Why Pixel Botting is Detected menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    Vicer's Avatar Member
    Reputation
    2
    Join Date
    Apr 2014
    Posts
    15
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Why Pixel Botting is Detected

    This communication is for the 99.999% of people on this site who are not technical.

    Tech Details:

    Starting form Windows 8 there's the GetCurrentInputMessageSource function. You can use it, and check the originId enum for the following value:

    IMO_INJECTED - The input message has been injected (through the SendInput function) by an application that doesn't have the UIAccess attribute set to TRUE in its manifest file.

    Q&A:

    Q) What does the above mean?
    A) If your bot is using keysend or click commands it will be detected in Windows 8 or higher if the game has implemented the code above.

    Q) How does the game detect this?
    A) The game client runs a procedure with the above functions. The result is reported back to the game server/db. Your account is flagged as a botter, you get banned/suspended at some point.

    Q) Is there a work around?
    A) Yes, there are a few. You actually just read one.

    Good luck and have fun.
    Last edited by Vicer; 08-08-2019 at 04:10 AM.

    These ads disappear when you log in.

  2. Thanks SirGsus (1 members gave Thanks to Vicer for this useful post)
  3. #2
    Hazzbazzy's Avatar wannabe hackerlol Authenticator enabled
    Reputation
    1316
    Join Date
    Aug 2011
    Posts
    1,110
    Thanks G/R
    189/471
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For those who prefer the TLDR:

    Set the UIAccess flag to TRUE, under the requestedExecutionLevel section, in your solution's Application Manifest. If you're using Visual Studio, see here: Adding an application manifest file.

    Code:
     <requestedExecutionLevel level="asInvoker" uiAccess="true"/>
    "HOLY TIME MACHINE BATMAN! it's 1973!"
    https://youtube.com/Hazzbazzy

  4. Thanks Sychotix (1 members gave Thanks to Hazzbazzy for this useful post)
  5. #3
    Razzue's Avatar Contributor

    CoreCoins Purchaser
    Reputation
    107
    Join Date
    Jun 2017
    Posts
    334
    Thanks G/R
    83/92
    Trade Feedback
    1 (100%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    "why pixel Botting is detected"

    Yet out of all my Botting acounts, the only ones to still survive are in fact pixel bots .. kek

  6. #4
    Xaxoxuxu's Avatar Member
    Reputation
    1
    Join Date
    Aug 2019
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Hazzbazzy View Post
    For those who prefer the TLDR:

    Set the UIAccess flag to TRUE, under the requestedExecutionLevel section, in your solution's Application Manifest. If you're using Visual Studio, see here: Adding an application manifest file.

    Code:
     <requestedExecutionLevel level="asInvoker" uiAccess="true"/>
    How would that help? The messages are still injected LLHKF_INJECTED (right?)

  7. #5
    Spacechemist's Avatar Member
    Reputation
    1
    Join Date
    May 2018
    Posts
    8
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is more a issue of an hierarchy concept, just like executing something under administrator privileges, the execution level you use makes you capable of executing things under "the OS hood" or "above the OS", though this is not the most clear explanation, basically a warden could help himself with different libraries that Windows/NET Framework provides and could easily detect your method of using them against him.

  8. #6
    Hazzbazzy's Avatar wannabe hackerlol Authenticator enabled
    Reputation
    1316
    Join Date
    Aug 2011
    Posts
    1,110
    Thanks G/R
    189/471
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Xaxoxuxu View Post
    How would that help? The messages are still injected LLHKF_INJECTED (right?)
    Well in theory it shouldn't be an issue if the UIAccess flag is set, and the .exe is signed. However, I did try this an hour or so ago and the SendInput still resolves as "IMO_INJECTED" when queried with he function.
    "HOLY TIME MACHINE BATMAN! it's 1973!"
    https://youtube.com/Hazzbazzy

  9. #7
    Xaxoxuxu's Avatar Member
    Reputation
    1
    Join Date
    Aug 2019
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Hazzbazzy View Post
    Well in theory it shouldn't be an issue if the UIAccess flag is set, and the .exe is signed. However, I did try this an hour or so ago and the SendInput still resolves as "IMO_INJECTED" when queried with he function.
    Is this the detection method they use? I can't think of external applications that could possibly be legit and use SendInput ?

