you can see that I have problem with playing Escape From Tarkov because of new Battleye shit patch, but there are cloud gaming VMs which dont have this problem, so I wonder how can I spoof my VM to be more like Geforce NOW, Stadia, ShadowPC and others…
I run paranoia fish and I got these traces which indicate that I use VM:
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc) forcing VM exit
[pafish] CPU VM traced by checking hypervisor bit in cpuid feature bits
[pafish] Sandbox traced using mouse activity
[pafish] Bochs traced using Reg key HKLM\HARDWARE\Description\System “SystemBiosVersion”
If I were to take a guess I would say that Cloudservices are running specific driver versions that expose some kind of API for the Anticheats to call to verify they are running in a VM, but for those providers.
Another possibility would be that those services are running versions that have the anticheat stripped out entirely, but that is unlikely since Shadow for example is running a full VM, and not just the games (as opposed to GF Now to my understanding, Stadia works differently entirely).
That would be the easiest way for them to make them work and officially support them, just by working together with the developers of BattlEye (and Easy Anti Cheat for that matter). I guess if we knew how BE and EAC are verifying that they are running on VMs for those services, we could use the same. Getting to that bit is going to be tricky though
