PoE's Anti Cheat and Multiclienting menu

User Tag List

Results 1 to 8 of 8
  1. #1
    keyvee's Avatar Member
    Reputation
    1
    Join Date
    Sep 2015
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PoE's Anti Cheat and Multiclienting

    So we know for a fact that multiclienting with virtual machienes is kinda allowed because GGG can't detect it.
    A player may not run more than two copies of Path of Exile on the same computer. They may use multiple computer (or virtual machines, begrudgingly, because we can't really stop that) to run the extra clients.
    Does this count for sandboxie aswell? And if not, how would they ban people?
    Scenario 1: Ban those accounts who were started with sandboxie.
    Scenario 2: Ban those account who were running on the same machiene.
    Scenario 3: Ban those accounts who were running under the same IP.

    I really appreciate any kind of information, thanks alot!

    PoE's Anti Cheat and Multiclienting
  2. #2
    Marvellous Sale's Avatar Member CoreCoins Purchaser
    Reputation
    1
    Join Date
    Dec 2015
    Posts
    9
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also wonder if sandboxie or multiboxing have any issue for poe. I'm really thinking about it.

  3. #3
    thefrobel's Avatar Member CoreCoins Purchaser
    Reputation
    8
    Join Date
    Jul 2012
    Posts
    99
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Without obfuscation, the POE client can see what programs are attached to / open / running in conjunction with the POE client, and I'm assuming that they actively return that information to the server. (any good game would).
    So, yeah if it sees sandboxie attached to 3+ clients on the same machine, then I'm assuming they have something in place for flagging / banning those account.

    *alternatively* if there was some sort of process obfuscation (I'm not sure how much would be needed), but if you could make the client NOT see that X software is opening X clients, then you should be fine.

    Additionally, the multiple client issue isn't even the biggest TOS factor for MB'ing POE. that woudl be the TOS stating that you cannot use Input Broadcasting, which I'm pretty sure the game client can detect and that they probably watch for heuristically on the server side of things. (aka 2 clients from the same IP receiving they same keystroke w/in miliseconds of one another, which is not possible manually operating multiple windows of the POE client).
    Last edited by thefrobel; 01-13-2020 at 09:33 PM.

  4. #4
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1415
    Join Date
    Apr 2006
    Posts
    3,942
    Thanks G/R
    285/571
    Trade Feedback
    1 (100%)
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by thefrobel View Post
    Without obfuscation, the POE client can see what programs are attached to / open / running in conjunction with the POE client, and I'm assuming that they actively return that information to the server. (any good game would).
    So, yeah if it sees sandboxie attached to 3+ clients on the same machine, then I'm assuming they have something in place for flagging / banning those account.

    *alternatively* if there was some sort of process obfuscation (I'm not sure how much would be needed), but if you could make the client NOT see that X software is opening X clients, then you should be fine.

    Additionally, the multiple client issue isn't even the biggest TOS factor for MB'ing POE. that woudl be the TOS stating that you cannot use Input Broadcasting, which I'm pretty sure the game client can detect and that they probably watch for heuristically on the server side of things. (aka 2 clients from the same IP receiving they same keystroke w/in miliseconds of one another, which is not possible manually operating multiple windows of the POE client).
    You give their detection too much credit.

    If you have PoE running as a limited user, they can't see what processares are attached / open, nor are they returning that information to the server. Afaik, when their anti-cheat scans, it looks for "suspicious" programs... aka those with an open handle to PoE... then scans them to see if they match any patterns. There is likely also some patch detection of the game's client/files.

    Also, iirc running more than 2 clients is against the TOS and I heard word that there were bans for it, but I don't know how true that is.

  5. #5
    GameAssist's Avatar Banned CoreCoins Purchaser Authenticator enabled
    Reputation
    98
    Join Date
    Apr 2010
    Posts
    349
    Thanks G/R
    55/83
    Trade Feedback
    0 (0%)
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Sychotix View Post
    ....[1].. they can't see what processares are attached / open, ..[2]... Afaik, when their anti-cheat scans, it looks for "suspicious" programs... aka those with an open handle to PoE... then scans them to see if they match any patterns..
    How do you imagine such "anti-cheat scans" from under a user with limited rights?
    The first and second part of your post contradict each other
    Or do you have reliable information that anti-cheat scans are produced by a resident program from Ring0, which is installed along with POE?

