{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T16:56:12Z","timestamp":1768409772544,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,30]]},"DOI":"10.1145\/3664476.3670433","type":"proceedings-article","created":{"date-parts":[[2024,7,25]],"date-time":"2024-07-25T12:35:50Z","timestamp":1721910950000},"page":"1-11","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6085-3210","authenticated-orcid":false,"given":"Christoph","family":"Dorner","sequence":"first","affiliation":[{"name":"St. P\u00f6lten University of Applied Sciences, Austria"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3650-9733","authenticated-orcid":false,"given":"Lukas Daniel","family":"Klausner","sequence":"additional","affiliation":[{"name":"St. P\u00f6lten University of Applied Sciences, Austria"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1080\/10658980701402049"},{"key":"e_1_3_2_1_2_1","volume-title":"Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones & Bartlett Learning","author":"Blunden Bill","year":"2013","unstructured":"Bill Blunden. 2013. Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones & Bartlett Learning, Burlington, MA. https:\/\/www.jblearning.com\/catalog\/productdetails\/9781449626365"},{"key":"e_1_3_2_1_3_1","unstructured":"\"bright\" \"IDontCode\" \"irql0\". 2021. EasyAntiCheat Exploit to Inject Unsigned Code into Protected Processes. Online. https:\/\/blog.back.engineering\/10\/08\/2021\/"},{"key":"e_1_3_2_1_4_1","unstructured":"\"Broihon\". 2018. Manual Mapping DLL Injection Tutorial - How To Manual Map. Online. https:\/\/guidedhacking.com\/threads\/manual-mapping-dll-injection-tutorial-how-to-manual-map.10009\/"},{"key":"e_1_3_2_1_5_1","unstructured":"\"Daax\". 2020. Anticheat Faceit Bypass. Online. https:\/\/guidedhacking.com\/threads\/anticheat-faceit-bypass.16113\/post-89663?referralcode=ON6pj"},{"key":"e_1_3_2_1_6_1","unstructured":"\"Daax\" \"iPower\" \"ajkhoury\" \"drew\". 2020. How Anti-Cheats Detect System Emulation. Online. https:\/\/secret.club\/2020\/04\/13\/how-anti-cheats-detect-system-emulation.html"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.25.866"},{"key":"e_1_3_2_1_8_1","volume-title":"Analysis and Detection of Virtualization-Vased Rootkits. Bachelor\u2019s thesis","author":"Fritsch Hagen","unstructured":"Hagen Fritsch. 2008. Analysis and Detection of Virtualization-Vased Rootkits. Bachelor\u2019s thesis. Technical University of Munich. https:\/\/www.nm.ifi.lmu.de\/pub\/Fopras\/frit08\/PDF-Version\/frit08.pdf"},{"key":"e_1_3_2_1_9_1","unstructured":"\"h4x0!2\". 2023. Data Vanguard Is Grabbing to HWID Ban. Online. https:\/\/www.unknowncheats.me\/forum\/valorant\/567650-data-vanguard-grabbing-hwid-ban.html"},{"key":"e_1_3_2_1_10_1","unstructured":"Intel. 2023. Intel\u00ae 64 and IA-32 Architectures Software Developer\u2019s Manuals. Intel. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html"},{"key":"e_1_3_2_1_11_1","unstructured":"\"iPower\". 2020. CVEAC-2020: Bypassing EasyAntiCheat Integrity Checks. Online. https:\/\/secret.club\/2020\/04\/08\/eac_integrity_check_bypass.html"},{"key":"e_1_3_2_1_12_1","unstructured":"Xuxian Jiang. 