ZzukBot 1 Source Code

[Corthezz]

Hello,
someone decided to leak the source code of my bot. Obviously it was a heavy strike for me but since it is already public I might aswell share it here so people can learn from it:
GitHub - Zz9uk3/ZzukBot_v1: ZzukBot_v1

A bit more detailed post in my forum:
ZzukBot 1 going open source - News - ZzukBot Forum

A few more infos about the bot:
ZzukBot is a grinding bot for the 1.12.1 version of WoW. The code is a bit confusing: It is a mix of hack fixes, a project that grew over time and a programming beginner trying his best . Non the less I hope you like it:

1. Fully injected c# application
2. Navmesh support based on CMangos
3. Anti Warden Protection (PEB unlink, erase DLL Header, Detour MemScan, Hook Module32First/Next etc.)

GitHub:
GitHub - Zz9uk3/ZzukBot_v1: ZzukBot_v1

[ChrisIsMe]

Amazing work Zzuk

[Empted]

How has it leaked?

[karapidiola]

if any one is going to use it better add custom antiwarden method its going to get detected very fast

[Corthezz]

if any one is going to use it better add custom antiwarden method its going to get detected very fast

Every single patch/write to the memory of WoW is hidden from Warden. Private servers cant alter Warden. Thus it is safe.

How has it leaked?

Since the project is pretty old a lot of people were invited/kicked from the repository over time. My main principle was to share code if people made the appearance to be nice and willing to work together and learn something. There were around 6 people who ultimately had access to the repo and I dont want to make false accusation afterall so I just learn from it for the future and wont share anything again til the day I make it open source anyway

Dont ask me about the motivation of the guy who did it. Personally I think leaking code is only making your own life harder.

[karapidiola]

i know but they are checking PE modules so they can find your hook

[DarkLinux]

i know but they are checking PE modules so they can find your hook

How does a PE module allow them to find a hook?

[karapidiola]

How does a PE module allow them to find a hook?

cant they scan warden module it self ??hashing the hooked bytes by the bot then compare

[DarkLinux]

The file hashing is done with the on disk image, and without the dll being in the list and it not having a header, the current warden version cannot hash the dll. Warden can self check but both methods have been patched.

[sed-]

wow man am sorry to hear it being leaked. people love to leak things for the 5mins of fame and the short hype train but are soon forgotten and thats what people dont realize when leaking priv hacks/bots and there name and there rep will be broken and black listed from further priv things in the future.

[karapidiola]

so with the page scan a and b it doesnt use VirtualQuery to bruteforce scan all the memory map on the wow process?

[fedelis]

Bad apples ruining it for the bunch.

Way to be mature about it Zzuk!

[uzzy13u]

// edit - removed

[RobertoSageto]

Sorry to hear about the leak mate, thanks for sharing your hard work despite that.
I'm always intrigued to see others' bot projects and ideas especially since it looks (cursory glance) like you incorporated some external memory reading like myself.
It seems like everyone is using the internal/injected approach these days

[DarkLinux]

so with the page scan a and b it doesnt use VirtualQuery to bruteforce scan all the memory map on the wow process?

Right, so that's why you hook both scans and spoof when they read anything you have hooked, or if they read anything from your dll.