What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal
RebornBuddy Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Information from Windows Registry

By the way .. APOC (a HB dev?) wrote some time ago (August last year already) :
"The windows registry is the devil!"

That does raise some suspicion about that dreaded Registry, doesn't it ..
 
Very simply if they detected honorbuddy in any way there would be mass banwaves like with d3 nothing compareable what is happening with gb2.
 
Aetheric said:
Perhaps you're right, perhaps not ..
How sure are you that wow.exe doesn't see that info?

After all, this is _inside_ the wow.exe process itself, not from within the Windows OS.
Or is it?
Click to expand...

Dude after all the comments how can you be so ignorant? If you still got the idea that bliz is "scanning" your pc you must be a hard blockhead....me along with many other ppl are botting RIGHT NOW and I see a lot of botters flying around every day...so NO they can't scan your PC. Jeez
 
favor98 said:
Dude after all the comments how can you be so ignorant? If you still got the idea that bliz is "scanning" your pc you must be a hard blockhead....me along with many other ppl are botting RIGHT NOW and I see a lot of botters flying around every day...so NO they can't scan your PC. Jeez
Click to expand...

i dont think he's ignorant, he's discussing his pov in a good way.
on the other hand your statement is wrong, wow CAN/COULD scan your pc/registry/whatever (running as admin gives wow enough permission do anything) but it does NOT (due to privacy laws and policies)
 
Aetheric said:
Thanks for your input - appreciating everyone's view and opinion on this.

Don't misunderstand me, I'm not posting this to prove my personal point - just trying to put the finger on where the "pain" might be.

Ok, I understand that it's possible to find out exactly which object any program is accessing.


But why should Blizzard even try to hide a read action on this particular part of the Windows Registry?
Click to expand...

Because when you know, which part they read, you don't write anything in that part that could identify you. ;)

My point is - and I haven't seen an answer to that yet - that when I write a program that does the same thing (reading the muicache key from the Registry), I will be sued .. by whom?
Not by Microsoft, because they provide me the API even to access that thing.
Click to expand...

In Germany it's normally a consumer protection group or when it's considered a severe break of privacy like facebook or steam have done it's the ministry of consumer protection.

I decided to follow up on MKAY's tip :
I downloaded the Systinternals Suite and ran the Process Explorer.
Started WOW, went to the Process in the second pane on my screen (see attachment).


Again, I'm not hunting anything down and definitely not HB ..
But so far, we all have been "guessing" and one is better in that than others, but I simply can't accept a statement from an HB-dev that "Honorbuddy can not be detected".

No, not from memory-peeks or whatever backdoor tricks there are available, because that would be against the law(?).
Click to expand...

OS files are under the copyright law and are owned by the developer company, in this case Microsoft. To alter them would mean to break copyright laws.

But a simple API call to existing and freely accessible information within my OS reveals just as much.
If not even more interesting things...
Click to expand...

You are right that they could do that. I can write within minutes a program that searches for honorbuddy and finds it. But I can also write a program that gives false information back, because I can see what they are accessing. That's how other programmers disable copyprotection on games. As stupid as it sounds it is a weakness for Blizzard that they have to play legal.

Lastly, referring to your last remark : because I'm not a Windows developer, doesn't mean I'm a total nitwit. Not going to elaborate, but I'm from the good-old Banking-IT generation, where mainframes still only understood assembler. Just not much into that totally-over-the-top-resources-wasting OS as Windows appears to be. :) <-- notice the smiley - no offence here and none taken
Click to expand...

No offense taken either and I don't think you are a nitwit. You ask interesting questions and you are not rude. :)

Check out the attachment - right-click on the key entry within the Process pane .. no magic involved ..
Click to expand...

Yes I did that. The process monitor is a very powerful tool and you have to learn how to use the information you get back. Look into your saved log. The only "value" actually read is "MachinePreferredUILanguages". You said you understand a bit assembler programming. That makes it easier for me to explain. The programm looks for a specific key to use that value for an operation e.g it looks for the path to the cache in internet settings. Now you can see that it parses through all the keys to find the desired one, but only this value is read. You can see which data is collected from your machine btw. Set a filter that you can only see the action taking part in the registry and than where you just see where the result is SUCCESS. In the detail column is the information what's actually read.

Hope this helps you.
 
favor98 said:
Dude after all the comments how can you be so ignorant? If you still got the idea that bliz is "scanning" your pc you must be a hard blockhead....me along with many other ppl are botting RIGHT NOW and I see a lot of botters flying around every day...so NO they can't scan your PC. Jeez
Click to expand...

@favor98
No need to call someone ignorant when that person is asking a few questions and attempting to parry the answers.

