Combating Anti Cheat

[wtsmyacc]

Greetings,

I would like to know the steps bots have taken to combat Anti-Cheat Systems put in place by GGG. I would like to know if i can use cheat engine to safely read game memory without being detected.
I would like to know how far can you go without being detected by anti-cheat of POE, i.e can i also write into process memory or can i only read game memory, can i interact with handles etc.

PS
I am creating a bot for educational purposes and would like some medium of communication to seek some guidance.

[Sychotix]

mmo...ostmortem.html

You may find this useful. He was convinced that there is server-sided protection against bots.

Their client "downloads" the anti-cheat from the server on server request, performs its scans, then disposes of the anti-cheat. Nobody that I know of has gotten hold of the binary. Everything below are all assumptions based on ban reports and previous versions of their anti-cheat.

As far as we know, reading memory is fine if they aren't scanning for your application. If they are, the limited user method (https://www.ownedcore.com/forums/mmo...ited-user.html) has helped users evade bans so far. Once you begin writing memory... you are no longer safe but there are no reported bans for doing so.

Opening a handle to the game likely flags your process as suspicious to be scanned... but as long as you don't match any of their cheat patterns, you are probably fine.

[wtsmyacc]

"As far as we know, reading memory is fine if they aren't scanning for your application."
Does this mean if i made a custom software that is reading memory they cant find me because they do not have access to my software, but if i was the owner of Exiled-Bot they could?

[Sychotix]

"As far as we know, reading memory is fine if they aren't scanning for your application."
Does this mean if i made a custom software that is reading memory they cant find me because they do not have access to my software, but if i was the owner of Exiled-Bot they could?

Well, saying "they can't find me" is a bit of a strong way to put it. We believe that they have some sort of pattern scanning for detection of known cheats. One example is PoEHUD. They detect that some software is suspicious (probably an open handle), then attempt to open up the executable. If you are using proper protection, they will get an access denied attempting to open the executable. If not, they will scan the executable to see if it looks like PoEHUD. They then tell the server, "Hey, we found a match for that pattern!" and the server decides if you get a ban or not.

If your program was private, they would have a MUCH harder time creating a pattern to match your application.

[wtsmyacc]

So their current system downloads the anti cheat scanning software to look for cheats in your computer. So if i was a private script it would be much harder to scan for it, unless it behaves similarly to an already existing know cheat.

Is POEHUD completely undetectable after making sure POE client have access rights?

Is there some way to delete the scanning software, in Runescape there was a folder that stored software which the popular bots deleted the folder when starting the client (similar to deleting cache)

Edit: The folder was "Jagexcache" and flagged your pc after u got banned

[Sychotix]

So their current system downloads the anti cheat scanning software to look for cheats in your computer. So if i was a private script it would be much harder to scan for it, unless it behaves similarly to an already existing know cheat.

Is POEHUD completely undetectable after making sure POE client have access rights?

Is there some way to delete the scanning software, in Runescape there was a folder that stored software which the popular bots deleted the folder when starting the client (similar to deleting cache)

Edit: The folder was "Jagexcache" and flagged your pc after u got banned

I do not believe there have been any bans for using PoEHUD when using the limited user method properly.

To my knowledge, the anti-cheat is never stored on disk. The module is loaded in memory, executed, then unloaded.

[wtsmyacc]

Thank you For Everything!

[belked]

I do not believe there have been any bans for using PoEHUD when using the limited user method properly.

To my knowledge, the anti-cheat is never stored on disk. The module is loaded in memory, executed, then unloaded.

why the limited user method does not save when using the Exiled Bot?

[Sychotix]

why the limited user method does not save when using the Exiled Bot?

I don't know the inner workings of that bot. You may want to ask the developers.