12/1/2016 bans...

[-Ryuk-]

I also hooked FrameScript_SignalEvent directly

[Jadd]

Y'all niggas need to stop using lua. No bans here, even on a pretty wide array of servers. Offsets I'm using, for various things - I'd consider them safe to use at this point.

Code:

// <-- Global offsets.
CMovementShared__GetDistanceFallen
CMovement_C__SendMoveMessage_PlayerMoveFallLand
CGUnit_C__UpdateDisplayInfo
PlayerExploredZonesUpdateHandler
CGGameUI__UpdatePlayerAFK
CGWorldFrame__OnWorldUpdate
CGWorldFrame__RenderWorld
LoadingScreenEnable
LoadingScreenPaint
World__Preload
CGPlayer_C__CanTeleport
CWorldScene__CreateWorldMap
CMovementShared__StartFallingInt
CGUnit_C__TrackingStop
vFrameScript__SignalEvent
Script_SendUnitSignal
CombatLogEntry__PushEvent
CGWorldFrame__GetScreenCoordinates
DDCToNDC
CGObject_C__GetHighlightColor
CObjectDisplay__RenderTargetSelection
CGUnit_C__GetSelectionHighlightColor
CGWorldFrame__RenderTargetSelection
CWorldMap__QueryHeight
World__Intersect
CGRuneInfo__GetRuneTypeByIndex
Spell_C_GetSpellCooldown
Spell_C_GetPowerDisplayMod
Spell_C_IsUsableAction
Spell_C_RangeCheckSelected
Spell_C_CastSpell
Spell_C_StopCasting
Spell_C__HandleTerrainClick
GetSubTableRec__SpellMiscRec
CGSpellBook__FindSpellByName
Spell_C_GetFailType
CGUnit_C__SendMovementHeartBeat
CMovementShared__SetRunMode
CGUnit_C__IsAutoTracking
CGUnit_C__InitializeTrackingState
CGWorldFrame__s_currentWorldFrame
CGSpecializationInfo__m_specGroups
CGSpecializationInfo__m_activePlayerTalents
CGSpecializationInfo__m_activeSpecGroup
s_activeWorldScene

// <-- Chat offsets.
Chat.CGChat__AddChatMessage
Chat.Script_SendChatMessage

// <-- Console offsets.
Console.ConsoleWrite
Console.CVar__LookupRegistered
Console.CVar_Set

// <-- ObjectManager offsets.
ObjectManager.Script_GetGUIDFromName
ObjectManager.ClntObjMgrGetMapID
ObjectManager.ClntObjMgrGetActivePlayerObj
ObjectManager.ClntObjMgrEnumVisibleObjectsPtr
ObjectManager.ObjectUpdateFirstPass
ObjectManager.CGObject_C__ctor
ObjectManager.CGObject_C__dtor
ObjectManager.CGObject_C__Disable
ObjectManager.OsGetAsyncTimeMs
ObjectManager.CGGameUI__m_currentObjectTrack
ObjectManager.CGGameUI__m_lockedTarget
ObjectManager.CGUnit_C__m_activeMover
ObjectManager.CGUnit_C__UnitReaction
ObjectManager.CGUnit_C__GetPredictedPower
ObjectManager.CGUnit_C__GetMaxPower
ObjectManager.CGUnit_C__OnSetRawFacingLocal
ObjectManager.CGUnit_C__IsInMeleeRange
ObjectManager.CGPetInfo__m_pets

// <-- ObjectData offsets.
ObjectData.g_baseObjDescriptors
ObjectData.g_baseItemDescriptors
ObjectData.g_baseContainerDescriptors
ObjectData.g_baseUnitDescriptors
ObjectData.g_basePlayerDescriptors
ObjectData.g_baseGameObjectDescriptors
ObjectData.g_baseDynamicObjectDescriptors
ObjectData.g_baseCorpseDescriptors
ObjectData.g_baseAreaTriggerDescriptors
ObjectData.g_baseSceneObjectDescriptors
ObjectData.g_baseConversationDescriptors

// <-- PartyManager offsets.
PartyManager.GetPartyUnit
PartyManager.CGParty__OnPartyCreated
PartyManager.CGParty__OnPartyDestroyed
PartyManager.CGParty__OnGroupMemberAdded
PartyManager.CGParty__OnGroupMemberRemoved
PartyManager.CGPartyInfo__s_groups

