PoEHUD - Overlay for Path of Exile (Updated for 3.0)

[uumas]

if your rightclick the hud.exe and go to properties and the tab Details, there you find the original file name saved

[dlr5668]

if your rightclick the hud.exe and go to properties and the tab Details, there you find the original file name saved

thats not relevant. There are at least 100 unique strings in poehud memory you can identify it by. With limited user + access right tweaking poe wont be able to read them atm

[uumas]

i intended it as a reply to the guy asking about this

[Forumuser1000]

Looks like we may have been wrong about the reason why GGG started going after soft hacks, maphacks and ahk auto-scripts. They confirmed today via the forums there's no races up-coming or before then next season, so we know that's not an actual reason any more.

What did get officially rolled out today though..................

Tencent earlier today released an officially supported full MTX and Item trading / sales system called "WeGame" for the Chinese server realm (99% of everything they've had rolled out and tested in the last year or so on the China servers is on our rest-of-the-world servers now already) - that you can actually then exchange into real money, not just in-game currency. It's been fully developed by Tencent and Path of Exile is one of the first games to get it. Tencent's plan is to integrate this pay to win service for EVERY single game of theirs under the corporations giant umbrella, across every single gaming platform. Just like Valve's version of this for their games, Tencent's "WeGame" will take a small slice of every transaction as profit, then at the end as it head's out into real world money.

Here's what it looks like so far: ?????·-POE-??????-?????? - the rollout of the testing stage begun today with only the MTX trading and sales feature enabled so far. The rest will get rolled out in the near future. There's rare MTX's up for sale there already for a couple of thousand dollars (U.S.) and being purchased, so it's legit.

So I guess we know why GGG kicked into overdrive now to take action against botters and everyone else under the sun. Seeing the speed at which this was rolled out for the China servers since the complete sellout to Tencent, I imagine it's only going to be a matter of time before the global servers get this service too. There's absolutely no chance Tencent misses the opportunity here to cash in. Especially given how GGG ruined the player base's good will by selling out & now there's only going to be a tiny fraction of the player base handing money over for supporter packs and overpriced low quality MTX.

Quick automated translation from the official statement on the Chinese GGG POE forum:

Dear exile, the WeGame trading market started the trial run today. As the first game to log into the WeGame trading market, we will provide exiles with a free and secure trading experience. The WeGame trading market is the first to serve many Tencent games. The player's trading platform provides third-party services such as game sales and cash purchases between players, and the transaction proceeds can be cashed out to the WeChat wallet in real time. Based on the needs of the players and the needs of the game development, the "Path of Exile" will continue to optimize and expand the trading content and transaction form of the WeGame trading market, and is committed to providing a secure and rich trading platform.

At present, the WeGame trading market is in the trial operation stage. At this stage, we only open the sale and purchase of ?tradable MTX?. In the first batch, we will open a small number of players in grayscale (random screening, we will send text messages and WeGame messages, etc.) The way to inform you, please pay attention to) experience, because the trading market is the first time online, there may be imperfections, unstable situation, if you have any questions, please feedback to the official community, we will continue to optimize and adjust, please understand .

What is the "Path of Exile" WeGame trading market?

The WeGame trading market is the first trading platform to serve many Tencent gamers. The "Path of Exile" is the first game to log into the WeGame trading market. The "Path of Exile" WeGame trading market provides game-to-player fashion sales, cash purchases, fashion. Third-party services such as item system transfer, transaction proceeds can be cashed out to WeChat wallet in real time. Based on the needs of the players and the needs of the game development, the ?Exiles? will continue to optimize and expand the WeGame trading market in terms of trading content and trading processes, and is committed to providing a secure and rich trading platform.

[miracle1]

GGG took steps against cheaters because they don't want cheaters to cheat. Isn't that simple?

[Forumuser1000]

GGG took steps against cheaters because they don't want cheaters to cheat. Isn't that simple?

They've done basically nothing for like 3 years now........... There was obviously a reason why action was so abruptly taken after all that time and the methods they used suddenly so much more advanced. It's fair to guess this massive new pay-to-win and trade service was likely why.

[MurdockC]

They've done basically nothing for like 3 years now........... There was obviously a reason why action was so abruptly taken after all that time and the methods they used suddenly so much more advanced. It's fair to guess this massive new pay-to-win and trade service was likely why.

The reason was because it was never a priority to pull someone off a current project to work on hack detection. Now they're flush with Yen and they're going to put someone on it, do a few bnan waves and then forget about it for another year or two.

[TehCheat]

The reason was because it was never a priority to pull someone off a current project to work on hack detection. Now they're flush with Yen and they're going to put someone on it, do a few bnan waves and then forget about it for another year or two.

Yeah, I agree with this. They have resources now that they didn't have before. And they probably have been working on the anti-cheat for a while, it just takes time when it's likely one guy doing it as an "as you have extra time" thing. I also think it's related to PvP/Royale. I guess time will tell, but I really expect Royale to be something more at some point in the near future, and cleaning up the cheating aspect was most likely an important first step.

