[Help Request] Security Questions

[abuckau907]

Problem: How to know if something you do gets sent as some type of
'update packet' to the wow.server

1. Using API's like AppActive, SetCursorPos, GetPixelColor, ReadProcessMemory: can WoW 'hook api' and know? See below.

2. using Keybindings, you can change camera-angle: for example, you can set one to 'over-top' view, which doesn't change your character's .rotation, so..does keyboard_event(camera-change-key) send update to server?

4. using keybd_event() (any recomendation as far as how long to wait before keyUp: I've been using
keybd_event(key,0,&h1,0) ' key_down
threading.currentThread.Sleep(300 + Random(300))
keybd_event(key,0,&h2,0) ' key_up
do I really need to .sleep, do they/will they *probably* ever check the key.clickedSpeed()

I thought there *might* be a security issue w/ using certain API's, and wow knowing about it..i just don't know what I need to look up..like: Hooking APi's


"After a successful call to SetWindowsHookEx() , the operating system injects the DLL automatically (but not necessary immediately) into all processes that meet the requirements for this particular hook filter."
¿ie. if we use a certain API that wow monitors, they *could* know every time a '3rd part app' uses that API?
If so..can they know the parameters to the api call ie. do they just know we memRead() or do they know we memRead(wow.exe)?

about the quote/link: does this mean wow can't set a system-wide hook because it's..invasion of privacy? or...do they even do that? Just super worried about security, and not sure where to start. Thanks for any help.

-Andrew

[Maeco]

Hello,

Well to your general question, you can only be sure if you use a packet sniffer to see what goes out for example. However with some common sense you can think of what could be send.

1) Using some of the examples as you are mentioning:
- SetCursorPos; Any application running on your computer could use this function, there would be no reason to send this to wow server, since they won't be checking it anyway.
- GetPixelColor; Again, there is no reason for this either, for all they know you are recording a video in some weird manner.
- ReadProcessMemory; No, it is possible to check but they don't do it, there a plenty of applications that read other processes' memory (Virus scanners f.ex), reading memory is generally not very harmful, no reason to check this server-side.

2) Only when you camera is repeatingly centered on the private parts of female characters this is server, albeit not to the wow server (more like to your local police department's) :P.
No, camera moving is not send, there is no reason to it. You can savely make your camera millions of revolutions per seconds, the server really won't give a darn.

3) Not sure about this, eventually they do some server-side checks on how many data packages they get from each client. If you do something that makes the client send packages they will check if the interval between those packages are within human-sensible range of delay. Simply use your brain to determine what you are code wise is reproducable with yourself.

4) Hooking; yet again, many applications use this kind of hooking. Hooking itself isn't necessarily harmful. Virus scanners hook in someway or another.

If you are really paranoid, you might not want to do any of this, then your account is as safe as you let it be. Alot of the paranoia can be taking away if you simply use your brain and use google on your idea. Chances are pretty high that whatever you are doing, someone has done it before and is willing to share his experience on the matter.

I hope this helped.

Regards,

Maeco

[Cypher]

Hello,

Well to your general question, you can only be sure if you use a packet sniffer to see what goes out for example. However with some common sense you can think of what could be send.

1) Using some of the examples as you are mentioning:
- SetCursorPos; Any application running on your computer could use this function, there would be no reason to send this to wow server, since they won't be checking it anyway.
- GetPixelColor; Again, there is no reason for this either, for all they know you are recording a video in some weird manner.
- ReadProcessMemory; No, it is possible to check but they don't do it, there a plenty of applications that read other processes' memory (Virus scanners f.ex), reading memory is generally not very harmful, no reason to check this server-side.

2) Only when you camera is repeatingly centered on the private parts of female characters this is server, albeit not to the wow server (more like to your local police department's) :P.
No, camera moving is not send, there is no reason to it. You can savely make your camera millions of revolutions per seconds, the server really won't give a darn.

3) Not sure about this, eventually they do some server-side checks on how many data packages they get from each client. If you do something that makes the client send packages they will check if the interval between those packages are within human-sensible range of delay. Simply use your brain to determine what you are code wise is reproducable with yourself.

4) Hooking; yet again, many applications use this kind of hooking. Hooking itself isn't necessarily harmful. Virus scanners hook in someway or another.

If you are really paranoid, you might not want to do any of this, then your account is as safe as you let it be. Alot of the paranoia can be taking away if you simply use your brain and use google on your idea. Chances are pretty high that whatever you are doing, someone has done it before and is willing to share his experience on the matter.

I hope this helped.

Regards,

Maeco

Warden is run in ring3, hence any API hooks it implemented would be process local. Ergo, your point about "any app could use this API" is silly, not only that, but even when hooking in the kernel you just need to check the process handle passed in to see which application is responsible for the call.

So, although warden will never hook APIs like that imo, your reason for dismissing the idea is riddled with holes.

[Maeco]

Warden is run in ring3, hence any API hooks it implemented would be process local. Ergo, your point about "any app could use this API" is silly, not only that, but even when hooking in the kernel you just need to check the process handle passed in to see which application is responsible for the call.

So, although warden will never hook APIs like that imo, your reason for dismissing the idea is riddled with holes.

Correct you are in the technical terms (like always), however I was viewing this from the protection-design perspective, where your last phrase "So, although warden will never hook APIs like that..." is more what I was trying to explain to the OP.

[Cypher]

Correct you are in the technical terms (like always), however I was viewing this from the protection-design perspective, where your last phrase "So, although warden will never hook APIs like that..." is more what I was trying to explain to the OP.

I wasn't discarding your conclusion (i.e. that Warden wouldn't do it), but rather the reasoning you used to explain said conclusion.