  6. #6
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1415
    Join Date
    Apr 2006
    Posts
    3,942
    Thanks G/R
    285/571
    Trade Feedback
    1 (100%)
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wlastas View Post
    How do you imagine such "anti-cheat scans" from under a user with limited rights?
    The first and second part of your post contradict each other
    Or do you have reliable information that anti-cheat scans are produced by a resident program from Ring0, which is installed along with POE?
    No, they are separate statements. One is saying how limited user protects us, the other is saying how their anti-cheat functions.

    Basically, they scan for suspicious programs and patterns. Limited user blocks them from seeing other things as suspicious as they can't check for open handles, nor perform pattern scans.

    The guy I was responding to was making a lot of assumption about multi-client detection. Realistically, they're probably just checking IP address or MAYBE HWID. I believe they do receive data on mouse input at least (not sure about key input) but do they use that for any sort of detection? Couldn't say.
    Last edited by Sychotix; 10-12-2022 at 03:42 PM.

  7. #7
    GameAssist's Avatar Banned CoreCoins Purchaser Authenticator enabled
    Reputation
    98
    Join Date
    Apr 2010
    Posts
    349
    Thanks G/R
    55/83
    Trade Feedback
    0 (0%)
    Mentioned
    6 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Sychotix View Post
    , they scan for suspicious programs and patterns.
    I'm not trying to piss you off in any way, but I still don't understand what you mean by "scan .. patterns"
    You yourself stated that no scanning is possible here:
    https://www.ownedcore.com/forums/mmo...ml#post4355694 (Run PoE as a limited user)

    I was not too lazy then to make a test c# application and realized that you were right and calmed down.
    this code:
    Code:
    namespace Stas.NetCoreTest {
        using System.Diagnostics;
        using System.Runtime.InteropServices;
        using System.Text;
        using System.Threading;
    
        internal class LimitedUser {
            public LimitedUser() {
                while (true) {
                    try {
                        ReadTitle();
                        ReadProcess("Discord", 0);
                    }
                    catch (Exception ex) {
                        Console.WriteLine(ex.Message);
                        break;
                    }
    
                    Thread.Sleep(2000);
                }
                Console.ReadKey();
            }
            void ReadTitle() {
                var title = GetForegroundWindowTitle(); // <1 ms
                Console.WriteLine("ForegroundWindowTitle=" + title);
                var curr_top_ptr = GetForegroundWindow();
                Console.WriteLine("top_ptr=" + curr_top_ptr);
            }
            public void ReadProcess(string p_name, int p_index) {
                var _pa = Process.GetProcessesByName(p_name);
                if (_pa.Length > 0) {
                    Console.WriteLine("found ["+_pa.Length+"] with name=["+ p_name + "]");
                    if (p_index < _pa.Length) {
                        var curr_p = _pa[p_index];
                        var AddressOfProcess = curr_p.MainModule.BaseAddress;
                        Console.WriteLine("AddressOfProcess=" + AddressOfProcess);
                        var MainWindowHandle = curr_p.MainWindowHandle;
                        Console.WriteLine("MainWindowHandle=" + MainWindowHandle);
                    }
                }
            }
            [DllImport("user32.dll")]
            public static extern IntPtr GetForegroundWindow();
            [DllImport("user32.dll")]
            static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
            public static string GetForegroundWindowTitle() {
                const int nChars = 256;
                StringBuilder Buff = new StringBuilder(nChars);
                IntPtr handle = GetForegroundWindow();
                if (GetWindowText(handle, Buff, nChars) > 0) {
                    return Buff.ToString();
                }
                return null;
            }
        }
    }
    If you run it as a user with limited rights, then we will get an error already at the stage of reading curr_p.MainModule.BaseAddress
    which means the POE can only get the list of running processes and the ForegroundWindowTitle/ptr

