PoeHUD - Overlay for Path of Exile

[enaf3n]

Oh and if it just checks crc32 of the names of opened processes and for maphack my version should be safe.
It can even go and look at what processes have open handles to it for all I care since the hash and name of the HUD are randomized at each run with my latest commits.

Well I was thinking to switch from RPM to WinIo but that'd take a bit of work and I don't think they'd go as far as to hook RPM... I hope... that'd be further than VAC or PB has ever gone.

Don't be too certain about the safety of randomization. If your version has an open handle to the game client, that's legitimate grounds for them to use their process enumeration to peek at the memory of your process and detect various signatures.

[fabcard]

change the exe + window name and it's undetected.

Hey friend, how to change the window name please?
I'll wait no more. I want play the game. If I get banned then I go play something else. Just can't play PoE with no autoflasks + poehud. It doesn't really matter if there are no more maphack, zoom and particles but what I miss are the extra info on items when hovering them, item alert, boss alert and those extra things like dps, kill counter, etc...
BTW, thank you all that are contributing to make poehud "clean" to the new PoE anti-cheat system.

[HvC]

Don't be too certain about the safety of randomization. If your version has an open handle to the game client, that's legitimate grounds for them to use their process enumeration to peek at the memory of your process and detect various signatures.

Detect which signatures ? Though, as far as I'm aware it'd trigger uac and I can always just encrypt most of the hud's memory on runtime, that seems like a terrible way to detect a cheat especially since it could be so easely counterd by using the api provided by windows for specifically this...
Plus could you imagine all the things that have open handles to a process, a great number of drivers, steam xfire, any number of windows components, it'd lag the game terribly if they actually went after every open handle...

[FrankTheCrazy]

Hey friend, how to change the window name please?

The version I posted (aka HvC's version) does this automagically on launch.

[enaf3n]

Detect which signatures ? Though, as far as I'm aware it'd trigger uac and I can always just encrypt most of the hud's memory on runtime, that seems like a terrible way to detect a cheat.
Plus could you imagine all the things that have open handles to a process, a great number of drivers, steam xfire, any number of windows components, it'd lag the game terribly if they actually went after every open handle...

Your executable has code in it. That code creates unique(ish) signatures which they can use to identify the process as being yours.That's how they would pick your executable apart from all the other ones that might have open handles to the game.

As far as I know they do all of this on a seperate thread so it should have minimal, if any, impact on the game performance. One way to bypass it would be to decrease the thread's priority until it basically gets no CPU time whatsoever, but I imagine if you don't respond within a reasonable amount of time, you're flagged anyway. Also, it should not trigger UAC because you have already granted the game sufficient privileges.

[HvC]

Your executable has code in it. That code creates unique(ish) signatures which they can use to identify the process as being yours.That's how they would pick your executable apart from all the other ones that might have open handles to the game.

As far as I know they do all of this on a seperate thread so it should have minimal, if any, impact on the game performance. One way to bypass it would be to decrease the thread's priority until it basically gets no CPU time whatsoever, but I imagine if you don't respond within a reasonable amount of time, you're flagged anyway. Also, it should not trigger UAC because you have already granted the game sufficient privileges.

Well I could Implement on runtime seeded packing but from the current reversings of the anti cheat there's no reason to, I don't think they have the time/resources to create on the fly analysis, I mean they could go through the PE header but I already randomise that, worst case scenario I'll have to use runtime packing but I doubt it'd come to that.

[enaf3n]

Well I could Implement on runtime seeded packing but from the current reversings of the anti cheat there's no reason to, I don't think they have the time/resources to create on the fly analysis, I mean they could go through the PE header but I already randomise that, worst case scenario I'll have to use runtime packing but I doubt it'd come to that.

Perhaps you're right. But it really does come down to a cat and mouse game - if you implement something that makes you more difficult to detect, they'll likely chase you with improved detection methods. We'll be destined to do this dance with them forever.

[HvC]

I don't think GGG is big enough to care and/or react for QOL changes like the HUD does, I think they'll go after the bots first since those are the ones that truly affect the economy.
We shall see. Till then I guess I'll go write a packer for this.

[Gluben]

My path of exile goes fully black when I start the hud. Any idea why this is happening?

I have .net installed 4.5 or higher.

Appreciate if someone can help me

[SpaceGuy119]

change the exe + window name and it's undetected.

Is there a way you can explain to someone that doesn't understand coding (me) how to do that?

edit: because I'll probably need to do this for my botter, and my pot scripts right.

[HvC]

My path of exile goes fully black when I start the hud. Any idea why this is happening?

I have .net installed 4.5 or higher.

Appreciate if someone can help me

Enable aero make sure slimdx is installed.

[Natolg]

since maphacks looks to be everything they scan for at this moment, here is an alternative maphack method. i am pretty sure its not detectable using the current scan methods, please correct me if im wrong.

Code:

int start = M.ReadInt(Game.IngameState + 0xC88, 0x48);
int end = M.ReadInt(Game.IngameState + 0xC88, 0x4C);
for (; start < end; start += 4)
    M.WriteFloat(start, 1.0f);
M.WriteBytes(M.ReadInt(Game.IngameState + 0xC88) + 0x58, new byte[] { 1 });

how it works is it writes to the array used by the minimap instead of changing the minimap function. poe also writes to this array when you explore the map so it should be harder for them to see a difference between maphackers and players that explored the map. it also cannot be found by pattern scan so i believe they can not detect at all unless they add more features to the anti cheat.

[enaf3n]

since maphacks looks to be everything they scan for at this moment, here is an alternative maphack method. i am pretty sure its not detectable using the current scan methods, please correct me if im wrong.

Code:

int start = M.ReadInt(Game.IngameState + 0xC88, 0x48);
int end = M.ReadInt(Game.IngameState + 0xC88, 0x4C);
for (; start < end; start += 4)
    M.WriteFloat(start, 1.0f);
M.WriteBytes(M.ReadInt(Game.IngameState + 0xC88) + 0x58, new byte[] { 1 });

how it works is it writes to the array used by the minimap instead of changing the minimap function. poe also writes to this array when you explore the map so it should be harder for them to see a difference between maphackers and players that explored the map. it also cannot be found by pattern scan so i believe they can not detect at all unless they add more features to the anti cheat.

This is quite easy to detect. The game knows when you change servers (moving between instances) and so if you have a fully revealed map within a reasonable amount of time of joining a new instance, that's a pretty obvious cheat.

Additionally, they could routinely check this memory location and if it goes from "somewhat partially revealed" suddenly to "fully revealed" at any time, that would also be an obvious red flag. Honestly I wouldn't recommend this approach.

[ratchulas]

I'm not sure how the maphack works exactly, but could this be a potential work around:

Similarly to the HuD drawing things on PoE (the hud ui, enemy hp bars, drawing icons where enemies are, etc) couldnt the PoEHuD devs do the same thing for the maphack? What I mean is can you get the Map data, then make PoEHuD draw the map with it's own assets on top of PoE? That way you dont send anything to PoE?

[HvC]

I'm not sure how the maphack works exactly, but could this be a potential work around:

Similarly to the HuD drawing things on PoE (the hud ui, enemy hp bars, drawing icons where enemies are, etc) couldnt the PoEHuD devs do the same thing for the maphack? What I mean is can you get the Map data, then make PoEHuD draw the map with it's own assets on top of PoE? That way you dont send anything to PoE?

We would have to reverse engineer the mapgen itself, more complicated than it seems.