// <-- Interface offsets.
Interface.CGItem_C__Use
Interface.CGlueMgr__LoginServerLogin
Interface.CGlueMgr__ChangeRealm
Interface.CGlueMgr__EnterWorld
Interface.CGlueMgr__GetCharacterList
Interface.BattlenetLogin__SetGameAccount
Interface.CGGossipInfo__SelectGossipOption
Interface.CGLookingForGroup__ProposalResponse
Interface.ClientPlayedTimeHandler
Interface.ClientSuspendTokenHandler
Interface.CGTradeInfo__InitiateTrade
Interface.CGPlayer_C__AcceptOrUnacceptTrade
Interface.CGPlayer_C__QueryQuest
Interface.CGPlayer_C__AcceptQuest
Interface.CGPlayer_C__QuestLogRemoveQuest
Interface.GetQuestNameById
Interface.CGPlayer_C__SellItem
Interface.CGMailInfo__AutoLootMailItem
Interface.Script_CheckInbox
Interface.CGMailInfo__GetMailItem
Interface.CGMailInfo__GetMailItemAttachment
Interface.CGTradeInfo__m_tradingPlayer
Interface.ClientServices__m_instance
Interface.ClientServices__s_loginObj
Interface.ClientServices__m_selectRealmInfo
Interface.CCharacterSelection__s_characterList
Interface.CGlueMgr__m_characterInfo
Interface.CCharacterSelection__s_selectionIndex
Interface.s_lastError
Interface.s_bindAreaID
Interface.g_eventUnitTokens
Interface.CGGameUI__m_areaID
Interface.CGGameUI__m_subzoneID
Interface.CGMailInfo__m_commandPending
Interface.CGMailInfo__m_totalInboxItems
Interface.CGMailInfo__m_inbox
Interface.CGMailInfo__m_object
Interface.CGMailInfo__m_nextUpdateTime
Interface.CGQuestLog__m_quests

// <-- Packet offsets.
Packet.CliChatAddonMessageWhisper
Packet.NetClient__SendRaw
Packet.NetClient__SendJam
Packet.NetClient__ProcessMessage
Packet.NetClient__ClientConnectionConnectToHandler
Packet.ClientServices__SendRaw
Packet.ClientServices__SendJam
Packet.CDataStore__PutUInt8
Packet.CDataStore__PutUInt16
Packet.CDataStore__PutUInt32
Packet.CDataStore__PutUInt64
Packet.CDataStore__PutFloat
Packet.CDataStore__PutArray
Packet.CDataStore__PutSmartGuid
Packet.CDataStore__GetUInt8
Packet.CDataStore__GetUInt16
Packet.CDataStore__GetUInt32
Packet.CDataStore__GetUInt64
Packet.CDataStore__GetFloat
Packet.CDataStore__GetArray
Packet.CDataStore__GetString
Packet.CDataStore__GetSmartGuid
Packet.IsCliUserClientPacket
Packet.IsCliPlayerMovementPacket
Packet.IsCliPlayerGameEventPacket
Packet.IsCliAccountPacket
Packet.IsCliPlayerPacket
Packet.IsCliPlayerInventoryPacket
Packet.IsCliChatEntityPacket
Packet.IsCliGlobalPacket
Packet.ClientServices__s_currentConnection

// <-- Warden offsets.
Warden.CurrentModule
Warden.ModuleInterface
Warden.RawModule__Create
Warden.RawModule__Destroy

// <-- ClientDB offsets.
ClientDB.WowClientDB_Base__GetRecordDataUnsafe
ClientDB.WowClientCompressedDBCache_CreatureDisplayInfoExtraRec__GetRecord
ClientDB.WowClientCompressedDBCache_GameObjectDisplayInfoRec__GetRecord
ClientDB.WowClientCompressedDBCache_ItemDisplayInfoRec__GetRecord
ClientDB.WowClientCompressedDBCache_SpellEffectRec__GetRecord
ClientDB.WowClientCompressedDBCache_SpellRec__GetRecord
ClientDB.WowClientCompressedDBCache_FileDataRec__GetRecord
ClientDB.WowClientCompressedDBCache_FileDataCompleteRec__GetRecord

(Sorry for the sorting, it's something I've been meaning to get around to)

Edit: Before people start telling me how useful Lua execution etc. is, ask yourself if it's really that hard to fake a lua state to call Script_* functions with. Same result (minus variable access, which seems kinda useless to me.)

