Blizzard IS detecting Window titles for their anticheat menu

User Tag List

Results 1 to 6 of 6
  1. #1
    KampfMuffin's Avatar Active Member
    CoreCoins Purchaser Authenticator enabled
    Reputation
    56
    Join Date
    Jan 2017
    Posts
    362
    Thanks G/R
    6/45
    Trade Feedback
    19 (58%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Blizzard IS detecting Window titles for their anticheat

    So I just started Overwatch, dumped the strings, and voila:

    Code:
    Cheat Engine 5
    Cheat Engine 6
    x64_dbg
    x32_dbg
    ArtMoney
    Scylla
    Struct Builder
    ReClass
    IDA v
    WinDbgFrameClass
    Software\Blizzard Entertainment\Battle.net\Identity
    Identity
    GSSAPI
    XOAUTH2
    STARTTLS not supported.
    STARTTLS denied. %c
    Access denied. %c
    Access denied: %d
    md5-sess
    imap
    So on the first two lines it says "Cheat Engine 5" and "Cheat engine 6". This means they are searching for window titles?

    Also to notice I've found that:
    Code:
    ClientOutCheats
    JAMfeab6945ProtocolPool
    This was in this whole thing:
    Code:
    ClientInCombat
    JAMe9cfda8aProtocolPool
    ZLO
    ClientInInstance
    JAM5a8949edProtocolPool
    ClientInLobbyAchievement
    JAM267fde9eProtocolPool
    ClientInLobbyCelebration
    JAM7a3d3343ProtocolPool
    ClientInLobbyChat
    JAMa9973b5eProtocolPool
    ClientInLobbyConnect
    JAM400c651dProtocolPool
    ClientInLobbyCustomGame
    JAM5373bd89ProtocolPool
    ClientInLobbyData
    JAM0dfeefefProtocolPool
    ClientInLobbyFriends
    JAM585b3816ProtocolPool
    ClientInLobbyHeroProgression
    JAM11fc8b5bProtocolPool
    ClientInLobbyInstance
    JAMd1929c50ProtocolPool
    ClientInLobbyLeaderboard
    JAM2ba52771ProtocolPool
    ClientInLobbyMatchmaking
    JAMc15cc0baProtocolPool
    ClientInLobbyParty
    JAM021609a7ProtocolPool
    ClientInLobbyPing
    JAM1c0f9f1eProtocolPool
    ClientInLobbyPlayer
    JAM73d1af99ProtocolPool
    ClientInLobbyPlayerProgression
    JAM88b7f96dProtocolPool
    ClientInLobbyRanked
    JAM3ae820d4ProtocolPool
    ClientInLobbyRelationship
    JAMf03bf8edProtocolPool
    ClientInLobbyRuleset
    JAM46cbc86dProtocolPool
    ClientInLobbyStats
    JAMb9dca497ProtocolPool
    ClientInLobbyStatus
    JAM4c4eefacProtocolPool
    ClientInLobbyStore
    JAM8a29bb5eProtocolPool
    ClientInStats
    JAM6fa20397ProtocolPool
    ClientInVoice
    JAMa7299a2dProtocolPool
    ClientOutCheats
    JAMfeab6945ProtocolPool
    ?OlrW4S
    ClientOutInstance
    JAM06c0c998ProtocolPool
    ClientOutLobbyAchievement
    JAM1ec25650ProtocolPool
    ClientOutLobbyBI
    JAMae55ee2cProtocolPool
    ClientOutLobbyCelebration
    JAMf1bc0dffProtocolPool
    ClientOutLobbyChat
    JAM28a2a1cdProtocolPool
    ClientOutLobbyConnect
    JAM2f1931afProtocolPool
    ClientOutLobbyCustomGame
    JAM87ab5d52ProtocolPool
    ClientOutLobbyData
    JAM0971cce1ProtocolPool
    ClientOutLobbyFriends
    JAM027adb37ProtocolPool
    ClientOutLobbyLeaderboard
    JAM1892ea87ProtocolPool
    ClientOutLobbyRanked
    JAMbb141e5eProtocolPool
    ClientOutLobbyRuleset
    JAM70065ef5ProtocolPool
    ClientOutLobbyHeroProgression
    JAMf13c9428ProtocolPool
    ClientOutLobbyInstance
    JAM6099bc5fProtocolPool
    ClientOutLobbyMatchmaking
    JAMfb82d929ProtocolPool
    ClientOutLobbyParty
    JAMb55ffaf3ProtocolPool
    AXf
    ClientOutLobbyPersistence
    JAM4116e22cProtocolPool
    ClientOutLobbyPing
    JAM4eae6aa9ProtocolPool
    ClientOutLobbyPlayer
    JAM03aa3b80ProtocolPool
    ClientOutLobbyPlayerProgression
    JAM26b9e893ProtocolPool
    ClientOutLobbyStats
    JAM2baf715dProtocolPool
    ClientOutLobbyStore
    JAM85b044a1ProtocolPool
    ClientOutPvP
    JAM494a1c53ProtocolPool
    Cdd
    ClientOutStats
    JAM43e27399ProtocolPool
    Meaning that they flag people for cheating and the client even knows that? Because I think these are envoirmental variables.

