Question on the detection of methods menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Draco12's Avatar Member
    Reputation
    1
    Join Date
    Apr 2009
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question on the detection of methods

    Hello everyone,

    I've been reading this forum for a few months now and I have a question that I hope someone might answer.

    From what I can tell, there are three ways to create a bot (and possibly more).

    1) Pixel recognition
    2) Out of process memory reading/writing.
    3) In process hooking and injecting memory reading/writing.

    Obviously the in process injection is the best method, but is option 3 a LOT more detectable then option 2? I understand that running WoW as a guest puts a lot of restrictions on the WoW client, but it seams even as a guest that WoW can tell if a DLL has been injected correct?

    Maybe I'm wrong, but if I wanted to write a simple hunting bot that needed the ability to read X/Y/Z and from the ObjectManager for locating mobs, and then ONLY writing memory to do the target selection that option 2 would be the safest?

    I guess my question really is, what's the level of detection between option 2 and 3?

    Thanks again!

    Question on the detection of methods
  2. #2
    !@^^@!'s Avatar Active Member
    Reputation
    23
    Join Date
    Feb 2007
    Posts
    155
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    afaik you might as well inject if it's a private bot for just you and maybe a few friends

  3. #3
    adaephon's Avatar Active Member
    Reputation
    76
    Join Date
    May 2009
    Posts
    167
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Injection also has a steeper learning curve. And generally when you fubar your code, it fubars WoW. Out of process memory reading / writing is less 'intrusive' to the WoW client, but injection is more powerful.

  4. #4
    mnbvc's Avatar Banned
    Reputation
    120
    Join Date
    Jul 2009
    Posts
    273
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    out of process reading... nearly impossible to detect

    writing / in process stuff, definitely detectable but blizzard doesn't care as long as it's no public bot (some offsets are watched...)

  5. #5
    Robske's Avatar Contributor
    Reputation
    305
    Join Date
    May 2007
    Posts
    1,062
    Thanks G/R
    3/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Read Cypher's post on In/Out process and the Governer thread in the Bots & Programs section.

    tldr: inject & stay private.
    "Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live." - Martin Golding
    "I cried a little earlier when I had to poop" - Sku

  6. #6
    Draco12's Avatar Member
    Reputation
    1
    Join Date
    Apr 2009
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all the information.. I used to work on a bot called WoWSharp years and years ago.. I never worked on the actual dll which was injected, but I worked on the bots that used the DLL. It was an incredible bot at the time and the source code is still available.

    If either of you wouldn't mind.. What are the limitations of a out of process reading/writing bot versus an in process injected DLL?

    So what you are all also saying is, that an injected DLL is still detectable by Blizzard as well as a write process memory even though the WoW client is being ran as a guest?

    Thank you again.

    -Draco

  7. #7
    adaephon's Avatar Active Member
    Reputation
    76
    Join Date
    May 2009
    Posts
    167
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Injected means you are inside WoWs process space meaning your code has same priveleges as WoW. Meaning if WoW is guest and you inject into it you are guest also. And as far as I understand a process running as a guest is limited in how it can interact with the rest of the system but it obviously has full access to anything within its own process space (and being injected that would include your bot dll)

  8. #8
    Draco12's Avatar Member
    Reputation
    1
    Join Date
    Apr 2009
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What are the benefits of in process injected DLL versus out of process memory reading/writing?

    Can you do everything out of process that you can do in process?

    It seems if you can, that it might be safer to just do everything out of process, correct?

    Thanks guys!

  9. #9
    mindwalkr's Avatar Private
    Reputation
    1
    Join Date
    Dec 2009
    Posts
    12
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Speaking out of my ass here, but....

    Injected:
    - you can call subroutines directly that calculate values and get the results
    - you can modify (some/all?) internal variables... eg: current target, facing etc

    OOP:
    - if you can't read a value directly (eg: subroutine calculates LOS between two objects... you can't just 'read' this), you have to calculate it yourself, or handle the error when something fails and act appropriately
    - you need to replicate keystrokes... key-turning.. sloooow & looks bottish
    - if you want the WoW window to be NOT the current focus (so you can continue to use the machine), you will need to write a fake mouse driver for WoW to think it is getting mouse input. This is for selection of on-screen items (needed some some special cases ?) and mouse-turning.
    - need to use world-to-screen to calculate X,Y positions on screen of in-game objects (and worry about occlusion!)

    People who have actually looked long and hard at this could probably provide more details.

  10. #10
    Därkness's Avatar Active Member
    Reputation
    22
    Join Date
    Jul 2009
    Posts
    113
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by mindwalkr View Post
    Speaking out of my ass here, but....

    Injected:
    - you can call subroutines directly that calculate values and get the results
    - you can modify (some/all?) internal variables... eg: current target, facing etc

    OOP:
    - if you can't read a value directly (eg: subroutine calculates LOS between two objects... you can't just 'read' this), you have to calculate it yourself, or handle the error when something fails and act appropriately
    - you need to replicate keystrokes... key-turning.. sloooow & looks bottish
    - if you want the WoW window to be NOT the current focus (so you can continue to use the machine), you will need to write a fake mouse driver for WoW to think it is getting mouse input. This is for selection of on-screen items (needed some some special cases ?) and mouse-turning.
    - need to use world-to-screen to calculate X,Y positions on screen of in-game objects (and worry about occlusion!)