  8. #8
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1415
    Join Date
    Apr 2006
    Posts
    3,942
    Thanks G/R
    285/571
    Trade Feedback
    1 (100%)
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wlastas View Post
    I'm not trying to piss you off in any way, but I still don't understand what you mean by "scan .. patterns"
    You yourself stated that no scanning is possible here:
    https://www.ownedcore.com/forums/mmo...ml#post4355694 (Run PoE as a limited user)

    I was not too lazy then to make a test c# application and realized that you were right and calmed down.
    this code:
    Code:
    namespace Stas.NetCoreTest {
        using System.Diagnostics;
        using System.Runtime.InteropServices;
        using System.Text;
        using System.Threading;
    
        internal class LimitedUser {
            public LimitedUser() {
                while (true) {
                    try {
                        ReadTitle();
                        ReadProcess("Discord", 0);
                    }
                    catch (Exception ex) {
                        Console.WriteLine(ex.Message);
                        break;
                    }
    
                    Thread.Sleep(2000);
                }
                Console.ReadKey();
            }
            void ReadTitle() {
                var title = GetForegroundWindowTitle(); // <1 ms
                Console.WriteLine("ForegroundWindowTitle=" + title);
                var curr_top_ptr = GetForegroundWindow();
                Console.WriteLine("top_ptr=" + curr_top_ptr);
            }
            public void ReadProcess(string p_name, int p_index) {
                var _pa = Process.GetProcessesByName(p_name);
                if (_pa.Length > 0) {
                    Console.WriteLine("found ["+_pa.Length+"] with name=["+ p_name + "]");
                    if (p_index < _pa.Length) {
                        var curr_p = _pa[p_index];
                        var AddressOfProcess = curr_p.MainModule.BaseAddress;
                        Console.WriteLine("AddressOfProcess=" + AddressOfProcess);
                        var MainWindowHandle = curr_p.MainWindowHandle;
                        Console.WriteLine("MainWindowHandle=" + MainWindowHandle);
                    }
                }
            }
            [DllImport("user32.dll")]
            public static extern IntPtr GetForegroundWindow();
            [DllImport("user32.dll")]
            static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
            public static string GetForegroundWindowTitle() {
                const int nChars = 256;
                StringBuilder Buff = new StringBuilder(nChars);
                IntPtr handle = GetForegroundWindow();
                if (GetWindowText(handle, Buff, nChars) > 0) {
                    return Buff.ToString();
                }
                return null;
            }
        }
    }
    If you run it as a user with limited rights, then we will get an error already at the stage of reading curr_p.MainModule.BaseAddress
    which means the POE can only get the list of running processes and the ForegroundWindowTitle/ptr
    You aren't Yup, thats all I was saying. Their anti-cheat will attempt to perform its scans. Windows will block these with limited user. This is all based on outdated information, as they can update their anti-cheat at any moment and I'm not aware of anyone who has gotten the payload and dumped it. Hell, for all we know... they've scrapped the client side anti-cheat entirely.

Similar Threads

  1. [VIDEO]Pirox Anti-AFK and how to setup properly
    By Tyler Durden in forum World of Warcraft Bots and Programs
    Replies: 12
    Last Post: 11-04-2007, 10:13 PM
  2. WoW anti AFK and Grinding Bot! It Works!
    By matswurld in forum World of Warcraft General
    Replies: 13
    Last Post: 06-17-2007, 08:01 PM
  3. Anti AFK and hides WoW Tab
    By cataschok in forum World of Warcraft Bots and Programs
    Replies: 4
    Last Post: 03-28-2007, 08:57 PM
  4. Anti afk, and more?
    By karrage in forum World of Warcraft Bots and Programs
    Replies: 9
    Last Post: 02-14-2007, 09:33 AM
  5. Techniques to beat anti-cheat
    By mp40stg44 in forum World of Warcraft Bots and Programs
    Replies: 2
    Last Post: 09-29-2006, 10:47 PM
All times are GMT -5. The time now is 06:34 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search