mangle Posted January 11, 2007 Share Posted January 11, 2007 (edited) Hi all. Now I`m writing special tool for MMORPG World of Wacraft.My program is easy: it sends some clicks to windows with game every 20-30 sec. Nothing more.I have one question, which want to discuss with you, dear coders Blizzard using special soft, integrated to the game, for detect some cheaters programms and/or bots.My programm isn't cheater, it can be called bot, but it is not WoWGlider, it's really small and easy tool. How I can hide process with my tool from Blizzard scanner?..I try to simply rename my exe to something system, like calc.exe but I think it is not enough for real hide it.I heard that warden looking for special signature.. Look this post and say, what are you thinking about?How I can hide it another way?P.S. thx for reading and sorry for my eng :"> Edited January 11, 2007 by mangle Link to comment Share on other sites More sharing options...
CoePSX Posted January 11, 2007 Share Posted January 11, 2007 If it uses INCA GameGuard the forget it. GameGuard is a huge malware rootkit which hooks everything at kernel land. There's no way of hiding a process from it. It probably sees all AutoIt scripts as cheats, since they're all alike and about a million users already tried to cheat in WoW with it. [quote name='Valik' post='301213' date='Jan 31 2007, 10:36 PM']You seem to have a habit of putting things in the wrong place. I feel sorry for any female you attempt to have sex with.[/quote][font="Lucida Sans Unicode"]╔══════════════════════════════╗║░░██░░░░░░░░██░░███░░░████░░░█║║░█░░█░░██░░█░░█░█░░█░█░░░░█░█░║║░█░░░░█░░█░████░███░░░██░░░█░░║║░█░░█░█░░█░█░░░░█░░░░░░░█░█░█░║║░░██░░░██░░░██░░█░░░░███░█░░░█║╚══════════════════════════════╝[/font] Link to comment Share on other sites More sharing options...
mangle Posted January 11, 2007 Author Share Posted January 11, 2007 How they can detect: i'm using my tools for WoW or i'm using calculator? They can't detect process assignment.. And how they can know that my process is AutoIt programme, if I compiled my script as exe file? Link to comment Share on other sites More sharing options...
herewasplato Posted January 11, 2007 Share Posted January 11, 2007 ...by scanning memory for a pattern that represents AutoIt. [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
CoePSX Posted January 11, 2007 Share Posted January 11, 2007 I believe they check using ReadProcessMemory and memcmp to see if it's an AutoIt compiled script. [quote name='Valik' post='301213' date='Jan 31 2007, 10:36 PM']You seem to have a habit of putting things in the wrong place. I feel sorry for any female you attempt to have sex with.[/quote][font="Lucida Sans Unicode"]╔══════════════════════════════╗║░░██░░░░░░░░██░░███░░░████░░░█║║░█░░█░░██░░█░░█░█░░█░█░░░░█░█░║║░█░░░░█░░█░████░███░░░██░░░█░░║║░█░░█░█░░█░█░░░░█░░░░░░░█░█░█░║║░░██░░░██░░░██░░█░░░░███░█░░░█║╚══════════════════════════════╝[/font] Link to comment Share on other sites More sharing options...
luvmachine Posted January 11, 2007 Share Posted January 11, 2007 Blizzard doesn't use GameGuard, it uses Warden, their own little offspring. Warden used to hardcore rootkit ur system, not it doesn't do it as much. But quite frankly, I have a fishbot I wrote, and can run it 10 hours straight all the time and I've yet to be suspended, banned, or even warned from it :| You shouldn't have to worry about hiding your process. If you still are, then use Sony music stuff and get their system of $sys$ infront of the name to hide it. Or I'm sure you can find more info at rpg-exploiters.shoq.net on how to hide a process. Look under the 3rd Party section for WoW. Link to comment Share on other sites More sharing options...
mangle Posted January 11, 2007 Author Share Posted January 11, 2007 ...by scanning memory for a pattern that represents AutoIt.I believe they check using ReadProcessMemory and memcmp to see if it's an AutoIt compiled script.Guys, I have an idea If I write it & compile on C++ or something like it, Blizzard can't detect, that I use compiled AutoIt script => they can't declare real destination of my tool! Write? And into the begin of my programme I can add something like calculator or notepad for more conspiracy %)I'm sure you can find more info at rpg-exploiters.shoq.net on how to hide a process. Look under the 3rd Party section for WoW.thnx for link, man. Link to comment Share on other sites More sharing options...
Outshynd Posted January 11, 2007 Share Posted January 11, 2007 If you write and compile your program in C++, not only do you have a long road ahead of you but what would be the point of using AutoIt? I suppose you could use AutoItX3 and that might make you a LITTLE bit harder to detect, but not much. As long as you're not manipulating memory in WoW, Warden probably won't detect you. I say probably because Warden changes every time the server sends it to your client to be executed, but I'm 90% sure you won't have a problem if all your program is doing is sending key presses every 20-30 seconds. Link to comment Share on other sites More sharing options...
zeroZshadow Posted January 11, 2007 Share Posted January 11, 2007 just for the records, don't except most from most people to get an answer for ur question. There have been enough problems with autoit being seen as a trojan or other virus, and since u can't thrust anyone, don't ask such questions here *If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip... Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2007 Share Posted January 14, 2007 Warden used to hardcore rootkit ur system, not it doesn't do it as much.Warden was never a rootkit. A better description would be SpyWare. Herzog_Zwei, Mousepad and NJaguar detected it when it first appeared with Diablo II. A little reading goes a long way. Post count means nothing. Link to comment Share on other sites More sharing options...
McGod Posted January 14, 2007 Share Posted January 14, 2007 Warden could easily detect autoit, but then it would ban anybody who happened to have any autoit script running. An example is mmBot which is made in autoit for Diablo II, pure autoit and only undetectable bot for Diablo. [indent][center][u]Formerly Chip[/u][/center]~UDFs~[/indent][u]IRC.au3 - Allows you to connect to IRC ServersINetCon.au3 - Connects/Disconnects/Check Status of InternetHardware Key - Creates a unique hardware hashScriptComm - Allows you to communicate between scripts using WM_COPYDATA[/u][indent]~Programs~[/indent][indent]SimonAu3ForumsIRC Bot~Web Site~Web Autoit Example[/indent][indent][b][/b][/indent][u][/u] Link to comment Share on other sites More sharing options...
Snarg Posted January 14, 2007 Share Posted January 14, 2007 (edited) Warden could easily detect autoit, but then it would ban anybody who happened to have any autoit script running. An example is mmBot which is made in autoit for Diablo II, pure autoit and only undetectable bot for Diablo.You are saying two different things there. First you say AutoIt can be detected by Warden, they you say mmBot, writen in pure AutoIt, can't be detected. Make up your mind...Fact: Warden can detect just about anything. It's what Blizzard decides to do or not to do with the information that matters.Edit: Spelling. Edited January 14, 2007 by Snarg A little reading goes a long way. Post count means nothing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now