I never said that Blizzard is scanning my system - I said that it's obviously extremely easy to read an entry from the Windows Registry, just to find out what programs have been running recently. And since that could be a perfect way to "find" Honorbuddy, I don't think it's a matter of ignorance if someone is asking questions about it.

But thanks for your replies; they were still very informative, even for an ignorant person like me.

@mkay1337 & Tiama
Thanks for the answers. Mostly profound, more than one normally sees on forums like this. Much appreciated.

@jordi1104
As I said in an earlier post, Blizzard is somehow condoning botters. To a certain extend.

Anyway, thanks people, I'm going to withdraw myself from the discussion. Or at least I won't feed it any more, but will of course react to any response I may receive on this matter.

But please keep it sane .. I sense some impatience here and I wouldn't want people to start calling people names and such.

Happy botting :)
 
Last edited:
mkay1337 said:
i dont think he's ignorant, he's discussing his pov in a good way.
on the other hand your statement is wrong, wow CAN/COULD scan your pc/registry/whatever (running as admin gives wow enough permission do anything) but it does NOT (due to privacy laws and policies)
Click to expand...

I never said they can't/woun't I just said they ARE NOT DOING IT bcs if they did I wouldn't be botting at that time and would be banned.
 
Does removing honorbuddys entrys in the registry have an impact on the bot itself? Meaning, if i do a search in the registry for anything related to honorbuddy and remove it, will there be something crashing or not? And will it make that registry entry again the next time i start it?
 
If scanning outside your own process is illegal, why do hack detection companies like GameGuard and PunkBuster exist?
 
syntaxtc said:
If scanning outside your own process is illegal, why do hack detection companies like GameGuard and PunkBuster exist?
Click to expand...

Reading an entry from the registry is _not_ "scanning outside your own process".
It's a legit use of the Windows API.

Most probably it's the _use_ of that information that may be against the law in certain countries.

But that doesn't mean the wow executable doesn't perform that read and it certainly doesn't mean that Blizzard isn't attaching that info to your account.
When you appeal a ban, they never tell you exactly how they found out that you are "using third party software/hacks" ..
Most probably because they would be breaking some local law, so they just ban you with this shallow note "abuse of economy" or "using a hack".

And just to prevent being called "ignorant" again : this, of course, is my personal hypothesis.
 
The registry is totally off limits, if they do touch it and they leave a trace, it won't be good for them. What I mean court-wise, they would be really fucked up.
 
iamnotme said:
The registry is totally off limits, if they do touch it and they leave a trace, it won't be good for them. What I mean court-wise, they would be really fucked up.
Click to expand...
Does anyone have proof that they can't touch it?
 
iamnotme said:
The registry is totally off limits, if they do touch it and they leave a trace, it won't be good for them. What I mean court-wise, they would be really fucked up.
Click to expand...

I read through the Windows 8 ( indeed, I'm on Win8 :p ) ToU/ToS, the Windows API Code Pack License Terms and same for .NET ..
There is nothing about "the registry being off limits" in any way.

The registry is accessible, as per design.

I'm not a lawyer, so I do not know to what extend the retrieved information can legally being *used* to make certain decisions (like banning wow-accounts).
But "off limits" is definitely not true.

@Weedblaze : Blizzard don't _need_ the "proof" you mention. They will never tell you exactly how they "found out" about you running a bot. They do make a mistake or two in this, but mind you, in 99% of the ban cases, they were actually _correct_. So let's not play innocent.


Blizzard is very much like Santa : they _know_ you've been a bad boy. They just won't ever tell you _how_ they found out. ;)
 
weedblaze said:
So pretty much the chances of Blizzard getting sued for privacy is NIL, due to the fact that no one could ever prove evidence that Blizzard does/can read system registry for any "bot" or "hack" programs.
They fucked up once before on it so im sure they are being very smart about it. In any case Atheric dude you make really good valid points and I wonder if maybe someone from the HB team could shed some light on this?

I should make note even if Blizzard did this, they would never ban everyone this method. They would seriously go broke. It's more of a 100% proof that "Hey you use "bot/"hack" so stop it or get banned" when they send you those emails.
Click to expand...

Its easy - if they were reading the win registry out of scope, they will flag ALL the accounts, using HB, and ban them at once. But after that, they will face the wrath of the civil LAW in all the Europe/NA/SA countries, since every developer, skilled enough in Windows API, will reverse the wow executables and found out how the accounts are flagged for ban. No doubt, every consumer-protecting government organizations in every country will be happy to sue Blizzard and their responsible local companies for breaking the privacy of their customers.

Like Aetheric mentioned, its illegal in most contries not only to access such private information, but to use it too!

Its just like Blizzard reading your bank accounts details, if they are somehow stored in the registry (hypotetic), and use them after, lets say for charity! And transactions some funds to several charity organizations! :D
 
You must log in or register to reply here.
Back
Top