Possible to get bustet while ReadProcessMemory? menu

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 15 of 42
  1. #1
    gissuf's Avatar Member
    Reputation
    1
    Join Date
    Jan 2009
    Posts
    9
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Possible to get bustet while ReadProcessMemory?

    Hey

    simple questions here:
    Will warden (or something else) bust me if i'm trying to ReadProcessMemory(); something from the WoW-Process?

    Cuz I think, im reading only, I will never change something in the memory. Or am I completely wrong?

    How can i make it safe to read the process memory? (coding Delphi)

    Thanks a lot

    Possible to get bustet while ReadProcessMemory?
  2. #2
    ramey's Avatar Member
    Reputation
    45
    Join Date
    Jan 2008
    Posts
    320
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, it is safe to read wow's memory. Warden will not do a thing to you

  3. #3
    gissuf's Avatar Member
    Reputation
    1
    Join Date
    Jan 2009
    Posts
    9
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok, thanks.

    can anyone confirm that? (of course, i trust you, but two diffrent views of the facts may safe my account xD)

    second question:
    maybe, Im thinking too simple but:
    I can read all informations from WoW for coding a bot. like: health of mob, health of player, spell cds, where are mobs, where I am, etc. without getting bustet throuth warden?

    if i got all those informations, i can analyze them an react to them with simple keycommands. (over keyboard driver, so i haven't to send keys to WoW window (is it dangerous?!?! (send key to WoW directly))

    an then bäms I got a wonderful bot, without any chance to get banned.

    is it really that easy? (expect of coding it, only in a view of security against banning)

  4. #4
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Warden runs in ring3 (user mode).

    There, that should answer all your questions about what is 'safe' and what isn't.

  5. #5
    gissuf's Avatar Member
    Reputation
    1
    Join Date
    Jan 2009
    Posts
    9
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hey

    unfortunately im not a nerd as you are. (correctly written?)

    of course im reading a lot to get as many information as possible.
    but here, with WoW, I do not want to risk anything. (something? *confused*)

    so can you tell me, in only a few sentence where the limits are with "manipulating" WoW?

    where is there a risk to get banned, if I read memory? if I write memory? if I send keys to WoW windows? I if dance in front of my com?

    only a few rules if it is possible.

    thanks a lot

  6. #6
    ramey's Avatar Member
    Reputation
    45
    Join Date
    Jan 2008
    Posts
    320
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can write to most memory places without risking anything, you have zero problem with reading memory. Please, go google ring3

  7. #7
    tanis2000's Avatar Active Member
    Reputation
    39
    Join Date
    Feb 2009
    Posts
    123
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    - Warden is not checking for memory being read.
    - If you write something into wow's memory there are chances you will get busted if you do that in a place that is being monitored by Warden.
    - If you send keypresses to wow's window it will not trigger Warden
    - If you dance in front of your computer there are good chances me or someone else from this forum will come and beat you hard on your head with whatever heavy we can find

  8. #8
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by tanis2000 View Post
    - Warden is not running with high enough privileges to allow checking for memory being read, it is simply 'not possible' with its current implementation.
    - If you write something into wow's memory there are chances you will get busted if you do that in a place that is being monitored by Warden.
    - If you send keypresses to wow's window it will not trigger Warden but this may change in the future. It is easy to detect 'spoofed' input when it's not done correctly.
    - If you dance in front of your computer there are good chances me or someone else from this forum will come and beat you hard on your head with whatever heavy we can find
    Fixt. Modifications in bold.

  9. #9
    tanis2000's Avatar Active Member
    Reputation
    39
    Join Date
    Feb 2009
    Posts
    123
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Cypher View Post
    If you send keypresses to wow's window it will not trigger Warden but this may change in the future. It is easy to detect 'spoofed' input when it's not done correctly.
    I doubt they will ever change the current behavior regarding keypresses. Some time ago I read that Blizzard actually supports multiboxing even on a single PC as long as someone is in front of the keyboard, thus it would make no sense for them to check where input comes from if they want to keep it as it is now.

  10. #10
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by tanis2000 View Post
    I doubt they will ever change the current behavior regarding keypresses. Some time ago I read that Blizzard actually supports multiboxing even on a single PC as long as someone is in front of the keyboard, thus it would make no sense for them to check where input comes from if they want to keep it as it is now.
    Notice I said "may change". I never said it was probable, I said it was possible, and that point still stands. Also, so what if multiboxing is allowed? If a user is running a single copy of WoW, and it's in the background and receiving input, that's suspicious. Flag and investigate.

