ANTICHEAT ANALYSIS, GAMERSCLUB, EMACLAB, DRIVER

EMACLAB Anticheat Driver, Final Part: Conclusion

  • File Name: EMAC-Driver-x64.sys
  • TimeDateStamp: 0x67CAFFCE (Friday, 7 March 2025 14:16:46 GMT)
  • Protector: VMProtect 3.8+

What it does?

  • Infinityhook
  • Checks for Cheat Engine, Process Hacker and other common hacking tools, actively tries to block those from working correctly
  • Prevents unauthorized images from loading using minifilter
  • Protect the process memory using object callbacks
  • Actively scans and monitor the system for manually mapped drivers/unsigned code
  • Self-integrity checks
  • Anti-virtualization such as hypervisor checks
  • Blocks virtual inputs such as mouse movement

There is a lot of interesting stuff that can be looked at in the .IDB file, i suggest doing that :)

Conclusion

This anticheat surprised me, it was really cool to reverse engineer it. We must take into account that the kernel driver does not work alone and there are other security modules, it is not behind competitors in the market such as BattlEye, but it does not have a system as solid as EasyAntiCheat or its direct competitor FACEIT.

EMACLAB Reversal