Curiosity - for those of you whom use your own (home made bots)

[WiNiFiX]

1. How many of you have been banned, and what precautions did you implement to avoid the banhammer again?
Feel free to PM me if you dont want blizz to know your secrets on a public forum.
I am just curious because I have been playing with my own bot on a trial account and so far no ban, but currently the only memory
writing it does it lua_dostring().

2. Are there any specific lua commands you avoid running ?

3. What are the advantages to injecting a botbase into wow over running it as a separate application?

For those that have not yet had the honor of being banned please share your secrets.

[aeo]

If you are worried about do string and you are just calling a few functions you can do it like I did below. Its only good if you are doing say a fish bot and need a few calls. I never looked into return values either but this should work:

retOK, ret1, ret2, ... retn = pcall (func, arg1, arg2, ...);

Code:

// /script testCastSpell(59752,'player')

    int index = lua_tointeger(lua, 1);
    size_t len;
    size_t errr;
    const char* target;
    target = lua_tostring(lua, 2, &len);
    lua_getfield(lua, LUA_GLOBALSINDEX, "CastSpellByID");
    lua_pushnumber(lua, index);
    lua_pushlstring(lua, target, strlen(target));
    int err = lua_pcall(lua, 2, 0, 0);
    if (err > 0 )
    Log("Error: %i, %s", err, lua_tostring(lua, -1,&errr));

[lolp1]

1. How many of you have been banned, and what precautions did you implement to avoid the banhammer again?
Feel free to PM me if you dont want blizz to know your secrets on a public forum.
I am just curious because I have been playing with my own bot on a trial account and so far no ban, but currently the only memory
writing it does it lua_dostring().

2. Are there any specific lua commands you avoid running ?

3. What are the advantages to injecting a botbase into wow over running it as a separate application?

For those that have not yet had the honor of being banned please share your secrets.

1. Pretty much no one who writes private tools gets bans. There is no reason to get a ban other than accidental use of some public hack's code section that has been targeted in the past. There is really nothing special to do other than not doing anything too abusive, like exploits with packets etc. It's always possible but so far I don't know of it happening much outside of freak accidents.

2. Not really. Running one lua command or another should not change the likely hood of detection, outside of using global variable names etc in lua. See archaeology bot from HonorBuddy's ban wave for that example, and I think others.

3. You gain the ability to do detours, patches, and directly invoke game functions at will, such as:

Code:

        [UnmanagedFunctionPointer(CallingConvention.ThisCall)]
        public delegate bool GetObjectIsOutdoorsDelegate(uint pointer);
        public static GetObjectIsOutdoorsDelegate _GetObjectIsOutdoors;

[WiNiFiX]

@lolp,

Hey, thanks for the help on message structures, should help. (+ rep)

Regarding detours, I think I am missing something (I am trying the below)

Code:

[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
private delegate bool CastSpellDelegate(int spellId, int unk, ulong targetGuid, int unk1, int unk2);
private static CastSpellDelegate _castSpell;

public static InProcessMemoryReader Magic;

private void frmMain_Load(object sender, EventArgs e)
{
    Magic = new InProcessMemoryReader(proc);
    _castSpell = Magic.RegisterDelegate<CastSpellDelegate>(Offsets.CastSpell, true);

    _castSpell(3044, 0, 35364634646, 0, 0);  
}

with 
Offsets.CastSpell = 0x0042EF31

and I get the error (sometimes, other times it registers the delegate but no spell is cast).

Managed Debugging Assistant 'InvalidFunctionPointerInDelegate' has detected a problem in 'XXXXX\XXXXX.exe'.
Additional information: Invalid function pointer 0x77ef31 was passed into the runtime to be converted to a delegate.
Passing in invalid function pointers to be converted to delegates can cause crashes, corruption or data loss.

