Is it safe to use CreateRemoteThread?

[csoldjb]

I found that using CreateRemoteThread API is much easier than overwriting EndScene / Present function.
What I concerned is that, Could blizzard find this way?(Most people using EndScene way in the Main Thread) Maybe they know I am using this API to inject bins into Wow. and I will get banned.

[Filint]

If I'm not mistaken, Endscene/Present are used for non-thread-safe things, typically executing LUA (although the LUA itself is thread-safe) and such. If you don't, you may have problems later on.

[DarkLinux]

Blizzard can see your threads, and if its a public bot/hack then it could be used to locate code. But if its private I dont see it being that helpful with out to many false positives. But like Filint posted, most people hook the main thread to execute lua scripts, as some are thread specific. Again, if your bot/hack is private you could hook any vtable with out worry. But threads or hooks are not what Blizzard is going for, as it varies bot to bot, hack to hack. They are going for the stack when calling internal functions. Nailing almost all bots that take advantage of lua. Lots of ways around it, but I have not looked into it that much. You can create your own code caves in wows address space and hope they dont look to far up the stack, and also hope they dont do any integrity checks / hashing. Or just work around that internal function. Hope that helps!

[csoldjb]

Blizzard can see your threads, and if its a public bot/hack then it could be used to locate code. But if its private I dont see it being that helpful with out to many false positives. But like Filint posted, most people hook the main thread to execute lua scripts, as some are thread specific. Again, if your bot/hack is private you could hook any vtable with out worry. But threads or hooks are not what Blizzard is going for, as it varies bot to bot, hack to hack. They are going for the stack when calling internal functions. Nailing almost all bots that take advantage of lua. Lots of ways around it, but I have not looked into it that much. You can create your own code caves in wows address space and hope they dont look to far up the stack, and also hope they dont do any integrity checks / hashing. Or just work around that internal function. Hope that helps!

Thank you so much! As you said, my bot is a private bot, I think I don't worry about Blizzard found it. if using CreateRemoteThread , I don't need to check the graphic api(DX9 or DX11),and don't need get the DX vtable pointer to create the hook.
I will test this way for a time,if it is found by Blizzard, I will make a post to point that this way is unsafe.
Thanks again!

[AutoScript]

Thank you so much! As you said, my bot is a private bot, I think I don't worry about Blizzard found it. if using CreateRemoteThread , I don't need to check the graphic api(DX9 or DX11),and don't need get the DX vtable pointer to create the hook.
I will test this way for a time,if it is found by Blizzard, I will make a post to point that this way is unsafe.
Thanks again!

Hi csoldjb, What type of bot do you use?

Regards
Elzie

[csoldjb]

Hi csoldjb, What type of bot do you use?

Regards
Elzie

AuctionHouse Bot,Crafting Bot,BlackMarket Scan & Bid Bot and Garrsion Bot

[VesperCore]

If any public bot start hooking the same thing as you, blizzard will warden it up, and doesn't matter if only you ever used your bot, you will get the banwave too, but they will just think that you was using "that public bot".

So, no, I wont consider it safe as by creating this topic, you probably already convinced people that it would be a good thing to do this hook.

Find a spot, keep it for you, and hope no public bots ever have the same idea as you.

Even Warden bypass would be playing with fire at this point.