2006. Enabling Internet Worms and Malware Investigation and Defense Using Virtualization. PhD thesis. Purdue University. https:\/\/docs.lib.purdue.edu\/dissertations\/AAI3251634\/"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24037-9_36"},{"key":"e_1_3_2_1_14_1","volume-title":"Comparative Study of Anti-Cheat Methods in Video Games. Master\u2019s thesis","author":"Lehtonen Samuli","unstructured":"Samuli Lehtonen. 2020. Comparative Study of Anti-Cheat Methods in Video Games. Master\u2019s thesis. University of Helsinki. https:\/\/helda.helsinki.fi\/items\/b1141406-eb65-48a5-8922-d1b23d4cfe51"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSN.2011.19"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.phpro.2012.05.145"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPIN52536.2021.9566108"},{"key":"e_1_3_2_1_18_1","volume-title":"A Taxonomic Evaluation of Rootkit Deployment, Behavior and Detection. Master\u2019s thesis","author":"Major Maxine","unstructured":"Maxine Major. 2015. A Taxonomic Evaluation of Rootkit Deployment, Behavior and Detection. Master\u2019s thesis. University of Idaho. https:\/\/objects.lib.uidaho.edu\/etd\/pdf\/Major_idaho_0089N_10700.pdf"},{"key":"e_1_3_2_1_19_1","volume-title":"Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats","author":"Matrosov Alex","unstructured":"Alex Matrosov, Eugene Rodionov, and Sergey Bratus. 2019. Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. No Starch Press, San Francisco, CA. https:\/\/nostarch.com\/rootkits"},{"key":"e_1_3_2_1_20_1","volume-title":"Identifying Rootkit Stealth Strategies. Bachelor\u2019s thesis","author":"Mysliwietz Egidius","year":"2020","unstructured":"Egidius Mysliwietz. 2020. Identifying Rootkit Stealth Strategies. Bachelor\u2019s thesis. Radboud University. https:\/\/www.cs.ru.nl\/bachelors-theses\/2020\/Egidius_Mysliwietz___1000796___Identifying_rootkit_stealth_strategies.pdf"},{"key":"e_1_3_2_1_21_1","unstructured":"Kyle Orland. 2020-04-14. Ring 0 of Fire: Does Riot Games\u2019 New Anti-Cheat Measure Go Too Far?Ars Technica (2020-04-14). https:\/\/arstechnica.com\/gaming\/2020\/04\/ring-0-of-fire-does-riot-games-new-anti-cheat-measure-go-too-far\/"},{"key":"e_1_3_2_1_22_1","unstructured":"\"Rake\". 2015. Anticheat Battleye Bypass Overview. Online. https:\/\/guidedhacking.com\/threads\/anticheat-battleye-bypass-overview.11602\/"},{"key":"e_1_3_2_1_23_1","unstructured":"\"Rake\". 2018. Anticheat Faceit Bypass. Online. https:\/\/guidedhacking.com\/threads\/anticheat-faceit-bypass.16113\/"},{"key":"e_1_3_2_1_24_1","unstructured":"\"Rake\". 2020. How to Bypass EAC - Easy Anti Cheat. Online. https:\/\/guidedhacking.com\/threads\/how-to-bypass-eac-easy-anti-cheat.15956\/"},{"key":"e_1_3_2_1_25_1","volume-title":"Anti-Cheating Measures in Video Games. Bachelor\u2019s thesis","author":"Rendenbach Caroline\u00a0Andrea","unstructured":"Caroline\u00a0Andrea Rendenbach. 2022. Anti-Cheating Measures in Video Games. Bachelor\u2019s thesis. Technical University of Munich. https:\/\/collab.dvb.bayern\/download\/attachments\/77832800\/main.pdf"},{"key":"e_1_3_2_1_26_1","unstructured":"Riot Games. 2018. Riot\u2019s Approach to Anti-Cheat. Online. https:\/\/technology.riotgames.com\/news\/riots-approach-anti-cheat"},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 3rd USENIX Workshop on Offensive Technologies (Montreal) (WOOT \u201909)","author":"Rolles Rolf","year":"2009","unstructured":"Rolf Rolles. 