Run PoE as a limited user

[GameAssist]

I disagree that all bans are from that though. Many people (myself included) have been using Stashie with inhuman like clicks for a long time with no bans to date. .

oh very interesting.
What do you mean by "with inhuman like clicks" - can you be a little more specific? Does it mean that you move the mouse very fast and have an extremely short delay between clicks? What value do you consider safe and optimal? Unless of course it's private information...

By human like I meant for example the behavior of a group of bots on the maps - when 4 bots follow the leader point to point it looks extremely unsafe and can be easily detected on the server automatically
I had a bot banned that behaved extremely strangely in one of the town - there was a failure in the algorithm of interaction with the NPC and it ran from one to another for an hour, perhaps

[Sychotix]

oh very interesting.
What do you mean by "with inhuman like clicks" - can you be a little more specific? Does it mean that you move the mouse very fast and have an extremely short delay between clicks? What value do you consider safe and optimal? Unless of course it's private information...

By human like I meant for example the behavior of a group of bots on the maps - when 4 bots follow the leader point to point it looks extremely unsafe and can be easily detected on the server automatically
I had a bot banned that behaved extremely strangely in one of the town - there was a failure in the algorithm of interaction with the NPC and it ran from one to another for an hour, perhaps

Yes, extremely fast clicks and mouse movements. I use the default settings of the plugin. I would expect GGG to focus their efforts elsewhere for bot detection instead of moving items around to/from the stash. Detection is a cat and mouse game... even if there was a single answer of "This is safe" they could move the goal post in whatever direction at any point in time. Hell, they might even be able to search audits to change detection retroactively.

[thebbandit]

oh very interesting.
What do you mean by "with inhuman like clicks" - can you be a little more specific? Does it mean that you move the mouse very fast and have an extremely short delay between clicks? What value do you consider safe and optimal? Unless of course it's private information...

By human like I meant for example the behavior of a group of bots on the maps - when 4 bots follow the leader point to point it looks extremely unsafe and can be easily detected on the server automatically
I had a bot banned that behaved extremely strangely in one of the town - there was a failure in the algorithm of interaction with the NPC and it ran from one to another for an hour, perhaps

He is talking about instant mouse movements, clicks happening exactly in position within milliseconds of each other. These are inhuman, but also not really outwardly detectable. They need to process information to develop trends in behavior. But when you have someone being suspicious in town, walking the same exact paths, doing the same thing over and over again.... its people reporting them that is causing the account flag most likely. The same stuff is true for other games like WOW. You can do all kinds of hacks, but the moment you try hacking in a BG everyone is going to report you. You are exposing your behavior to the other players, and they are likely reporting it using the tools they give to the players to do just that.

And as Sychotix points out, we are at the whim of GGG's decisions in this regard. While at any point we may feel this is "safe enough" that could change. Some methods will be more or less vulnerable to detection, but we can use every tool available to us to obscure our activity. This does not mean someone could report your account for something you thought was benign, and you get new scrutiny on your account which finds something.

Anywho, just came onto the thread to share a bit of a change I made in my BAT file so that I can launch gamehelper when the game is not open. The changed lines are in green. This works best when you enable the option to close GH when the game exits.

Code:

SETLOCAL
ECHO OFF
SET run_as=C:\Windows\System32\runas.exe


REM Name of the local user account you are having launch the EXE
SET local_user=LimitedUserName


REM Possible EXE names: PathOfExile.exe, PathOfExile_x64.exe, PathOfExileSteam.exe, PathOfExile_x64Steam.exe, PathOfExile_KG.exe, PathOfExile_x64_KG.exe
SET exe_name=PathOfExile.exe


REM You can launch the game with additional Parameters --waitforpreload
SET exe_params=--nologo


REM Keep in mind because of strange reasons this one must have / instead of \
SET exe_path=D:/Program Files (x86)/Grinding Gear Games/Path of Exile


REM Set path and file for game helper
SET GH_path=C:/Path/To/GH
SET exe_gh=Launcher.exe


REM Make sure to change this drive letter if not on C: drive
CD D:


