banned. But if I play a few full games, the ban is nearly guaranteed.

I appreciate all the help that I can get!