Commercial message from HB, that's all.
An opcode named
SMSG_EnableHonorbuddyDetection have been added into the WoW client
since the early 5.3.0 PTR patches, if the server send it, the WoW Client receive it and will add a "
jmp"
into FrameScript_Load to hook the calls to that function. The
check range is recursivly n + 1, so FrameScript_LoadBuffer must be not safe, but I'm not sure about this part.
if the function is call from somewhere else than the .text of FrameScript_LoadBuffer, it will send back data to Blizzard servers and
flag you "using Honorbuddy" for a banwave mostly.
This paquet has been started to be active since yesterday, on 17055 build. It was off all the rest of the time.
To avoid a detection, you can either
have a good anti-warden and keep using it (as the paquet received are really rare... maybe it's done by "if you are online more than 10hours, you receive it", I don't know when they send it exactly, but for sure, not everytime).
Or you can
simply stop to use both of that functions
FrameScript_LoadBuffer and FrameScript_Load.
HB used to use this function FS_Load for direct access to LUA return of values.
example
var myVar = FS_Load("return UnitHealth()");
rather than :
FrameScript_ExecuteBuffer("HP = UnitHealth()");
var myVar = FrameScript_GetLocalizedText("HP");
The HB text is a part lie, because not so much bot or hacks used to have Fs_Load or Fs_LoadBuffer, my project TheNoobBot don't use it at all for instance.
And the goal of that detection was trully for Honorbuddy as blizzard named the opcode as is. (
EnableHonorbuddyDetection)
You know all now.
Rebased offsets as of WoW 5.3.0.17055 :
Code:
// the detection code is located here 0x83BEAC
// the detection affect
FrameScript_Load = 0xD61F0;
FrameScript_LoadBuffer = 0x4D6BF0;
//others, not affected
FrameScript_ExecuteBuffer = 0x55347; // good to execute lua
FrameScript_GetText = 0x563AB;
FrameScript_GetLocalizedText = 0x3DD8F9, // good to retrieve data
Note: the last improvements in the warden are not since Glider, it's slighly improved everytime, and they detect every hacks/bots that don't have a D3D hooks somehow fast, when I started TheNoobBot, i haven't used it, and they updated the warden check list 3 times for us within 1 week as we were changing variable when our anti-warden detected these, they even added the support for WINAPI (see kernel32.dll GetThreadPriority in WardenMon) for us, as this was targetting TheNoobBot.
You can see WardenMon, the tool of JuJuBosc, it actually monitore the warden checks for all the latest version of WoW, usually updated within a day after a patch, sometimes automaticly updated by pattern...
WardenMon
It's somehow part of the warden, the function FrameScript_Load haven't changed -at all-, it's dynamicly hooked when receiving the opcode.
Don't stress yourself just because Honorbuddy say something, most of the bot don't even use these. What they mean by "alot of stuff added" is "ONE" check. no big deals
As of 14th june, it seems the detection is no longer active (I mean they don't send packet to that opcode anymore).