Client>Server Communication

There is no singular function that is responsible for this task. In Apex, we rather have multiple of those working together. 

Let's get started with the most common function, R5AC::PushViolation:

void __fastcall R5AC::PushViolation(
        const __m128i *pszIdentifierStr,
        char Severity,
        __int64 ExtraDataPtr,
        __int64 ExtraDataLen);

In case of client-side abnormalities being detected, it will be invoked like this:

LBL_ON_ABNORMALITY_FOUND:
              v119 = v116();
              v120 = 0;
              v121 = 0i64;
              do
              {
                v122 = *(_BYTE *)(v121 + 41489128); // these are just data and key, and the RVA can be computed with analysis of a runtime dump.
                ++v120;
                v123 = *(_BYTE *)(v121 + 27928337);
                v188[++v121 + 15] = v123 ^ v122;
              }
              while ( v120 < 0xC ); // C-String encryption using simple xor
              sprintf_s_2(Buffer, 0x104ui64, Format, v119);
            }
          }
          R5AC::PushViolation(v200, 1, v177, (__int64)Buffer);