    People who have actually looked long and hard at this could probably provide more details.
    For OOP, if you define OOP as no memory writes or injection, but allow memory reads:
    - You can still get the object manager and player data from player struct with simple memory reads
    - To select a mob you can tab untill the GUID of the mob you want to target = current target
    - To select an npc if you know its (fixed) location and you know its name, you can send keys to enter /target (name of the npc) when at its position

    No need for a custom mouse driver, or World to Screen with this method

    IMO if you have not much experience do memory writing to CTM global and use the objectmanager, don't attempt injection unless you feel up to it, its a steep learning curve (one I still havent attempted xD)
    Last edited by Därkness; 04-17-2010 at 12:17 AM.

    "I shall call him Tufty," - Raest, Malazan Book of the Fallen.

  11. #11
    caytchen's Avatar Contributor
    Reputation
    138
    Join Date
    Apr 2007
    Posts
    162
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't really see where there is a big learning curve with injection. Actually, staying out of process and having to go to great lengths for achieving simple things like targeting seems much harder and error prone. For in process, just remember to stay away from those obvious honeypots like wallclimb patches, and stay private.

  12. #12
    abdula123's Avatar Sergeant
    Reputation
    14
    Join Date
    Feb 2010
    Posts
    46
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by caytchen View Post
    I don't really see where there is a big learning curve with injection. Actually, staying out of process and having to go to great lengths for achieving simple things like targeting seems much harder and error prone. For in process, just remember to stay away from those obvious honeypots like wallclimb patches, and stay private.
    Or do wallclimb, speedhacks, ect, but intercept and correct warden traffic, and STAY PRIVATE!!!

  13. #13
    mindwalkr's Avatar Private
    Reputation
    1
    Join Date
    Dec 2009
    Posts
    12
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by abdula123 View Post
    Or do wallclimb, speedhacks, ect, but intercept and correct warden traffic, and STAY PRIVATE!!!
    Uh... I was under the impression that what happened was:
    - polymorphic warden code segment downloaded
    - code in segment is run (probably with a server generated seed for signing)
    - result is returned to server
    - server checks result against what it should be

    If would be EXTREMELY retarded of Blizz to have make the result a T/F or something you can 'fix' imo.
    Last edited by mindwalkr; 04-19-2010 at 01:28 PM. Reason: I can't spell

  14. #14
    kynox's Avatar Account not activated by Email
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by mindwalkr View Post
    Uh... I was under the impression that what happened was:
    - polymorphic warden code segment downloaded
    - code in segment is run (probably with a server generated seed for signing)
    - result is returned to server
    - server checks result against what it should be

    If would be EXTREMELY retarded of Blizz to have make the result a T/F or something you can 'fix' imo.
    What he's saying isn't trivial, but its possible.

  15. #15
    abdula123's Avatar Sergeant
    Reputation
    14
    Join Date
    Feb 2010
    Posts
    46
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by mindwalkr View Post
    Uh... I was under the impression that what happened was:
    - polymorphic warden code segment downloaded
    - code in segment is run (probably with a server generated seed for signing)
    - result is returned to server
    - server checks result against what it should be

    If would be EXTREMELY retarded of Blizz to have make the result a T/F or something you can 'fix' imo.

    1. warden module downloaded.
    2. warden module placed in memory, initalized, etc.
    3. warden module feed with seed (recieved from server) and generate crypto keys (and hash, that will return to server)
    at this moment you can read these keys from wow memory.
    4. warden module use this crypto keys to decrypt incoming packets.
    with known keys you can do same thing.
    5. warden module do checks as described in decrypted packets.
    6. warden module encrypt response and send it to server.
    with two crypto-states (based on keys) you can do mitm attack and do with packets any thing you want. for example, check it with list of known correct answers, replace wrong ones with correct, send modified packet to server and print some fancy colored text on console
    Last edited by abdula123; 04-19-2010 at 10:05 PM.

Page 1 of 2 12 LastLast

Similar Threads

  1. [Question] How to detect the HP left ingame?
    By ziknos in forum Diablo 3 Bots Questions & Requests
    Replies: 2
    Last Post: 06-01-2012, 02:23 PM
  2. question about the armor plating on armored epic mounts
    By kanezfan in forum WoW ME Questions and Requests
    Replies: 3
    Last Post: 08-07-2007, 12:56 PM
  3. Question about the Emerald Dream itself
    By Macroman in forum WoW ME Questions and Requests
    Replies: 11
    Last Post: 11-22-2006, 11:18 PM
  4. Question about the emerald dreams
    By mason in forum WoW ME Questions and Requests
    Replies: 2
    Last Post: 11-16-2006, 08:28 PM
  5. 1-60 in 3 Weeks (The guide and method the WoW Power Levelers use)
    By Matt in forum World of Warcraft Guides
    Replies: 3
    Last Post: 08-15-2006, 04:20 PM
All times are GMT -5. The time now is 08:45 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search