-
Member
Combating Anti Cheat
Greetings,
I would like to know the steps bots have taken to combat Anti-Cheat Systems put in place by GGG. I would like to know if i can use cheat engine to safely read game memory without being detected.
I would like to know how far can you go without being detected by anti-cheat of POE, i.e can i also write into process memory or can i only read game memory, can i interact with handles etc.
PS
I am creating a bot for educational purposes and would like some medium of communication to seek some guidance.
Last edited by wtsmyacc; 11-05-2018 at 07:29 AM.
-
mmo...ostmortem.html
You may find this useful. He was convinced that there is server-sided protection against bots.
Their client "downloads" the anti-cheat from the server on server request, performs its scans, then disposes of the anti-cheat. Nobody that I know of has gotten hold of the binary. Everything below are all assumptions based on ban reports and previous versions of their anti-cheat.
As far as we know, reading memory is fine if they aren't scanning for your application. If they are, the limited user method (https://www.ownedcore.com/forums/mmo...ited-user.html) has helped users evade bans so far. Once you begin writing memory... you are no longer safe but there are no reported bans for doing so.
Opening a handle to the game likely flags your process as suspicious to be scanned... but as long as you don't match any of their cheat patterns, you are probably fine.
-
Post Thanks / Like - 1 Thanks
wtsmyacc (1 members gave Thanks to Sychotix for this useful post)
-
Member
"As far as we know, reading memory is fine if they aren't scanning for your application."
Does this mean if i made a custom software that is reading memory they cant find me because they do not have access to my software, but if i was the owner of Exiled-Bot they could?
-
Originally Posted by
wtsmyacc
"As far as we know, reading memory is fine if they aren't scanning for your application."
Does this mean if i made a custom software that is reading memory they cant find me because they do not have access to my software, but if i was the owner of Exiled-Bot they could?
Well, saying "they can't find me" is a bit of a strong way to put it. We believe that they have some sort of pattern scanning for detection of known cheats. One example is PoEHUD. They detect that some software is suspicious (probably an open handle), then attempt to open up the executable. If you are using proper protection, they will get an access denied attempting to open the executable. If not, they will scan the executable to see if it looks like PoEHUD. They then tell the server, "Hey, we found a match for that pattern!" and the server decides if you get a ban or not.
If your program was private, they would have a MUCH harder time creating a pattern to match your application.
-
Post Thanks / Like - 2 Thanks
-
Member
So their current system downloads the anti cheat scanning software to look for cheats in your computer. So if i was a private script it would be much harder to scan for it, unless it behaves similarly to an already existing know cheat.
Is POEHUD completely undetectable after making sure POE client have access rights?
Is there some way to delete the scanning software, in Runescape there was a folder that stored software which the popular bots deleted the folder when starting the client (similar to deleting cache)
Edit: The folder was "Jagexcache" and flagged your pc after u got banned
-
Originally Posted by
wtsmyacc
So their current system downloads the anti cheat scanning software to look for cheats in your computer. So if i was a private script it would be much harder to scan for it, unless it behaves similarly to an already existing know cheat.
Is POEHUD completely undetectable after making sure POE client have access rights?
Is there some way to delete the scanning software, in Runescape there was a folder that stored software which the popular bots deleted the folder when starting the client (similar to deleting cache)
Edit: The folder was "Jagexcache" and flagged your pc after u got banned
I do not believe there have been any bans for using PoEHUD when using the limited user method properly.
To my knowledge, the anti-cheat is never stored on disk. The module is loaded in memory, executed, then unloaded.
-
Post Thanks / Like - 1 Thanks
wtsmyacc (1 members gave Thanks to Sychotix for this useful post)
-
Member
Thank you For Everything!
-
Member
Originally Posted by
Sychotix
I do not believe there have been any bans for using PoEHUD when using the limited user method properly.
To my knowledge, the anti-cheat is never stored on disk. The module is loaded in memory, executed, then unloaded.
why the limited user method does not save when using the Exiled Bot?
-
Originally Posted by
belked
why the limited user method does not save when using the Exiled Bot?
I don't know the inner workings of that bot. You may want to ask the developers.