// the find
danielkrupinski/VAC
Source code of Valve Anti-Cheat obtained from disassembly of compiled modules
Reconstructed C source code of Valve's Anti-Cheat system, reverse-engineered from disassembled 32-bit Windows DLL modules. Covers three VAC modules: system fingerprinting, process enumeration, and process monitor scanning. Useful for security researchers, anti-cheat developers, and anyone wanting to understand how a real-world user-mode anti-cheat actually works.
The README is unusually thorough — it documents exact struct layouts, WinAPI call sequences, and the encryption schemes (ICE, MD5, CRC32, XOR) with field-level detail. The system fingerprinting module is particularly well-documented: you can trace exactly what VAC collects and why, including the IAT hook detection logic. Organizing code by module mirrors the real VAC architecture, making it easy to cross-reference against your own disassembly. The encryption implementations (ICE cipher especially) are genuinely useful standalone references.
Only three modules out of what is certainly a larger set — Module #2's internals are openly marked 'to be disclosed' and never finished. The repo has been dead since 2020, so any VAC updates in the last five-plus years are unrepresented; using this to understand current VAC is risky. The choice to write C instead of C++ (the original) introduces subtle inaccuracies — vtable dispatch, RAII, and object layout are lost in translation. No test harness or way to verify the reconstructed code actually matches binary behavior.