Changing WoW window name

**Aryan** · 08-06-2008

Would it be a bad idea to change the name of the WoW window? And if so how do you suppose I get a unique handle for each open WoW? I figure having unique windows name would be the easiest.

Edit: Although loading the WoWs with my own program might even be a better way of doing it. Any ideas?

**Cypher** · 08-06-2008

It's not a 'bad idea', just a pointless idea. Nothing bad will come of it, but there's no point in doing it.

I don't know what you mean 'how do you suppose i get a unique handle', handles are always unique. Rather than using FindWindow enumerate the process list, or use CreateProcess.

**Aryan** · 08-06-2008

Yeah I used CreatProcess and then GetWindowThreadProcessId to get the HWND

**Cypher** · 08-07-2008

Why do you need a window handle anyway?

**Aryan** · 08-07-2008

Because while using 3 WoW's on the same computer I need to be able to determine which is which so I don't send a command to one when it was meant for another. Many windows functions that relay information to and from a process needs the window handle.

**Cypher** · 08-07-2008

Originally Posted by Aryan

Because while using 3 WoW's on the same computer I need to be able to determine which is which so I don't send a command to one when it was meant for another. Many windows functions that relay information to and from a process needs the window handle.

Eeew, you're sending keys/mouse-movements via the WinAPI? If you inject a DLL you can use WoW's LUA functions to do most of your dirty work.

**lanman92** · 08-07-2008

Please don't flame me cypher, but could you explain how we go about making a dll to inject this shit..... I dont really understand it =/ I've been working on my C++ though

**Aryan** · 08-08-2008

Originally Posted by Cypher

Eeew, you're sending keys/mouse-movements via the WinAPI? If you inject a DLL you can use WoW's LUA functions to do most of your dirty work.

I know this but I am not comfortable making hooks or injecting in WoW since I will take no chance at triggering warden. I am also creating only a simple tool for my follow bots. I know what I am doing. Thanks though!

Originally Posted by lanman92

Please don't flame me cypher, but could you explain how we go about making a dll to inject this shit..... I dont really understand it =/ I've been working on my C++ though

You're going to want to look into learning to RE. This site could get you started: Tuts 4 You

**Cypher** · 08-08-2008

For learning to RE a good book is:
Reversing: The Art of Reverse Engineering

Anyway, on topic, WoW has checks in place to stop movement of the mouse via SendMessage/PostMessage, so that's just as likely to piss off warden as code hooks.

Also, injection will not get you banned, warden doesn't care if you inject a DLL because there's about a million legitimate programs that to it. Take IM clients for example, some inject a DLL into every running process in order to hook user input. (For the 'Idle' detetion)

The only thing Warden would catch you on when doing what you're trying to do is when you need to unprotect the protected lua funcs, but as I stated in another thread you can avoid that check by changing the funciton at the top rather than modifying the cmp/jmp.

**Jens** · 08-08-2008

Originally Posted by Aryan

Would it be a bad idea to change the name of the WoW window? And if so how do you suppose I get a unique handle for each open WoW? I figure having unique windows name would be the easiest.

Edit: Although loading the WoWs with my own program might even be a better way of doing it. Any ideas?

i did this in C#, it should simply just get all the wow processes running and change the title.

Code:

using System;
using System.Runtime.InteropServices;
using System.Diagnostics;

namespace changeWowHandles
{
    class blabla
    {
        [DllImport("user32.dll")]
        static extern bool SetWindowText(IntPtr hWnd, string lpString);


        private void ChangeTitles()
        {
            Process[] check = Process.GetProcessesByName("Wow");

            foreach (Process p in check)
            {
                if (p.MainWindowHandle != IntPtr.Zero)
                {
                    IntPtr windowHandle = check[i].MainWindowHandle;
                    SetWindowText(windowHandle, "wow: " + i); 
                    i++;
                }
            }
        }
     }
}

**Aryan** · 08-08-2008

Thanks all.

**puppychow** · 08-08-2008

Originally Posted by Cypher

For learning to RE a good book is:
Reversing: The Art of Reverse Engineering

Anyway, on topic, WoW has checks in place to stop movement of the mouse via SendMessage/PostMessage, so that's just as likely to piss off warden as code hooks.

