[3.1.1] Movement with simple memory writes

[voron23]

amazing) +rep. what are offsets now?(i dont know how to update them)

[Oowafas]

X : 0111812Ch
Y : 01118130h
Z : 01118134h
Status : 011180BCh

[voron23]

Quote:

Originally Posted by Oowafas

X : 0111812Ch
Y : 01118130h
Z : 01118134h
Status : 011180BCh

Thank you!! and +rep. Will try it today)) And again, can you good people send me PM or post here, method to update adresses? I know than u need OllyDbg, but what manipulations u do for find new adress(know old one)....

[voron23]

5 = Move to + Interact (NPC ONLY)
Write GUID to 0x011180B8 + 0x20
Write "5" to 0x11180BC
And nothing happens((
Since STATUS offset on Wiki outdated, i think GUID offset may different too..
0x4 = 'INT' ACTION_TYPE

[lanman92]

Is CTM on?

[voron23]

Yes, and my MoveTo() func works fine)

Code:

Func MoveTo($x, $y, $z)
	$main=0x011180B8
;_MemoryWrite($main + 0x20, $handle, $targetGUID)
_MemoryWrite($main + 0x74, $handle, $x, 'float')
_MemoryWrite($main + 0x78, $handle, $y, 'float')
_MemoryWrite($main + 0x7C, $handle, $z, 'float')
_MemoryWrite(0x11180BC, $handle, "4", 'int')
EndFunc

But perfectly will be able to interact NPC's and loot deadmobs with this staff ^_^
P.S. can anyone, who tested CTM share exp about Move to + Interact?

[amadmonk]

Quote:

Originally Posted by lanman92

I don't see them doing it. Just my opinion. They can't catch it with a stack trace either, so... Yeah. It would be very ugly to be done this way(lots of false positives). I would aim more for them re-doing their CTM.

Second this; due to races, there's just very little they can do to "catch" the CTM write method. They can try to block it, but really the only way to "correctly" block it would involve a rewrite.

Ultimately all CTM does is act as a shortcut for bot-writers; it's still perfectly possible to just inject movement keys for movement (and I'm sure bot writers will go back to that method if/after CTM is rewritten).

[voron23]

Interact - very imortant thing for background of bot project. With CTM it so easy do this(if this works)

[lanman92]

I've already gone back to using movement keys. It's not any harder. I just write my rotation and tap the left+right keys and set forward and I'm going

[amadmonk]

Quote:

Originally Posted by lanman92

I've already gone back to using movement keys. It's not any harder. I just write my rotation and tap the left+right keys and set forward and I'm going

Voron's got a good point about interact though; are you just doing that through injection?

I didn't think about it because my bot doesn't need to interact (it's really more of a multibox helper), but it seems like the ability to easily do interact would be nice.

[Harko]

Quote:

Originally Posted by lanman92

I don't see them doing it. Just my opinion. They can't catch it with a stack trace either, so... Yeah. It would be very ugly to be done this way(lots of false positives). I would aim more for them re-doing their CTM.

a simple flag set to true by the functions who do write operations on those variables.

When flag isn't set but variables contain a movement/interact/... request -> external bot detected

really simple and most people who copied the CTM method from this forum wouldn't even know where to check for possible detections

[ramey]

Agreed, but do you think Blizzard will bother with this?

[lanman92]

It would be easy to just patch that flag and continue with our way though.

[Harko]

Quote:

Originally Posted by ramey

Agreed, but do you think Blizzard will bother with this?

up to this day Blizz followed a strict policy. They only ban people when they exactly know what hack / bot the person used. (execluding gold selling / server side detection)

By Gliders downfall and the rise of many new bots at the same time they have to change the strategy, in a way to more generic methods or they will lose in the long run.

personally I would do:

- implement some stack trace and flag checks
- randomize the packet opcodes with each little patch
- implement some counter for console commands which autoit bots heavily use

but I don't expect them to do it. They will stick to Warden which means that such stuff is safe.

[0_00_0]

Is it possible to loot or interact with CTM? I've tried but no dice. Has anyone tried it with success?