REM Now we run the code you provided
TASKLIST /fi "IMAGENAME eq %exe_name%" 2>NUL | FIND /I /N "%exe_name%">NUL
IF NOT "%ERRORLEVEL%"=="0" SET run=1
IF "%run%"=="1" START %run_as% /user:%local_user% /savecred "cmd /C cd /D \"%exe_path%\" && Start /high %exe_name% %exe_params%"

CD C:
IF "%run%"=="1" CD %GH_path%
IF "%run%"=="1" Start /high %exe_gh%

REM ---------------
REM Scripts Section
REM ---------------


REM Place all scripts in subfolders one directory
SET scripts_path=C:\Path\To\Scripts
SET ahk_path=C:\Program Files\AutoHotkey


REM Name of the script to run
SET script_1_name=PoE-Wingman.ahk
REM Which subdirectory of the scripts folder
SET script_1_subpath=PoE-Wingman
REM What to look for as an active process in AHK
SET script_1_searchString=PoE-Wingman.ahk ahk_exe AutoHotkey.exe
REM Build the Path from supplied values
SET script_1_path=%scripts_path%\%script_1_subpath%\%script_1_name%

REM Script 2
SET script_2_name=Awakened PoE Trade.exe
SET script_2_searchString=ahk_exe %script_2_name%
REM Build the Path
SET script_2_path=C:\Path\To\Awakened PoE Trade\%script_2_name%

REM Script 3
SET script_3_name=POE Trades Companion.ahk
SET script_3_subpath=POE-Trades Companion
SET script_3_searchString=%script_3_name% ahk_exe AutoHotkey.exe
REM Build the Path
SET script_3_path=%scripts_path%\%script_3_subpath%\%script_3_name%

REM Script 4
SET script_4_name=PoE-HarvestVendor.ahk
SET script_4_subpath=HarvestVendor
SET script_4_searchString=%script_4_name% ahk_exe AutoHotkey.exe
REM Build the Path
SET script_4_path=%scripts_path%\%script_4_subpath%\%script_4_name%

REM Send script to AutoHotkey to evaluate for hidden window titles
(
ECHO #NoTrayIcon 
ECHO SetTitleMatchMode, 2
ECHO DetectHiddenWindows On
ECHO If !WinExist^("%script_1_searchString%"^^^)
ECHO Run *RunAs %script_1_path%
ECHO If !WinExist^("%script_2_searchString%"^^^)
ECHO Run %script_2_path%
ECHO If !WinExist^("%script_3_searchString%"^^^)
ECHO Run %script_3_path%
ECHO If !WinExist^("%script_4_searchString%"^^^)
ECHO Run %script_4_path%
ECHO ExitApp


)| "C:\Program Files\AutoHotkey\AutoHotkey.exe" *

[GameHelper]

> What value do you consider safe and optimal? Unless of course it's private information...

There is a software that comes with visual studio 2019 ( you can even download it separately). It is called spy++ (or spyxx). Here it is normally installed: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\Tools. It basically allow you to record the mouse events sent to the program ( e.g. path of exile game ).



1: Open this software and start recording mouse events sent to the game.
2: Now move the mouse from location X1,Y1 to location X2,Y2 in the game.
3: Now look at what the software have recorded.
4: Now tell your bot to move the mouse from X1,Y1 to X2,Y2 in the game.
5: Now look at what the software have recorded.

If both are similar (or same), you got a human like mouse input bot.
If both are different then your bot is doing inhuman like clicks/mouse movements.

[Sychotix]

> What value do you consider safe and optimal? Unless of course it's private information...

There is a software that comes with visual studio 2019 ( you can even download it separately). It is called spy++ (or spyxx). Here it is normally installed: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\Tools. It basically allow you to record the mouse events sent to the program ( e.g. path of exile game ).



1: Open this software and start recording mouse events sent to the game.
2: Now move the mouse from location X1,Y1 to location X2,Y2 in the game.
3: Now look at what the software have recorded.
4: Now tell your bot to move the mouse from X1,Y1 to X2,Y2 in the game.
5: Now look at what the software have recorded.

If both are similar (or same), you got a human like mouse input bot.
If both are different then your bot is doing inhuman like clicks/mouse movements.

