How to hide my autoit programme process?

[mangle]

Hi all.

Now I`m writing special tool for MMORPG World of Wacraft.

My program is easy: it sends some clicks to windows with game every 20-30 sec. Nothing more.

I have one question, which want to discuss with you, dear coders

Blizzard using special soft, integrated to the game, for detect some cheaters programms and/or bots.

My programm isn't cheater, it can be called bot, but it is not WoWGlider, it's really small and easy tool.

How I can hide process with my tool from Blizzard scanner?..

I try to simply rename my exe to something system, like calc.exe but I think it is not enough for real hide it.

I heard that warden looking for special signature.. Look this post and say, what are you thinking about?

How I can hide it another way?

P.S. thx for reading and sorry for my eng :">

Edited January 11, 2007 by mangle

[CoePSX]

If it uses INCA GameGuard the forget it.

GameGuard is a huge malware rootkit which hooks everything at kernel land. There's no way of hiding a process from it. It probably sees all AutoIt scripts as cheats, since they're all alike and about a million users already tried to cheat in WoW with it.

[mangle]

How they can detect: i'm using my tools for WoW or i'm using calculator?

They can't detect process assignment.. And how they can know that my process is AutoIt programme, if I compiled my script as exe file?

[herewasplato]

...by scanning memory for a pattern that represents AutoIt.

[CoePSX]

I believe they check using ReadProcessMemory and memcmp to see if it's an AutoIt compiled script.

[luvmachine]

Blizzard doesn't use GameGuard, it uses Warden, their own little offspring. Warden used to hardcore rootkit ur system, not it doesn't do it as much. But quite frankly, I have a fishbot I wrote, and can run it 10 hours straight all the time and I've yet to be suspended, banned, or even warned from it :| You shouldn't have to worry about hiding your process. If you still are, then use Sony music stuff and get their system of $sys$ infront of the name to hide it. Or I'm sure you can find more info at rpg-exploiters.shoq.net on how to hide a process. Look under the 3rd Party section for WoW.

[mangle]

...by scanning memory for a pattern that represents AutoIt.

I believe they check using ReadProcessMemory and memcmp to see if it's an AutoIt compiled script.

Guys, I have an idea If I write it & compile on C++ or something like it, Blizzard can't detect, that I use compiled AutoIt script => they can't declare real destination of my tool! Write? And into the begin of my programme I can add something like calculator or notepad for more conspiracy %)

I'm sure you can find more info at rpg-exploiters.shoq.net on how to hide a process. Look under the 3rd Party section for WoW.

thnx for link, man.

[Outshynd]

If you write and compile your program in C++, not only do you have a long road ahead of you but what would be the point of using AutoIt? I suppose you could use AutoItX3 and that might make you a LITTLE bit harder to detect, but not much.

As long as you're not manipulating memory in WoW, Warden probably won't detect you. I say probably because Warden changes every time the server sends it to your client to be executed, but I'm 90% sure you won't have a problem if all your program is doing is sending key presses every 20-30 seconds.

[zeroZshadow]

just for the records, don't except most from most people to get an answer for ur question. There have been enough problems with autoit being seen as a trojan or other virus, and since u can't thrust anyone, don't ask such questions here

[Snarg]

Warden used to hardcore rootkit ur system, not it doesn't do it as much.

Warden was never a rootkit. A better description would be SpyWare. Herzog_Zwei, Mousepad and NJaguar detected it when it first appeared with Diablo II.

[McGod]

Warden could easily detect autoit, but then it would ban anybody who happened to have any autoit script running. An example is mmBot which is made in autoit for Diablo II, pure autoit and only undetectable bot for Diablo.

[Snarg]

Warden could easily detect autoit, but then it would ban anybody who happened to have any autoit script running. An example is mmBot which is made in autoit for Diablo II, pure autoit and only undetectable bot for Diablo.

You are saying two different things there. First you say AutoIt can be detected by Warden, they you say mmBot, writen in pure AutoIt, can't be detected. Make up your mind...

Fact: Warden can detect just about anything. It's what Blizzard decides to do or not to do with the information that matters.

Edit: Spelling.

Edited January 14, 2007 by Snarg