Regarding the PQR ban

[wowmacro]

@Jadd

First,I dont know where I cant ask for offsets. WoW Memory Editing? or WoW Bots Questions & Requests?
Second.I am asking the way to get offsets

It seems that Xelper will not update it for PTR 5.4.7
I am trying to get the offsets for everyone who loves PQR.

whatever,I dont care about the points.
BUT if u know how to get the rests info.
plz tell me how to do it. I will learn it form u

[namreeb]

As far as I know, there is no section on this site where you can ask for offsets. This site is about learning how to find them yourself.

[wowmacro]

As far as I know, there is no section on this site where you can ask for offsets. This site is about learning how to find them yourself.

Yes. I said I am learning...that's why I said I am asking the way to get it and I am trying to get it ...

BTW, if u know how to get the rests info with

Code:

    <CurMgr>
    <ClntObjMgrGetActivePlayerObjAddress>          
    <LocalGUID>
    <FirstObject>
    <NextObject>
    <Descriptors>
    <Obj_TypeOffset>
    <Obj_X>
    <Obj_TargetGUID>
    <ClickTerrain>

plz tell me how to do it. I will learn it form u

[namreeb]

Those sorts of things have been answered here before. Try and search. I believe there was a thread called "how to find stuff". Also, you may have better luck using Google rather than the built-in search. Just search for something like "how to find stuff" site:ownedcore.com

[Rakiga]

So is HB still safe to use, meaning undetectable? Of course there will always be the people who use it irresponsibly (ie using it unmonitored).

[MaiN]

Well, Warden (in its current state) could easily scan the PQR_Addon_Loaded lua var, but since other private hacks were detected as well, that probably didn't use this lua var name, the detection vector must've been something else.

[vitalic]

I think 'I told you so' is quite apt in this case

Not as apt as for this.

[Robske]

Well, Warden (in its current state) could easily scan the PQR_Addon_Loaded lua var, but since other private hacks were detected as well, that probably didn't use this lua var name, the detection vector must've been something else.

Wasn't aware of this. Do you know of anything that is common between these private hacks and PQR?

[hqvrrsc4]

Wasn't aware of this. Do you know of anything that is common between these private hacks and PQR?

Code:

public string GetLocalizedText(string command)
        {
            string str = "";
            if (this.parentHook.Installed)
            {
                uint addr = this.parentHook.Memory.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1);
                uint u1 = (uint) (((int) WowBase) + ns0.Offsets .EndScene .ClntObjMgrGetActivePlayerObj );
                uint u2 = (uint)(((int)WowBase) + ns0.Offsets.EndScene .FrameScript__GetLocalizedText );
                this.parentHook.Memory.WriteBytes(addr, Encoding.UTF8.GetBytes(command));
                this.parentHook.Memory.Asm.Clear();
                string[] asm = new string[] { "call " + u1, "mov ecx, eax", "push -1", "mov edx, " + addr, "push edx", "call " + u2, "retn" };
                str = Encoding.UTF8.GetString(this.parentHook.InjectAndExecute(asm, 0x400));
                int index = str.IndexOf("\0");
                str = str.Substring(0, index);
                this.parentHook.Memory.FreeMemory(addr);
            }
            return str;
        }

It is from my hack, probably similar to the way PQR does.

They probably do some stack trace on FrameScript::ExecuteBuffer and FrameScript::GetText or whatever the "GetLocalizedText" function is called now. Either that, or they're catching anyone using copy-pasta'd assembly. (The first one is more likely IMO.)

Since the asm used by PQR is filled with garbage opcodes(I confirmed this by Reflector), the only thing common between my hack and PQR is that we both called the function GetLocalizedText. So they must have done some stack trace to us.
However, I know nothing about how they did this. Is stack trace a routine check or they just randomly activate it ?