    Besides, multi-boxers get investigated all the time. WoW already checks to see if it's the foreground window before processing some messages (take a look at their message processing code). What's to stop them taking that code, and adding a bit extra to just flag a user if they're doing something suspicious?

  11. #11
    evil2's Avatar Active Member
    Reputation
    27
    Join Date
    Feb 2009
    Posts
    172
    Thanks G/R
    31/9
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmm.. i only see a problem with "repeating key patterns".

    there are so many sys/3p programs messing around with keyboard status/signals,
    no way to check if the keypress came really from a human :-)

  12. #12
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by drevil2 View Post
    hmm.. i only see a problem with "repeating key patterns".

    there are so many sys/3p programs messing around with keyboard status/signals,
    no way to check if the keypress came really from a human :-)

    Yes there is if it's implemented incorrectly (as it usually is).

  13. #13
    evil2's Avatar Active Member
    Reputation
    27
    Join Date
    Feb 2009
    Posts
    172
    Thanks G/R
    31/9
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Cypher View Post

    Yes there is if it's implemented incorrectly (as it usually is).
    code or behavior? :-)

    i can't think of anyway to check if this keypress came from a "program specific written for botting" or a key remaper/virtual keyboard/strange keyboard driver/key extender/key scrambler/etc.

    isn't this one of the big problems in online poker protection?

  14. #14
    ramey's Avatar Member
    Reputation
    45
    Join Date
    Jan 2008
    Posts
    320
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by drevil2 View Post
    code or behavior? :-)

    i can't think of anyway to check if this keypress came from a "program specific written for botting" or a key remaper/virtual keyboard/strange keyboard driver/key extender/key scrambler/etc.

    isn't this one of the big problems in online poker protection?
    Code.. I thought that was pretty obvious

  15. #15
    amadmonk's Avatar Active Member
    Reputation
    124
    Join Date
    Apr 2008
    Posts
    772
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To the OP: no, you can't realistically be banned for ReadProcessMemory. WriteProcessMemory is a different matter, and running any app with a known signature or running code in process is a completely different matter.

    On keystrokes... WoW could simply block injected keystrokes (in a lot of different ways). If key injection becomes a big enough problem, that's what I suspect they'd do, and it would eliminate 90% of the stealthy (out of process) bots out there (it would also break 90% of the multiboxers, but they might consider that a tactical loss in return for stamping out a bigger problem). You could still spoof keystrokes with a dummy HID driver, but writing/running a custom driver is non-trivial (else I'd still be using my old kernel rootkit and far less paranoid about some stuff).

    WoW could still detect injected keystrokes even with a dummy HID, but they'd have to run a driver, which I doubt they will ever do (especially now with all of the difficulties and cost associated with running drivers in Vista+). The costs and risks of writing and deploying a driver (across N different platforms and OS'es) is non-trivial, and the payoff (detecting the very small group of people sufficiently technically advanced to run a dummy HID keystroke/mouse injector) probably just isn't worth it.

    So, in theory they COULD detect anything that's running at the same privilege level as them (IOPL 3) . There are some "tricks" they can use to detect hacks running at a higher privilege level (IOPL 0 -- kernel), but these tricks are unreliable. The reality is that they likely won't go beyond simple ring 3 tricks.

    Mostly, if they want to step up their detection game, I would recommend that they implement a heuristics-based flagging system (where certain patterns of behavior flag an account for human review, and then a human makes the ban decision).

    Ultimately, their concern is commercial; as long as the botters and boxers (I'm both, myself) don't drive away too much business, I really doubt Blizz cares. I doubt that they'd adopt a mechanism that produced too many false-positives, as that would be Bad For Business.
    Don't believe everything you think.

Page 1 of 3 123 LastLast

Similar Threads

  1. HUGE and possible infinite EXP Bug... get it while it works.
    By whisperofwisps in forum Diablo 3 Exploits
    Replies: 22
    Last Post: 06-18-2014, 10:09 AM
  2. Is it possible to get account back
    By asrstech in forum World of Warcraft General
    Replies: 11
    Last Post: 01-07-2007, 09:15 PM
  3. Is it possible to get account back
    By asrstech in forum World of Warcraft Exploits
    Replies: 1
    Last Post: 12-09-2006, 04:49 PM
  4. New dupe *get it while it works*
    By KuRIoS in forum World of Warcraft Exploits
    Replies: 59
    Last Post: 07-21-2006, 10:20 AM
  5. Your first moun- were to get cash while grinding level30+
    By Elites360 in forum World of Warcraft Guides
    Replies: 3
    Last Post: 07-13-2006, 09:16 PM
All times are GMT -5. The time now is 08:42 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search