    You can export the strings using Process explorer: Overwatch.exe -> *le right click* Properties -> Strings -> Memory (this could take a while)

    So I think you also need to change the window title of your cheat programs, that they stay undetected.

    Blizzard IS detecting Window titles for their anticheat
  2. #2
    KampfMuffin's Avatar Active Member
    CoreCoins Purchaser Authenticator enabled
    Reputation
    56
    Join Date
    Jan 2017
    Posts
    362
    Thanks G/R
    6/45
    Trade Feedback
    19 (58%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ArtMoney
    Scylla
    Struct Builder
    ReClass

    These are ALL cheat programs
    Source:
    Game Cheater ArtMoney | heise Download
    struct-builder
    [Release] Scylla 0.9.8 (x86 / x64)
    [Release] ReClass x64

  3. #3
    DvASystems's Avatar Elite User Overwatch Hack & Cheat Mod /M.LG\
    Authenticator enabled
    Reputation
    413
    Join Date
    Aug 2016
    Posts
    3,810
    Thanks G/R
    1036/286
    Trade Feedback
    202 (100%)
    Mentioned
    0 Post(s)
    Tagged
    3 Thread(s)
    Relax, this is nothing new. VAC does the same thing, if you have Cheat Engine running whilst entering a competitive game you get banned even if you don't inject.
    They are just flagging generic cheat tools, plenty do this already with other games. Same goes for any software protection in general.

  4. #4
    KampfMuffin's Avatar Active Member
    CoreCoins Purchaser Authenticator enabled
    Reputation
    56
    Join Date
    Jan 2017
    Posts
    362
    Thanks G/R
    6/45
    Trade Feedback
    19 (58%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by DvASystems View Post
    Relax, this is nothing new. VAC does the same thing, if you have Cheat Engine running whilst entering a competitive game you get banned even if you don't inject.
    They are just flagging generic cheat tools, plenty do this already with other games. Same goes for any software protection in general.
    No i meant that you could read out of the memory if they flagged you as cheater or not

  5. #5
    outlawfosho's Avatar Active Member
    Reputation
    23
    Join Date
    Dec 2016
    Posts
    37
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by KampfMuffin View Post
    No i meant that you could read out of the memory if they flagged you as cheater or not
    Are you asking if you can determine whether or not you've been flagged by reading the process' memory? If so, I'd imagine not as there's really no reason for them to be storing that on the client side.

  6. #6
    KampfMuffin's Avatar Active Member
    CoreCoins Purchaser Authenticator enabled
    Reputation
    56
    Join Date
    Jan 2017
    Posts
    362
    Thanks G/R
    6/45
    Trade Feedback
    19 (58%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by outlawfosho View Post
    Are you asking if you can determine whether or not you've been flagged by reading the process' memory? If so, I'd imagine not as there's really no reason for them to be storing that on the client side.
    yeah... that could be... but it would be funny if whatever reason blizz does that

Similar Threads

  1. Random window title
    By Reconsider in forum Programming
    Replies: 6
    Last Post: 09-13-2009, 11:17 AM
  2. Catchy title for a paper on Gun Control
    By SkilzDatKilz2 in forum Community Chat
    Replies: 11
    Last Post: 04-04-2008, 10:23 AM
  3. Change Window Title Icon
    By Pragma in forum Programming
    Replies: 5
    Last Post: 03-30-2008, 05:06 AM
  4. Anyone have MapModv2 that Team Idemise made for their leveling guide
    By Anthetara-Shattered-Hand in forum WoW UI, Macros and Talent Specs
    Replies: 5
    Last Post: 12-10-2007, 09:37 PM
  5. Window Title Renaming Tool
    By Matt in forum World of Warcraft Bots and Programs
    Replies: 7
    Last Post: 07-29-2006, 01:59 AM
All times are GMT -5. The time now is 08:34 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search