Well, depending on how they do their detection... I don't think its that difficult to determine if a key event is simulated or not. The input messages include if the input was simulated, plus mouse movement isn't usually smooth for bots. Normally you jump from point A to point B instantly... but some have done either a curve or straight line with points along that they move the mouse to first for improved security in other games.

Again, I don't expect that they are actually banning for these things. Like you said, its probably a mix of reports, pathing, and other various behaviors that lead to bans for botting. As someone who has used bots, I could always tell when someone was using a bot (that wasn't just for rotations) in WoW. Pathing was too... straight lined. Combat felt very... still. The behavior is just very predictable compared to a human who does things for no reason other than being bored or misclicking.

[GameAssist]

The input messages include if the input was simulated.

could you elaborate on this a little more?

The behavior is just very predictable compared to a human who does things for no reason other than being bored or misclicking.

more than a year after lvl 90 I've been leveling with bots in public groups (mainly on Beachhead / Breachstones)
I'm like a group leader + 2-3 bots + 2-3 real players from the LFG 820 channel.
Not once did anyone suspect anything.

[Sychotix]

could you elaborate on this a little more?


more than a year after lvl 90 I've been leveling with bots in public groups (mainly on Beachhead / Breachstones)
I'm like a group leader + 2-3 bots + 2-3 real players from the LFG 820 channel.
Not once did anyone suspect anything.

This stackoverflow should give a bit more info if you want.
c++ - Detecting simulated keyboard/mouse input - Stack Overflow

[GameAssist]

This stackoverflow should give a bit more info if you want.
c++ - Detecting simulated keyboard/mouse input - Stack Overflow

so..So there is probably no way to tell whether the input is coming from a "real" keyboard or not.
December 21, 2010 - The Old New Thing
Q.E.D.

[Sychotix]

so..So there is probably no way to tell whether the input is coming from a "real" keyboard or not.
December 21, 2010 - The Old New Thing
Q.E.D.

I'm not sure what you mean. The stackoverflow link I posted shows that there should be a flag set for simulated inputs. Actual hardware events should not have this flag set. I believe the flag is set by windows as well, so its not like you can just turn the flag off before sending your simulated inputs.

[GameAssist]

The stackoverflow link I posted shows that there should be a flag set for simulated inputs.

yes i have seen this structure

Code:

typedef enum tagINPUT_MESSAGE_ORIGIN_ID {
  IMO_UNAVAILABLE = 0x00000000,
  IMO_HARDWARE = 0x00000001,
  IMO_INJECTED = 0x00000002,
  IMO_SYSTEM = 0x00000004
} INPUT_MESSAGE_ORIGIN_ID;

Can we determine with certainty whether there is a function GetCurrentInputMessageSource call somewhere in the POE?
I want to implement a simulation of mouse and keyboard input in an inactive window - that's why I'm interested in this

[Sychotix]

yes i have seen this structure

Code:

typedef enum tagINPUT_MESSAGE_ORIGIN_ID {
  IMO_UNAVAILABLE = 0x00000000,
  IMO_HARDWARE = 0x00000001,
  IMO_INJECTED = 0x00000002,
  IMO_SYSTEM = 0x00000004
} INPUT_MESSAGE_ORIGIN_ID;

Can we determine with certainty whether there is a function GetCurrentInputMessageSource call somewhere in the POE?

Open up the binary in something like Ghidra and that will tell you for the base code. The anti-cheat payload is delivered while playing and destroyed almost immediately after. I'm not aware of anyone being able to capture the payload for analyzing.

[lilith1976]

good ：竖起大拇指：

[senail]

I play the Korean server Kakao version only on the homepage Is there any way to do this?

[Sychotix]

I play the Korean server Kakao version only on the homepage Is there any way to do this?

This is entirely windows functionality. If you launch whatever program launches PoE as a limited user, everything below it should have limited user permissions as well. A program running as user "PoEHacker" can only launch other programs as that user (unless it has admin rights ofc)

[senail]

The Korean server is accessible only through the Internet. This is a method of accessing and logging in to the game using the Poe loader of GGG, what should I set to access Poe through login on the Internet?