Really amazing work secret.club!
Question (hopefully vmcall or someone from there is around…): what’s the point of BattlEye, if the remote servers are not using the information given by the client through BEClient?
Or am I misunderstanding, and really the point of this is to emulate the responses so that local debugging can happen, but no modification? Still great, but wouldn’t static analysis tools be enough for most uses (like data mining)?
The servers are using the information sent by the kernel module. This part is just the API the game itself calls.
Ah, so since this part is being “proxied”, this enables local debugging - right?
Normally BE loads a kernel module that implements the anti-cheat. This seemingly just shims the layer between that and the game so you can play the game in Wine.