-
ZzukBot 1 Source Code
Hello,
someone decided to leak the source code of my bot. Obviously it was a heavy strike for me but since it is already public I might aswell share it here so people can learn from it:
GitHub - Zz9uk3/ZzukBot_v1: ZzukBot_v1
A bit more detailed post in my forum:
ZzukBot 1 going open source - News - ZzukBot Forum
A few more infos about the bot:
ZzukBot is a grinding bot for the 1.12.1 version of WoW. The code is a bit confusing: It is a mix of hack fixes, a project that grew over time and a programming beginner trying his best . Non the less I hope you like it:
- Fully injected c# application
- Navmesh support based on CMangos
- Anti Warden Protection (PEB unlink, erase DLL Header, Detour MemScan, Hook Module32First/Next etc.)
GitHub:
GitHub - Zz9uk3/ZzukBot_v1: ZzukBot_v1
Last edited by Corthezz; 04-22-2017 at 11:07 AM.
Check my blog: https://zzuks.blogspot.com
-
Post Thanks / Like - 13 Thanks
squiggy,
Kickupx,
DarkLinux,
sed-,
uzzy13u,
culino2,
z0yb3r,
Krack3n,
fedelis,
empathe,
lolp1,
kelevr,
homer91 (13 members gave Thanks to Corthezz for this useful post)
-
Contributor
Amazing work Zzuk
-
Post Thanks / Like - 1 Thanks
Corthezz (1 members gave Thanks to ChrisIsMe for this useful post)
-
Contributor
-
Active Member
if any one is going to use it better add custom antiwarden method its going to get detected very fast
when i release something if you want to buy/trade be fast becouse i dont log very often in the forum any more
-
Originally Posted by
karapidiola
if any one is going to use it better add custom antiwarden method its going to get detected very fast
Every single patch/write to the memory of WoW is hidden from Warden. Private servers cant alter Warden. Thus it is safe.
Originally Posted by
Empted
How has it leaked?
Since the project is pretty old a lot of people were invited/kicked from the repository over time. My main principle was to share code if people made the appearance to be nice and willing to work together and learn something. There were around 6 people who ultimately had access to the repo and I dont want to make false accusation afterall so I just learn from it for the future and wont share anything again til the day I make it open source anyway
Dont ask me about the motivation of the guy who did it. Personally I think leaking code is only making your own life harder.
Last edited by Corthezz; 04-22-2017 at 01:11 PM.
Check my blog: https://zzuks.blogspot.com
-
Post Thanks / Like - 4 Thanks
-
Active Member
i know but they are checking PE modules so they can find your hook
when i release something if you want to buy/trade be fast becouse i dont log very often in the forum any more
-
Originally Posted by
karapidiola
i know but they are checking PE modules so they can find your hook
How does a PE module allow them to find a hook?
-
Active Member
Originally Posted by
DarkLinux
How does a PE module allow them to find a hook?
cant they scan warden module it self ??hashing the hooked bytes by the bot then compare
when i release something if you want to buy/trade be fast becouse i dont log very often in the forum any more
-
The file hashing is done with the on disk image, and without the dll being in the list and it not having a header, the current warden version cannot hash the dll. Warden can self check but both methods have been patched.
-
★ Elder ★
wow man am sorry to hear it being leaked. people love to leak things for the 5mins of fame and the short hype train but are soon forgotten and thats what people dont realize when leaking priv hacks/bots and there name and there rep will be broken and black listed from further priv things in the future.
-
Post Thanks / Like - 2 Thanks
Corthezz,
~Z~ (2 members gave Thanks to sed- for this useful post)
-
Active Member
so with the page scan a and b it doesnt use VirtualQuery to bruteforce scan all the memory map on the wow process?
when i release something if you want to buy/trade be fast becouse i dont log very often in the forum any more
-
Active Member
Bad apples ruining it for the bunch.
Way to be mature about it Zzuk!
-
Post Thanks / Like - 1 Thanks
Corthezz (1 members gave Thanks to fedelis for this useful post)
-
Active Member
Last edited by uzzy13u; 03-24-2022 at 07:25 AM.
-
Post Thanks / Like - 1 Thanks
Corthezz (1 members gave Thanks to uzzy13u for this useful post)
-
Member
Sorry to hear about the leak mate, thanks for sharing your hard work despite that.
I'm always intrigued to see others' bot projects and ideas especially since it looks (cursory glance) like you incorporated some external memory reading like myself.
It seems like everyone is using the internal/injected approach these days
-
Post Thanks / Like - 1 Thanks
Corthezz (1 members gave Thanks to RobertoSageto for this useful post)
-
Originally Posted by
karapidiola
so with the page scan a and b it doesnt use VirtualQuery to bruteforce scan all the memory map on the wow process?
Right, so that's why you hook both scans and spoof when they read anything you have hooked, or if they read anything from your dll.
-
Post Thanks / Like - 2 Thanks
Corthezz,
Parog (2 members gave Thanks to DarkLinux for this useful post)