[xCROv]

Yeah, I agree with this. They have resources now that they didn't have before. And they probably have been working on the anti-cheat for a while, it just takes time when it's likely one guy doing it as an "as you have extra time" thing. I also think it's related to PvP/Royale. I guess time will tell, but I really expect Royale to be something more at some point in the near future, and cleaning up the cheating aspect was most likely an important first step.

I still fully believe that it's only signature checking at this point and it's only doing it when they are requesting it to. The AC seems to be only active at the time they are scanning. Not sure if this is to limit exposure and to prevent people from finding solid work arounds or if they are going to go back to what they have been doing where they have a ban wave and then they turn inactive for awhile.

I'm still testing to see if compiling my own version of this with changes will get you flagged.

[Sychotix]

I still fully believe that it's only signature checking at this point and it's only doing it when they are requesting it to. The AC seems to be only active at the time they are scanning. Not sure if this is to limit exposure and to prevent people from finding solid work arounds or if they are going to go back to what they have been doing where they have a ban wave and then they turn inactive for awhile.

I'm still testing to see if compiling my own version of this with changes will get you flagged.

Unless I'm mistaken, recompiling the code won't change the sig any more than the scrambler already does. You would need to make changes that cause their signature/pattern to not match. Maybe recompile after running an obfuscator?

[enaf3n]

Unless I'm mistaken, recompiling the code won't change the sig any more than the scrambler already does. You would need to make changes that cause their signature/pattern to not match. Maybe recompile after running an obfuscator?

That effort wouldn't be too helpful when strings like this exist in the binary:

Code:

FindPoeProcess
PoeFilterBaseVisitor
PoeHUD
PoeHUD.Hud.UI
PoeHUD.Hud.Preload
...

There are dozens, if not hundreds, of them.

Making the game a limited process isn't a fantastic solution. It is possible to get the names of all processes - including administrator processes - that have open handles to the game. Even a limited process can access the backing file's WIN32_FILE_ATTRIBUTE_DATA. From there it is easy to determine that the file was accessed after the game started and that it's approximately the size of the PoeHUD image. They can also query the window class and name as well as all the UI elements using the cache in UserSharedData - again, even as a limited process.

[Sychotix]

That effort wouldn't be too helpful when strings like this exist in the binary:

Code:

FindPoeProcess
PoeFilterBaseVisitor
PoeHUD
PoeHUD.Hud.UI
PoeHUD.Hud.Preload
...

There are dozens, if not hundreds, of them.

Making the game a limited process isn't a fantastic solution. It is possible to get the names of all processes - including administrator processes - that have open handles to the game. Even a limited process can access the backing file's WIN32_FILE_ATTRIBUTE_DATA. From there it is easy to determine that the file was accessed after the game started and that it's approximately the size of the PoeHUD image. They can also query the window class and name as well as all the UI elements using the cache in UserSharedData - again, even as a limited process.

I believe good obfuscators such as GitHub - yck1509/ConfuserEx: An open-source, free protector for .NET applications can encrypt constants (such as strings). I'm not sure if namespaces get obfuscated, but I would assume so. In theory that would significantly reduce the number of strings they could match on.

Using the method here (https://www.ownedcore.com/forums/mmo...ited-user.html (Run PoE as a limited user)), wouldn't they not be able to get any file information (including file fize, access time...etc) since the user is denied access to the folder poehud is running in?

I couldn't find any info if getting window classes/names required elevation or not with a quick google search. This could still be a a vector of attack if so.

[OwnedForumUser]

if theyd just let us have our dam autopot... thats all i need.. all ive ever used. had no reason to use any of the other plugins ever... the games just too fast paced for me to focus screen and life and its no fun dying all the time :/ ggg just lemmy have my dam autopotting for christ sake x.x lol

[Quasar420]

so far the dudes i know who got banned all claimed their realm lagged or restarted just before the bans after they logged back in with the hud, not sure if they trolling me or just trying to find a reason

Similar to what happened to me when I was warned days ago, but never banned. Heres part my original comment from when I got it.

"Kicked from game as I was fighting a triple essence in zana daily. Begin stuttering, get hit hard, game freezes entirely with almost no life, logged out automatically after a few seconds to the message.

I have never had the autologout even work reliably until just this moment, when immediately I got this message after the autolog triggered. "

[Sychotix]

Similar to what happened to me when I was warned days ago, but never banned. Heres part my original comment from when I got it.

"Kicked from game as I was fighting a triple essence in zana daily. Begin stuttering, get hit hard, game freezes entirely with almost no life, logged out automatically after a few seconds to the message.

I have never had the autologout even work reliably until just this moment, when immediately I got this message after the autolog triggered. "

How is your computer? Is it barely able to handle PoE? I wonder if simply enabling the anti-cheat caused your computer to have issues.