Some important questions about bot/hack detection

[JoshRMT]

So ive developed several bots for SWTOR to automate various parts of the game. I've used a combination of memory reading and and screen scraping. I would love to be able to release/sell some of my bots, but I am afraid that once Bioware becomes aware of these bots they will be able to easily ban them.

So here are some questions I have:

1. Can games detect memory reading at all? I have not yet been banned for doing this, as I am just reading from memory (not setting/injecting).

2. I imagine Bioware will easily be able to detect my bot once they are aware of it. How can I protect it better to make it difficult for them to ban it? Is there a way to randomize the process memory or process signature? Can they detect WinAPI manipulation such as SendInput, etc?

[Jadd]

Look out for module hash scans and stack traces!

[JoshRMT]

Thanks for your advice Jadd. Is there any way that I can prevent this sort of thing from happening? I know that it's impossible to make a bot undetectable, but do you have any recommendations for making it more difficult to detect, even though it is not invasive?

[sitnspinlock]

to be technically correct, yes the game could detect memory reading, but that road is more trouble then it's worth and any sane software developing company would never use those techniques in an end-user scenario.

so you are of course safe in that aspect.

SendInput enters the data serially into the keyboard, so again yes it's possible but no they aren't looking for this type of thing. However keep in mind, they can block those from the main window procedure.

keep in mind if you perhaps release your bot and it became a widespread issue, they could just enumerate processes take a hash of the header, the checksum, or whatever they please and start banning users.

[JoshRMT]

Thank you for the information Everdox! Is there any way that I can randomize each executable/process so that the checksum / hash is different? I could insert random code into each build dynamically im sure, as well as randomize the process names. What other techniques could they use to detect it? I think this is a useful post for any aspiring bot developers.

[luthien23]

Detecting that your memory is being read by an exterior program is not enough.
They can't just ban everyone whos swtor.exe is being read since they would have a ton of false positives with antiviruses.
So private mem reading only bots are quite safe.

[Kelz]

Thanks for the informations, I was wondering about this.

[floodman]

Not a program/code guy at all and could be completely talking out of my ass, but there is a Battlefield 3 hack where you launch an .exe, which downloads the installer each time, and then you select the hack your approved for, and it then downloads it unique each time - and you run it - i think they do this to avoid any certain patterns - again, this is just a guess - please feel free to ROFL@ME for my sheer ignorance haha! But my point is, if they are looking for something that is consistent as way of detection, wouldn't this be a way of defeating it? Anyway, im gonna be the first to ROFL@ME.

[Distiny]

Not a program/code guy at all and could be completely talking out of my ass, but there is a Battlefield 3 hack where you launch an .exe, which downloads the installer each time, and then you select the hack your approved for, and it then downloads it unique each time - and you run it - i think they do this to avoid any certain patterns - again, this is just a guess - please feel free to ROFL@ME for my sheer ignorance haha! But my point is, if they are looking for something that is consistent as way of detection, wouldn't this be a way of defeating it? Anyway, im gonna be the first to ROFL@ME.

Those hacks are injected, thus detectable.
What we use (I'm a mod on a popular cheat site) is a punkbuster/vac scanner to see if they are scanning for our signatures, if so we just make the game crash before detection with a warning, coder updates cheat and you are good to go again. we are undetected by vac/pb for more then a year now as the only cheat provider who can claim it truthfully.

on swtor topic: unless more info on their detection/anticheat system is gathered, guessing is pointless