[lolp1]

For the record I'm using FrameScript::ExecuteBuffer with no extra precautions on both 32 and 64 bit with no bans, both from a WindowProc hook and assembly injection/create remote thread. I do not hook any WoW functions or events.

[Filint]

*snip*

While I agree in principle, it's a lot easier (for lazy people like me at least :P) to keep track of 10 offsets rather than 80. That's a majestic list though!

What's DDCToNDC? Sure I've heard the term before but not able to find it anywhere now

[namreeb]

What's DDCToNDC? Sure I've heard the term before but not able to find it anywhere now

I'm not sure what it stands for, but I believe it is used for converting between world and screen coordinates.

[Filint]

Yeah I think you're right, I searched and it's referenced in a thread about w2s. Interesting because that thread, one offsets thread and now this thread seem to be the only places - anywhere - that mention DDCToNDC so it must be an acronym for something

Anyway I'm derailing the thread sorry about that! Feel free to go back to topic now :P

[Jadd]

While I agree in principle, it's a lot easier (for lazy people like me at least :P) to keep track of 10 offsets rather than 80. That's a majestic list though!

What's DDCToNDC? Sure I've heard the term before but not able to find it anywhere now

Pretty easy to dump after bindiff, which I would always do after each patch regardless of whether I had 10 or 80 offsets.

I use DDCToNDC in my WorldToScreen. Specifically, it is used to normalize screen positions between varying aspect ratios.

Code:

public static bool GetScreenPosition(Vector3 position, out Vector2 result) {
    var outputRef = new[] { Vector3.Zero };
    var onScreen = (bool) Memory.Thread.Invoke(CGWorldFrame__GetScreenCoordinates,
        CurrentWorldFrame, new[] { position }, outputRef, IntPtr.Zero, IntPtr.Zero);

    var output = outputRef[0];

    Rectangle clientRect;
    WinAPI.GetClientRect(Window.Handle, out clientRect);

    var height = clientRect.Bottom - clientRect.Top;
    var width = clientRect.Right - clientRect.Left;

    float x, y;
    DDCToNDC(output.X, output.Y, out x, out y);

    x = clientRect.Left + (x * width);
    y = height - (clientRect.Top + (y * height));

    result = new Vector2(x, y);
    return onScreen;
}

[reliasn]

Anyone know if the bots that got banned registered new LUA functions? I guess what does ReBot do? Other then hook and call lua function on start up.

At least in my case, EWT does not register any functions nor extends the Wow API in any way. The in-game UI is created with the default widget functions.

For the record I'm using FrameScript::ExecuteBuffer with no extra precautions on both 32 and 64 bit with no bans, both from a WindowProc hook and assembly injection/create remote thread. I do not hook any WoW functions or events.

Which is why I think all this talk behind the lua_load JMP isn't the main reason of the recent bans.

But doing this...

Y'all niggas need to stop using lua.

...should be a nice approach to avoid future detections, at least temporarily for public tools.

Sadly, all we have now is speculation. There are some evidences, but no conclusions can be made from these posts so far.

Besides the Warden scans that everyone is aware of, I've recently got to know about the Lua checks that it can also do, for example, to check if some Lua variable is loaded in the lua_State "s_context". From what I searched and talked to some people, these checks have been disabled for a while now, but I don't know about its current status. Does anyone have more info to share about this or even instructions on how to monitor these checks just like we do with the scans? Just to save some time when reversing Warden packets.

[Owneth]

No shit calling Lua. I mean why are you calling Lua? What do people use it for? In every bot I've ever written, I'm pretty sure I've been able to accomplish what I need without using it.

Spectating, but you just owned HB to it's core... with this statement.

