(Tutorial) Starting WoW-Memory Reading/Writing

[Cypher]

Maybe if you backed up your comment with some reasoning I'd be more intrested in accepting that as a fact and not opinion...

I was lead to believe during my research that Warden also scans Windows titles out of its process for certain names, thus random window titles are but one small step towards providing a little bit of security to your apps future...

Not how you conducted your 'research' but it obviously wasn't from studying Warden's current implementation, otherwise a single API hook would have proven your hypothesis to be incorrect.*

http://www.mmowned.com/forums/bots-p...-governor.html

* Protip: Dump Warden's 'imports' and check for yourself if you don't believe me. (Make sure you strip any 'dummy' entries)

At any rate, even if Warden did scan window titles, renaming your window like that would do very little.

Warden could simply use EnumWindows and then EnumChildWindows to identify your window. Or they could simply enumerate all running processes and perform memory hashing. etc etc

In short: Its a waste of time and offers effectively zero protection against Warden.

[SinnerG]

Not how you conducted your 'research' but it obviously wasn't from studying Warden's current implementation, otherwise a single API hook would have proven your hypothesis to be incorrect.*

http://www.mmowned.com/forums/bots-p...-governor.html

* Protip: Dump Warden's 'imports' and check for yourself if you don't believe me. (Make sure you strip any 'dummy' entries)

At any rate, even if Warden did scan window titles, renaming your window like that would do very little.

Warden could simply use EnumWindows and then EnumChildWindows to identify your window. Or they could simply enumerate all running processes and perform memory hashing. etc etc

In short: Its a waste of time and offers effectively zero protection against Warden.

Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:



So yeah, it is usefull to random-generate a window title :P

edit: the only 'advantage' I'd know of using a static window title is that you'll 'know' when warden is modified to prevent your bot on startup (ofc, that will not be before a banwave )

[falkor]

Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:

So yeah, it is usefull to random-generate a window title :P

Exactly what my research showed thanks for posting this

[Azzie2k8]

Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:



So yeah, it is usefull to random-generate a window title :P

edit: the only 'advantage' I'd know of using a static window title is that you'll 'know' when warden is modified to prevent your bot on startup (ofc, that will not be before a banwave )

Okay maybe this is highly stupid but isnt warden and scan.dll something very much different ?

Edit: As far as I know, those detections at startup are caused by the scan.dll.

[SinnerG]

What I wonder about Warden : IF you do NOT release a bot to the public, and make sure that ANY public library you used is 100% refactored so matching on anything within the bot would be impossible, would this make it 'safe' to inject anything, or will Warden still report 'possitives' for doing this? Or will it report as a 'possible' hack? And what if you only use memory reading and no injection at all?

[Cypher]

Errr, I just used BabBot, named it Cheat Engine 5.5 and this is the result:



So yeah, it is usefull to random-generate a window title :P

edit: the only 'advantage' I'd know of using a static window title is that you'll 'know' when warden is modified to prevent your bot on startup (ofc, that will not be before a banwave )

That's Scan.dll, it is a totally separate component to the Warden client that is loaded when you log in.

Scan.dll does out-of-process scans because it's designed as a 'warning' system, it never actually communicates anything back to Blizzard, and its only executed on startup.

Warden is loaded once you log in, runs every 15 seconds, communicates back to Blizzard, and does NOT DO WINDOW TITLE SCANS.

And as I've already pointed out, even if it did it doesn't matter because they can still find you just as easily anyway.

The results of your 'research' are wrong because you weren't testing Warden, you were testing Scan.dll, two related yet totally different modules.

Can you please stop with the stupidity now? Stickies are there for a reason. Kthx.

P.S. I think calling what you did 'research' is a bit of a stretch.

[SinnerG]

Err I never called this 'research'.. :P

[flo8464]

What I wonder about Warden : IF you do NOT release a bot to the public, and make sure that ANY public library you used is 100% refactored so matching on anything within the bot would be impossible, would this make it 'safe' to inject anything, or will Warden still report 'possitives' for doing this? Or will it report as a 'possible' hack? And what if you only use memory reading and no injection at all?

Yeah, if you keep your stuff private, you can inject whatever you want.
At least at the moment.

[Hawker]

Yeah, if you keep your stuff private, you can inject whatever you want.
At least at the moment.

Wrong wrong wrong!!!

Warden has no idea if you are private or not. There are addresses that Warden scans and if you write to them your account will get banned.

[Apoc]

Wrong wrong wrong!!!

Warden has no idea if you are private or not. There are addresses that Warden scans and if you write to them your account will get banned.

Only if you're an idiot.

There are very few addresses that it scans, most of which are for hacks (which bots really don't need...)

Or if you're TAGGING PROCESSES AS BEING ATTACHED TO.

*coughs*

[Cypher]

Err I never called this 'research'.. :P

My bad, got you and the other guy mixed up. Whatever, at any rate it was a pretty fail test.

[falkor]

My bad, got you and the other guy mixed up. Whatever, at any rate it was a pretty fail test.

As you may have noticed in my first post I made it explicitly known that I was a self confessed noob in this topic and that the research i've done is based on other peoples findings not my own.

Thus I'm looking for constructive comments to update my knowledge so I dont spread false information.

I've now learnt that scan.dll and warden are 2 seperate things and got an idea of what they do thats so different so thank you for that but please for future reference just be upfront and don't assume i know what your talking about...

[flo8464]

Wrong wrong wrong!!!

Warden has no idea if you are private or not. There are addresses that Warden scans and if you write to them your account will get banned.

I didn't say you can hook whatever you want
Injection is fine.

My bot code rarely contains more memory writing than the hook on EndScene, everything else is done by reading/calling engine functions.

[Jadd]

[YT]http://www.youtube.com/watch?v=FMEe7JqBgvg[/YT]

@OP:
Practice makes perfect.

[barathrumm]

Just wanne say thanks for a nice tutorial.

btw for anyone doing this in a 64 bit system, remember to set up the project to compile to 86 bit, or you will have problems running blackmagic, since it uses 86.