2009. Unpacking Virtualization Obfuscators. In Proceedings of the 3rd USENIX Workshop on Offensive Technologies (Montreal) (WOOT \u201909). USENIX Association, Berkeley, CA, 261\u2013266. https:\/\/www.usenix.org\/legacy\/events\/woot09\/tech\/full_papers\/rolles.pdf"},{"key":"e_1_3_2_1_28_1","unstructured":"\"SaltyPaster\". 2021. How to Bypass EAC - Easy Anti Cheat. Online. https:\/\/guidedhacking.com\/threads\/how-to-bypass-eac-easy-anti-cheat.15956\/post-105040?referralcode=ON6pj"},{"key":"e_1_3_2_1_29_1","volume-title":"Towards Automated Server-side Video Game Cheat Detection. Master\u2019s thesis","author":"Silva Jos\u00e9\u00a0Nuno","unstructured":"Jos\u00e9\u00a0Nuno Silva. 2022. Towards Automated Server-side Video Game Cheat Detection. Master\u2019s thesis. University of Porto. https:\/\/repositorio-aberto.up.pt\/bitstream\/10216\/142935\/2\/572983.pdf"},{"key":"e_1_3_2_1_30_1","unstructured":"\"Sinclairq\". 2022. A Bank Vault\u2019s Self-Integrity Circumvented by an Underway Passage: How EasyAntiCheat\u2019s Driver Self-Integrity Can Be Compromised Through Call Hierarchy. Online. https:\/\/secret.club\/2020\/04\/08\/eac_integrity_check_bypass.html"},{"key":"e_1_3_2_1_31_1","unstructured":"UEFI Forum Inc.2019. Unified Extensible Firmware Interface (UEFI) Specification. Unified Extensible Firmware Interface (UEFI) Forum. https:\/\/uefi.org\/specifications"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2013.32"},{"key":"e_1_3_2_1_33_1","unstructured":"\"vmcall\". 2019. BattlEye Anti-Cheat: Analysis and Mitigation. Online. https:\/\/secret.club\/2019\/02\/10\/battleye-anticheat.html"},{"key":"e_1_3_2_1_34_1","unstructured":"\"vmcall\". 2020. BattlEye Hypervisor Detection. Online. https:\/\/secret.club\/2020\/01\/12\/battleye-hypervisor-detection.html"},{"key":"e_1_3_2_1_35_1","unstructured":"\"whatacoolwitch\". 2021. Uninstalling and Disabling Riot Vanguard. Online. https:\/\/support-valorant.riotgames.com\/hc\/en-us\/articles\/360044648213-Uninstalling-and-Disabling-Riot-Vanguard"},{"key":"e_1_3_2_1_36_1","unstructured":"\"whatacoolwitch\". 2022. What Is Vanguard?Online. https:\/\/support-valorant.riotgames.com\/hc\/en-us\/articles\/360046160933-What-is-Vanguard-"},{"key":"e_1_3_2_1_37_1","unstructured":"\"Xyrem\". 2023. In-Depth Analysis on Valorant\u2019s Guarded Regions. Online. https:\/\/reversing.info\/posts\/guardedregions\/"},{"key":"e_1_3_2_1_38_1","unstructured":"\"yousif\". 2020. Bypassing BattlEye from User-Mode. Online. https:\/\/secret.club\/2020\/02\/26\/be_umode.html"}],"event":{"name":"ARES 2024: The 19th International Conference on Availability, Reliability and Security","location":"Vienna Austria","acronym":"ARES 2024"},"container-title":["Proceedings of the 19th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670433","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664476.3670433","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:51:50Z","timestamp":1755881510000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664476.3670433"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,30]]},"references-count":38,"alternative-id":["10.1145\/3664476.3670433","10.1145\/3664476"],"URL":"https:\/\/doi.org\/10.1145\/3664476.3670433","relation":{},"subject":[],"published":{"date-parts":[[2024,7,30]]},"assertion":[{"value":"2024-07-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}