[lolp1]

Code:

    [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        private delegate int CastSpellDelegate(
            uint spellId, int itemId = 0, ulong guid = 0ul, int isTrade = 0, int a6 = 0, int a7 = 0, int a8 = 0);

Maybe you're passing the wrong signature. I can't test right now but this is what I have in my function class I c+pd from some where, it might be old but it seems accurate according to yours minus the one you're missing on the end which makes me think that's the issue you are having.

You must have the corect signature to the T as far as I know or it will simply not work.

[WiNiFiX]

Tried your solution, however still got same error, then I checked IDA and viewed the function (below) and it only takes 1 parameter, which I changed mine to use and still get the same error.

Code:

int __cdecl Script_CastSpell(int a1)   /// Address = 0042EF31 (CastSpell)  - also tried 0042F65C (CastSpellById) and 0042F3BE (CastSpellByName)
{
  char v2; // [sp+8h] [bp-28h]@3
  int v3; // [sp+Ch] [bp-24h]@3
  int v4; // [sp+10h] [bp-20h]@3
  int v5; // [sp+14h] [bp-1Ch]@3
  int v6; // [sp+18h] [bp-18h]@2
  int v7; // [sp+1Ch] [bp-14h]@2
  int v8; // [sp+20h] [bp-10h]@2
  int v9; // [sp+24h] [bp-Ch]@2
  int v10; // [sp+28h] [bp-8h]@1
  int v11; // [sp+2Ch] [bp-4h]@1

  v11 = 0;
  if ( sub_42E565(a1, (int)&v11, (int)&v10, 0, 0) )
  {
    v6 = TargetGUID;
    v7 = *((_DWORD *)&TargetGUID + 1);
    v8 = *((_DWORD *)&TargetGUID + 2);
    v9 = *((_DWORD *)&TargetGUID + 3);
    if ( sub_B58DB(a1, 3) )
    {
      sub_296363((int)&v2);
      v6 = *(_DWORD *)&v2;
      v7 = v3;
      v8 = v4;
      v9 = v5;
    }
    sub_42CC9C(v11, v10, &v6, 0);
  }
  return 0;
}

[lolp1]

Tried your solution, however still got same error, then I checked IDA and viewed the function (below) and it only takes 1 parameter, which I changed mine to use and still get the same error.

Code:

int __cdecl Script_CastSpell(int a1)   /// Address = 0042EF31 (CastSpell)  - also tried 0042F65C (CastSpellById) and 0042F3BE (CastSpellByName)
{
  char v2; // [sp+8h] [bp-28h]@3
  int v3; // [sp+Ch] [bp-24h]@3
  int v4; // [sp+10h] [bp-20h]@3
  int v5; // [sp+14h] [bp-1Ch]@3
  int v6; // [sp+18h] [bp-18h]@2
  int v7; // [sp+1Ch] [bp-14h]@2
  int v8; // [sp+20h] [bp-10h]@2
  int v9; // [sp+24h] [bp-Ch]@2
  int v10; // [sp+28h] [bp-8h]@1
  int v11; // [sp+2Ch] [bp-4h]@1

  v11 = 0;
  if ( sub_42E565(a1, (int)&v11, (int)&v10, 0, 0) )
  {
    v6 = TargetGUID;
    v7 = *((_DWORD *)&TargetGUID + 1);
    v8 = *((_DWORD *)&TargetGUID + 2);
    v9 = *((_DWORD *)&TargetGUID + 3);
    if ( sub_B58DB(a1, 3) )
    {
      sub_296363((int)&v2);
      v6 = *(_DWORD *)&v2;
      v7 = v3;
      v8 = v4;
      v9 = v5;
    }
    sub_42CC9C(v11, v10, &v6, 0);
  }
  return 0;
}

Honestly dude that's not how it works. You've went from trying to copy and past a C world to screen method and that you don't want to write to memory, to asking how to load json pattern scan files into IDA, to talking about hooks and private bot ban rates and executing code in wow's main thread with one parameter hex ray dumped data. Cool it down my man.