How To Launch Steam Games Without Easy Anti Cheat

Posted on by
In the last post, I talked about using the app ID 480 trick to bypass the Steam Family sharing restriction. Even though I used the app ID 480 trick, I still had to start the game from the Easy Anti-Cheat launcher (mcclauncher.exe) in order to play Multiplayer. If I did not start the game with the launcher, I'll get an Anti-Cheat Incident pop up when I try to enter Multiplayer games.
  1. How To Launch Steam Games Without Easy Anti Cheat Sheet
  2. How To Launch Steam Games Without Easy Anti Cheats
  3. How To Launch Steam Games Without Easy Anti Cheat Engine
  1. Games that run Easy Anti-Cheat. There are a ton of games that run EAC, the last time this guide was updated (September 2nd, 2018) there was a total of 77. If one of your EAC protected games is giving you the 20006 error, then anything else in your library running EAC will as well.
  2. When launching Halo: Reach via Steam or Microsoft Store, you will not be able to play the title’s matchmaking options if you select the launch option labeled “EAC Bypass” as.
  3. Disabling anti-cheat in Steam. Once you’ve applied your mods, it’s actually super easy to use them — if starting up the game using the Steam interface, you’ll be presented with two options: Play Halo: The Master Chief Collection or Play Halo MCC Anti-Cheat Disabled (Mods and Limited). Choose the bottom option to disable anti-cheat.
  4. Method 1: Running the Apex Legend and Origin Client as Administrator. If the game doesn’t have administrator privileges, the game might be unable to fetch system resources, and it will fail to execute.

Easy™ Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games through the use of hybrid anti–cheat mechanisms. Pioneering Security Our approach is constantly evolving, which results in fewer hacking attempts, no false positives, and a healthier, more enjoyable community. /ristar-game-gear-cheats.html.


My goal now is to find a way to enable multiplayer without using the Easy Anti-Cheat launcher. In this post, I will explain how I did this.

Finding the Easy Anti-Cheat module

The first thing we want to do is find where the game (MCC-Win64-Shipping.exe) first calls functions in the Easy Anti-Cheat API.
Open the binary in x64dbg and break at the EntryPoint. Notice that there does not appear to be any Easy Anti-Cheat module listed in the Symbols table. If we let the rest of the game run until we see the Halo window and pause the debugger, we will then see that easyanticheat_x64.dll is in the Symbols table.
To find out when the game loads this library, set a breakpoint on Export 0 of the easyanticheat_x64.dll. This is the EntryPoint of the DLL and the loader will execute from this address upon loading the library.

Restart the program and press continue until we break on the EntryPoint of easyanticheat_x64.dll. Since we want to know which function in the game binary loaded this library, look at the call stack at this breakpoint. Recall that the call stack lists return addresses.
WithoutLook at the first mcc-win64-shipping function (below the kernelbase function). This is where the game calls LoadLibraryA.
The highlighted line is where the program will start executing after it returns from LoadLibraryA. I've added comments to the right of the code. Recall that Microsoft Visual C++ compiler uses the fastcall calling convention when compiling for x64. That means the first four arguments to a function go into registers RCX, RDX, R8, R9 respectively and that the function returns the return value (if any) in RAX.
We have something like this:
eacModule := LoadLibraryA('EasyAntiCheat/easyanticheat_x64.dll')
fnCreateGameClient := GetProcAddress(eacModule, 'CreateGameClient')
gameClientInterface := (*fnCreateGameClient) ('GameClientInterfaceV012')
This block of codes retrieves a Game Client interface. This means that we probably cannot avoid loading the library.

Analyzing the CreateGameClient function

To find out what CreateGameClient does, go to the Symbols table again, and set a breakpoint on the CreateGameClient function in the easyanticheat_x64.dll module. Restart the program and press continue (F9) until we get to this function. Press g to switch to graph view. Click drag to look around.
The function is kind of complicated, but if we look at the bottom left of the graph (third box from the bottom in the picture), there is a call to GetCommandLineW. Set a breakpoint there. Ignore the comments 'rcx: GameClientInterfaceV012'. That is saying what the current value of rcx is.
GetCommandLineW returns a pointer to the command line arguments in RAX. The program then passes this pointer into the first argument of another function. We can reasonably guess that this other function processes the command line arguments.
Click that function and press Enter to follow it.
This is interesting. Notice that the function is checking for '-eac-nop-loaded' in the command line arguments.

How To Launch Steam Games Without Easy Anti Cheat Sheet


Continue to step until we return from this function. The red arrow indicates that we will take the jump.
We could analyze the function that would have been called had we not take the jump, but let's first try to run the program with -eac-nop-loaded as the commandline. To do this in x64dbg, go to File - Change Command Line, and add -eac-nop-loaded to the end.
Disable the breakpoints and restart the program to see what happens. If we click Multiplayer then Social games, we now see the matchmaking screen instead of the Anti-Cheat Incident pop-up.

How To Launch Steam Games Without Easy Anti Cheats


A More Permanent Solution

Since this seems like a very simple trick, I figured that other people must have already done something like this for other games. It turns out that people have used this trick for another game and the developers for that game quickly patched it.
The easiest way to not rely on this trick is to patch easyanticheat_x64.dll to always execute the instructions after the command that checks whether we have -eac-nop-loaded in our command line.

How To Launch Steam Games Without Easy Anti Cheat Engine

Do this by NOPing out the je instruction after the function that is called after GetCommandLine.
If you run the program again, and look in the same graph, it should now look like this.

Currently, the Wine and Proton compatibility layers for Linux don't work with Easy Anti-Cheat and we have something of an update on the status for you.

Easy Anti-Cheat is one of the most widely used systems to reduce cheating in games, it's available in some form for actual Linux builds of games but it's something of a sore spot for Wine and Proton. Some time ago, it was confirmed that Valve and the Easy Anti-Cheat team were planning to work together to get the situation sorted, Epic Games later confirmed Easy Anti-Cheat was still supported on Linux for native builds too after it appeared that was stopping. Since then, we've not really heard anything officially on it.

However, over on Reddit, user Guy1524 who happens to work for CodeWeavers (who work on Wine / Proton) gave a personal update on their own clearly unofficial (EAC themselves are not involved) progress to get Easy Anti-Cheat working.

At this point, EAC will load, correctly process an IOCTL in which the loader sends an encrypted 'internal dll', which it expects the driver to inject into the game process. EAC will then correctly map this dll when the process loads, and try to initialize it. This is the point where it is failing right now (the internal dll will yield an error), but we seem to be really close to the end of the initialization function, and once blitzcrank finishes devirtualizing it, we should be able to quickly get the function to succeed. In theory, if all goes to plan, the game should then launch, and be able to load the EAC library through the hooks setup by the internal DLL / kernel.

Wine (and so Proton) has always been a game of cat and mouse for Windows games on Linux, a constant game of catch-up as developers do new and different things and break compatibility. Anti-cheat tools add another layer of complexity that can cause more problems. The issue here, is that even if they manage to get it hooked up and working, EAC could end up doing something to block it if they don't like how it's operating. This is actually something that Epic Games Founder and CEO, Tim Sweeney, mentioned on Twitter when asked about it:

We'd be fully supportive of these efforts if confident they wouldn't lead to the worst-case scenario, which is a significant increase in cheating that we have no ability to detect.

If they manage to get Easy Anti-Cheat properly working with Wine and Proton, it would open up yet another big world of gaming on Linux. I think we can all agree that would be a great thing until the day our market share rises enough that more game developers support Linux directly.

Article taken from GamingOnLinux.com.