Also, injection will not get you banned, warden doesn't care if you inject a DLL because there's about a million legitimate programs that to it. Take IM clients for example, some inject a DLL into every running process in order to hook user input. (For the 'Idle' detetion)

The only thing Warden would catch you on when doing what you're trying to do is when you need to unprotect the protected lua funcs, but as I stated in another thread you can avoid that check by changing the funciton at the top rather than modifying the cmp/jmp.

this is, imo, a dangerous line of thinking. (1) Warden can be updated any time to check the entire prot lua area instead of just some areas, and since warden auto updates without a patch you have to then start keeping an eye on warden updates in your hack. (2) as Innerspace users found out last patch, Blizzard is also now embedding anti-hack tools inside the wow.exe, not just warden. ISXWarden wasn't checking all of wow.exe (obviously not feasible) and so has been caught up in multiple ban waves the past few weeks as new wow.exe anti-IS code blocks go active.

Its fine putting in injections, codecaves, etc but realize that even with your own private hack wow can detect you any time - I have my own but wait weeks until after a patch before using.

Re: SendMessage, KeyClone and other dualbox software uses this (I think even the Logitech/xkeys/etc uses this) so your chances of getting banned by warden are very low with SendMessage to emulate keystrokes - basically Blizzard would have to get suspicious of your account, enable server logging, and notice you send the exact same keys with the exact same delays for hours at a time. Which is a dumb thing to do anyways, program in a lot of randomness into any of that.

BTW you can change window titles in AutoIT:

WinSetTitle("World of Warcraft","","mywow1")
WinSetTitle("World of Warcraft","","mywow2")

would change your WoW windows to mywow1 and 2.

**Aryan** · 08-08-2008

Thanks for the insight puppychow.

I use C++ myself.

**Cypher** · 08-08-2008

Originally Posted by puppychow

this is, imo, a dangerous line of thinking. (1) Warden can be updated any time to check the entire prot lua area instead of just some areas, and since warden auto updates without a patch you have to then start keeping an eye on warden updates in your hack. (2) as Innerspace users found out last patch, Blizzard is also now embedding anti-hack tools inside the wow.exe, not just warden. ISXWarden wasn't checking all of wow.exe (obviously not feasible) and so has been caught up in multiple ban waves the past few weeks as new wow.exe anti-IS code blocks go active.

Its fine putting in injections, codecaves, etc but realize that even with your own private hack wow can detect you any time - I have my own but wait weeks until after a patch before using.

Re: SendMessage, KeyClone and other dualbox software uses this (I think even the Logitech/xkeys/etc uses this) so your chances of getting banned by warden are very low with SendMessage to emulate keystrokes - basically Blizzard would have to get suspicious of your account, enable server logging, and notice you send the exact same keys with the exact same delays for hours at a time. Which is a dumb thing to do anyways, program in a lot of randomness into any of that.

BTW you can change window titles in AutoIT:

WinSetTitle("World of Warcraft","","mywow1")
WinSetTitle("World of Warcraft","","mywow2")

would change your WoW windows to mywow1 and 2.

You know nothing about how Warden or WoW's anti-cheat works. Please:

You don't understand how multicasters work, and I wasn't talking about keystrokes. You're not sending mouse movements to a single window while not changing the actual mouse position (which is what i was talking about, WOW CAN DETECT THIS), multicasters broadcast actual mouse moments across all your PCs, which is totally different and is fine.

Whilst warden can be updated at any time Blizzard pretty much never do that and only update it on patches.

Checking all of WoW.exe is quite feasible, just do a 'diff' on all the functions and go through the differences between patches. It was just missed this patch because blizzard is doing some very sneaky stuff.

Also, even if Blizzard do decide to force a warden update down the pipe it doesn't matter if you're hooking Warden itself, because then you're avoiding any of their new scans alltogether (which is what I'm doing).

The chances of my hack getting detected are about 1/10000000000000000000000000000000. The only way that would happen is if they slip something in to catch IS and I get caught in the crossfire. The fact you wait weeks before using your 'hack' (which probably doesn't have many features given you're shit-scared of warden and know nothing about it) shows how little you know.

Note: I've been hacking on one of my accounts for about 9 months now, if I was gonna get caught it woulda happened by now.