VAC 1 relied on hash-matching. It scanned the hl.exe process for known cheat signatures. If you had a known wallhack DLL, you got banned. Cheat coders responded by "packing" their DLLs with random junk code (polymorphic code) to change the hash every day.
VAC2 started scanning for hooked OpenGL functions. If the anti-cheat detected that glBindTexture was being redirected to a different memory address, it triggered a delayed ban. To counter this, cheat coders moved away from IAT (Import Address Table) hooks to VTable Hooking and Inline Hooking , which were harder to detect. cs 1.6 opengl wallhack
For every teenager who downloaded a wallhack to dominate a dust_2 server in 2006, there was a coder learning C++ and OpenGL to build it. Ironically, many of today's senior game security engineers started their careers by writing those very hacks. VAC 1 relied on hash-matching