Wow Process Isolation

[InnerSilence]

Since Blizzard anti-cheating tools have decided to act like a spyware and are scanning our PC disk and memory stealthy and without most users knowing it, I have decided to research about possible methods that can be used to either isolate WoW process or our Bot processes.

I have considered using docker containers since they are more efficient than traditional VMs, but unfortunately it seems atm it is not possible to run a 3D app inside a windows container and get view of it too. I am not sure about Linux containers though. Also, I did not want to use solutions involving more than one PC.

For now, My solution for Pixel based bots is to run wow inside Thincast Workstation VM and run the bot from the host windows. Thincast has it's flaws but at least it runs games faster than any windows VM I have seen.
Here is a proof of concept of my fishing bot working outside of the VM and operating on the game running in the VM. For some obvious reasons I could not include more details of the setup.

If anyone knows other methods or interested discussing possible methods, we can discuss here or somewhere else.

[MrNotSoBright]

What is the end goal of running WoW inside a container, instead of the software for hacks/bots?
Is it to avoid scanning through everything in the PC, or just to avoid detection of certain programs?

[InnerSilence]

What is the end goal of running WoW inside a container, instead of the software for hacks/bots?
Is it to avoid scanning through everything in the PC, or just to avoid detection of certain programs?

Well putting our software inside a container is like blindfolding ourselves. Result is that it wont be able to interact with the WoW without a proxy app which makes it pointless unless the goal is to hide majority of our tool and only expose small part of it through a proxy app. Even worse, not all types of containers are isolated from the host system.

[novam]

I've been experimenting with running wow inside of Lutrix (on ubuntu linux). Its semi-contained and more than anything warden is not very likely to understand linux procs or even that its running inside a quasi emulator.

It is not truly contained, but it's pretty good 'security through obscurity' and sending keystrokes to Lutrix is completely unprotected.

[InnerSilence]

I've been experimenting with running wow inside of Lutrix (on ubuntu linux). Its semi-contained and more than anything warden is not very likely to understand linux procs or even that its running inside a quasi emulator.

It is not truly contained, but it's pretty good 'security through obscurity' and sending keystrokes to Lutrix is completely unprotected.

Yeh, running wow inside a Linux disto is always a safer bet. Just remember that it is only matter of implementation for the warden to able to scan processes on the Linux too and it can happen anytime depending how popular it gets. So using known hacks alongside wow in a Linux also is not that fool proof.

[novam]

What is the end goal of running WoW inside a container, instead of the software for hacks/bots?
Is it to avoid scanning through everything in the PC, or just to avoid detection of certain programs?

Well putting our software inside a container is like blindfolding ourselves. Result is that it wont be able to interact with the WoW without a proxy app which makes it pointless unless the goal is to hide majority of our tool and only expose small part of it through a proxy app. Even worse, not all types of containers are isolated from the host system.

You wouldn't need a proxy app to wow if you are running a pixel bot in full VM. Once WoW is drawing your pixels you could read from the screen as if the VM were any other window AND you can send keys and mouse movements directly to the VM window. If wow is the active window within the VM (simplest to make WoW full screen in the VM) it would send any event as if a user was controlling the VM themselves. Doing it like this would also avoid interacting with WoW's annoying 'double window'... if you've tried to work with multibox software or direct key events you probably know what I mean.

Something like VMware, virtualbox, or even parallels can run VMs in an entirely contain mode where the VM can't read the host OS's disk in anyway. Even the unscrupulous warden can't penetrate that. BUT, blizzard can easily tell that you are running in a VM, which I'm guessing is a red flag for them.

[InnerSilence]

You wouldn't need a proxy app to wow if you are running a pixel bot in full VM. Once WoW is drawing your pixels you could read from the screen as if the VM were any other window AND you can send keys and mouse movements directly to the VM window. If wow is the active window within the VM (simplest to make WoW full screen in the VM) it would send any event as if a user was controlling the VM themselves. Doing it like this would also avoid interacting with WoW's annoying 'double window'... if you've tried to work with multibox software or direct key events you probably know what I mean.

Something like VMware, virtualbox, or even parallels can run VMs in an entirely contain mode where the VM can't read the host OS's disk in anyway. Even the unscrupulous warden can't penetrate that. BUT, blizzard can easily tell that you are running in a VM, which I'm guessing is a red flag for them.

Vmware and vbox have performance issues though and all VMs have some limitations in sending inputs to them as I observed. Running wow inside a VM does not mean anything and cant get anyone banned but can indeed get them flagged for further investigation in the case of reports or suspicious game play.