[DarkLinux]

Again dont think your safe calling apis directly. The same rules still applies. Most bots use lua so thats what they are hooking. After everyone moves away from that Blizz will just start hooking game functions and doing the same thing. I dont see why they dont hook a handfull of common apis like Spell_C_CastSpell, they could nail people calling it directly and people using the lua wrapped version. I would say packet based is the way to go atm.

[lolp1]

Which is why I think all this talk behind the lua_load JMP isn't the main reason of the recent bans.

I can confirm beyond any doubt I was running a group of healing bg bots for the past month that I made to test routines in 32 bit using FrameScript::ExecuteBuffer from a unmanaged function pointer delegate in c# while injected and executing it from the main thread via WindowProc hook.

I can also confirm I had at least 5 of my 32 bit bots running the past month that uses my out-dated external frame work that calls FrameScript::ExecuteBuffer with assembly injection/CreateRemoteThread.

I very highly doubt I got lucky running over 10 bots using this function in both 32 and 64 both externally and internally every day for 3+ weeks. Take from that what you will.

TL : DR below

Again dont think your safe calling apis directly. The same rules still applies. Most bots use lua so thats what they are hooking. After everyone moves away from that Blizz will just start hooking game functions and doing the same thing. I dont see why they dont hook a handfull of common apis like Spell_C_CastSpell, they could nail people calling it directly and people using the lua wrapped version. I would say packet based is the way to go atm.

Believe it or not blizzard takes great care to be very specific with who their ban waves target. They would really prefer not to blanket ban every single person that uses some part of their games memory such as a function pointer or memory reads/writes. They're not incapable of hiring anti-cheat help that could implement that, I assure you. They are making a choice not to do blanket detection's like that.

I would make a guess and say the reason they would like to avoid such blanket tactics is it will inevitably catch a lot of harmless 'cheaters'. Some examples of people I would imagine they would prefer not to hit in mass-blanket bans:

1. People who write tools or experiment with them solely for fun and learning and never use them to gain any meaningful advantages on Live who could catch undeserved bans in such blanket-catches as well.

2. People using friends tools for harmless features (such as a deaf friend who uses my text-to-speech plugin) could unknowingly be using more abusive features For example if my friend got a new version from me and did not turn off some default stuff, he could easily have the auto-rebuff cast his buff on injection with lua and then realize it and turn it off but it would be to late.

There are endless examples of players Blizzard would not desire to ban that would get banned in blanket-catches. They try to target very specific hacks and bots and user groups with their bans.

[drac112]

what about gold buyers do they get banned?

[deathleecher]

what about gold buyers do they get banned?

Yes these things can result in a ban. As it is not allowed to buy in-game currency with real life money from other players.
If you want to buy gold in a safe way I suggest you using the game time token service.
Most players who sell large amounts of golds are usualy flagged as gold seller. Meaning whenever those players trade you gold face to face, blizzard will be notified.
But there is always another way to acquire gold from players with real money. Simply find a seller that also does transactions thru the Auction House or stash it onto your guild bank.
Atleast that is the safest way from what I've heared, I cannot confirm this for sure but highly doubt you'll get caught this way.

Perhaps you should read their EULA, everything you need to know to avoid a ban is listed there.

[Nimesil]

bullshit, blizz dont ban buyers. they ban only sellers and cheaters

[Sklug]

bullshit, blizz dont ban buyers. they ban only sellers and cheaters

I will say that this is *usually* true, and I used to say it was 100% true, but after introduction of the WOW token, I know a couple of people, my brother being one of them, who got banned for being a "repeat" buyer. He had gotten that message that Blizz sends about how buying Gold hurts the game because it often comes from compromised accounts on I think 3 different occasions over a period of a year. He got perma banned after that for buying gold.

But ya, I would typically agree with you... though this seems a bit off topic...

Man guys... I built my own VendorManger class, TravelManager to handle max efficient use of the flightmaster in transversing the continents, and my own custom API to fill in the gaps of ReBot's own API, and several of the methods I created use Lua (like 15 of 100). Some of these are so useful as I was building some questing templates and I just don't have access to do packets with their bot. Hell, I don't know their own internal implementation if they are using packets or Lua themselves for some of this API. Makes me wonder... It's making me reinvent my approach to some of these the more tedious way lol. It does make me sad to see Lua so vulnerable though so I guess a necessity...