  10. #8
    Hazzbazzy's Avatar wannabe hackerlol Authenticator enabled
    Reputation
    1316
    Join Date
    Aug 2011
    Posts
    1,110
    Thanks G/R
    189/471
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Xaxoxuxu View Post
    Is this the detection method they use? I can't think of external applications that could possibly be legit and use SendInput ?
    I wasn't looking for the detection method I was looking for a POC. I cannot emulate a hardware keypress with SendInput, even with the UIAccess flag set to true and the application being (self)signed.
    "HOLY TIME MACHINE BATMAN! it's 1973!"
    https://youtube.com/Hazzbazzy

  11. #9
    ChimpeonFan's Avatar Site Donator CoreCoins Purchaser
    Reputation
    85
    Join Date
    Mar 2016
    Posts
    646
    Thanks G/R
    26/55
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Personally I think Blizzard simply looks for known pixel bots in memory or on the hard drive. If you keep a pixel bot completely private, Blizzard never gets to hear about it and you won't get banned (although I've not tested this personally). It is only when the pixel bot gets popular in the public domain (like Chimpeon did) will it become detected by Blizzard. There are ways to circumvent detection - using the pixel bot on a PC remote from WOW being one... Chimpeon 101 - Using Chimpeon on a Remote PC

  12. #10
    KKira's Avatar Active Member
    Reputation
    20
    Join Date
    Apr 2019
    Posts
    36
    Thanks G/R
    5/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Solution: Use Arduino and simulate real keyboard input, no need to over-complicate an easy work around.

  13. #11
    fonillius's Avatar Active Member WINNER OF THE BEST BOT DEVELOPER COMPETITION
    CoreCoins Purchaser Authenticator enabled
    Reputation
    48
    Join Date
    May 2007
    Posts
    246
    Thanks G/R
    5/31
    Trade Feedback
    4 (75%)
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by KKira View Post
    Solution: Use Arduino and simulate real keyboard input, no need to over-complicate an easy work around.
    Yes, very simple method! thx
    at same go i made artificial-intelligence-one-button-bot with arduino
    -fonillius

  14. #12
    aerichardso3's Avatar Member
    Reputation
    1
    Join Date
    Oct 2019
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Has anyone found a solution to this, minus purchasing and coding a physical button pressing bot?

  15. #13
    LegitSale's Avatar Site Donator
    CoreCoins Purchaser
    Reputation
    14
    Join Date
    Jan 2014
    Posts
    449
    Thanks G/R
    6/7
    Trade Feedback
    8 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What bot isnt detected? lol

  16. #14
    kamil234's Avatar Active Member
    Reputation
    39
    Join Date
    Oct 2009
    Posts
    147
    Thanks G/R
    3/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I’m using python with win32 api that translates C functions into python. Is it certain it will use the same sendkey APIs? How can i test the response from GetCurrentInputMessageSource without writing a C program?

    All im really doing, is pressing 1 key at a random interval over and over to snipe limited items from vendors. (The buying is handled by a macro, completely within WOW’s own function)

    What is the likelyhood that i’d get caught? I’m not using injection or focus window or anything of that nature.
    Last edited by kamil234; 10-15-2019 at 05:31 PM.

  17. #15
    REGELE33's Avatar Member
    Reputation
    1
    Join Date
    Oct 2019
    Posts
    13
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    there is an academic paper on cheats and stuff.. you guys should read it and be amazed of what they can do without scanning anything in your computer. if you manage to make a bot using real hardware input it will get detected
    Last edited by REGELE33; 10-16-2019 at 06:36 AM.

Page 1 of 2 12 LastLast

Similar Threads

  1. I think i figured out why bots are detected.
    By ItalianAce1942 in forum Pokemon GO Hacks|Cheats
    Replies: 35
    Last Post: 08-30-2016, 08:32 AM
  2. All Bots are detected..
    By lito in forum Pokemon GO Hacks|Cheats
    Replies: 6
    Last Post: 08-23-2016, 06:04 AM
  3. [Question] Which bot is the best and why?
    By Unknown-x in forum Pokemon GO Chat
    Replies: 5
    Last Post: 07-31-2016, 10:40 PM
  4. Why/How Bots are detected
    By Diablo3Bot in forum Diablo 3 Bots Questions & Requests
    Replies: 4
    Last Post: 07-13-2012, 03:52 PM
  5. Heretic (macro, window, pixel and image detection bot)
    By Malarkey in forum World of Warcraft Bots and Programs
    Replies: 10
    Last Post: 02-25-2009, 07:30 AM
All times are GMT -5. The time now is 07:28 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search