[crystal_tech]

Code:

public string GetLocalizedText(string command)
        {
            string str = "";
            if (this.parentHook.Installed)
            {
                uint addr = this.parentHook.Memory.AllocateMemory(Encoding.UTF8.GetBytes(command).Length + 1);
                uint u1 = (uint) (((int) WowBase) + ns0.Offsets .EndScene .ClntObjMgrGetActivePlayerObj );
                uint u2 = (uint)(((int)WowBase) + ns0.Offsets.EndScene .FrameScript__GetLocalizedText );
                this.parentHook.Memory.WriteBytes(addr, Encoding.UTF8.GetBytes(command));
                this.parentHook.Memory.Asm.Clear();
                string[] asm = new string[] { "call " + u1, "mov ecx, eax", "push -1", "mov edx, " + addr, "push edx", "call " + u2, "retn" };
                str = Encoding.UTF8.GetString(this.parentHook.InjectAndExecute(asm, 0x400));
                int index = str.IndexOf("\0");
                str = str.Substring(0, index);
                this.parentHook.Memory.FreeMemory(addr);
            }
            return str;
        }

It is from my hack, probably similar to the way PQR does.





Since the asm used by PQR is filled with garbage opcodes(I confirmed this by Reflector), the only thing common between my hack and PQR is that we both called the function GetLocalizedText. So they must have done some stack trace to us.
However, I know nothing about how they did this. Is stack trace a routine check or they just randomly activate it ?

did you de4dot it first? as xelper used smartassmably on it.

[hamburger12]

I think the main problem was that you registrated an addon or/and used add_chat_msg. As i saw it in the ten seconds, the Addon name was also always static another hint: remember the pirox times. Pirox used add_chat_msg to get the archa locations and also got a banwave! PE was for sure detected by a warden scan or also simply by the updatecheck, as it seems they are only patching / unlocking lua. i just want to remebember you LuaNinja ... or the other tools which gaved us a banwave. Currently it looks like GetLocilizedText was not the main reason.

[hqvrrsc4]

did you de4dot it first? as xelper used smartassmably on it.

Yes. Since PQR is a written in .NET, anyone including blizzard can find out how it works with little effort.

I think the main problem was that you registrated an addon or/and used add_chat_msg. As i saw it in the ten seconds, the Addon name was also always static another hint: remember the pirox times. Pirox used add_chat_msg to get the archa locations and also got a banwave! PE was for sure detected by a warden scan or also simply by the updatecheck, as it seems they are only patching / unlocking lua. i just want to remebember you LuaNinja ... or the other tools which gaved us a banwave. Currently it looks like GetLocilizedText was not the main reason.

Private hack without add_chat_msg is also involved in this banwave. The hack injects all lua file needed ingame to create the GUI, without even an "Addon name".

[aeo]

Was browsing reddit to see someone mentioned they were banned just running PQI. Claimed a friend gave them the add on and was banned from just that without ever executing the PQR application. If this is true it further verify that some sort of LUA check was done and PQI was to blame.

Also note i have my own version written in c++ that just makes a direct call to ExecuteBuffer no called to Gettext and was not banned(yet?). However, i don't use the inject and execute method either to make the call from inside the process.

[hamburger12]

Thats what i said! GetLocilizedText was not affacted!!!! Then nearly every public bot would get a ban. The forum would be overflooded!

[Torpedoes]

I think the main problem was that you registrated an addon or/and used add_chat_msg. As i saw it in the ten seconds, the Addon name was also always static another hint: remember the pirox times. Pirox used add_chat_msg to get the archa locations and also got a banwave! PE was for sure detected by a warden scan or also simply by the updatecheck, as it seems they are only patching / unlocking lua. i just want to remebember you LuaNinja ... or the other tools which gaved us a banwave. Currently it looks like GetLocilizedText was not the main reason.

@hamburger12:
Could you please elaborate on the "Pirox used add_chat_msg to get the archa locations" statement. I had a friend who got nailed by that banwave and I would like to understand what pirox actually did. All I remember him telling me is that pirox would spam chat in order to operate but I never understood the specifics. Thanks.