bob2k
New Member
- Joined
- Jul 22, 2011
- Messages
- 82
- Reaction score
- 2
This isn't an attempt to scare anyone, or a guide on how to avoid getting banned, just merely a list of ways Blizzard *could* (not necessarily "are") identify that you're botting or link multiple accounts to your computer:
(Keep in mind that by running WoW.exe they could basically be executing any code on your machine, not just "game logic", or in-game stuff... literally anything any other program could do)
Detecting HonorBuddy: (could also apply to other hacks/bots)
1. Check to see if a program called "Honor Buddy" is running (in title of the application's window - or "Attached to WoW with ID" :/)
2. Check to see if a program with the filename "HonorBuddy.exe" is running
3. Check to see if any program has certain DLLs, such as "Tripper.Tools.dll", loaded
4. Check to see if any program running has a certain checksum of any known "bad programs" (this is much less likely check, but still possible)
Detecting Botters:
1. Check for excessive "invalid" or "illegal" commands, either repeatedly or on a regular basis (eg: someone running a "daily" profile every day, and common invalid things happening - I also remember reading on this forum about a profile or Custom Class that was trying to execute a Druid spell, which other classes don't have - also interacting with a quest giver repeatedly without picking up or handing in the quest - something my HN does often :/)
2. Detect "stuck-movement" - character's running but co-ords in the game aren't changing over a period of time (this could happen fairly easily, for a bit of time, without botting so they'd probably have a fairly high time limit on this)
3. Check for (lack of) mouse movements in/over the WoW window
4. Check for (lack of) key presses in/on the WoW window
5. Check for character activity, while WoW is not the active (focused) window
(though the above 3 could also be triggered by mulit-boxing, I'd imagine)
6. Check if Windows is locked, screensaver's on, or if the monitor's in standby mode (see GetDevicePowerState if you don't believe me
) but the character's still moving
7. Check if Windows (and WoW) is running in a VirtualMachine
8. Checking to see if action bars have been setup
Detecting other accounts: (that might be related to a botting account)
1. Possibly guild members
2. Possibly people items/gold have been mailed to
3. Possibly accounts characters have been transferred to/from
4. Same computer name used
5. Same IP address used
6. Same computer MAC address used
7. Same router MAC address used
8. Same computer names on the network
9. Same hardware signatures (device IDs)
10. Same Windows install date and time
11. Cookies left by Launcher (it uses a web browser component, to read in the news, I believe)
12. Same "last modified" date/time stamp on (WoW) files
13. Same browser footprint used to log in to BattleNet site (browser version, plugins, etc)
14. Same contact/billing/username/password info for BattleNet accounts
I'm not saying any 1 thing is enough for Blizzard to ban us, but these are all things they could use to strengthen their suspicions This also isn't a complete list, just some of the things I've thought up, if you doubt any of them I'd be more than happy to provide more info but you should also be able to Google for most of it.
The reality is you could find away around all of the above, run a bad profile, get reported, have a GM watch you, and still get banned - you're never going to be 100% safe.
Personally I've renamed my HonorBuddy.exe file to another very common app, have a separate BattleNet account for botting with different contact details and payment (vouchers), and I don't log my main account from the same IP as my bot account (I basically never log my main account anymore... just in case)
Using something like WoWTunnels or WTFast might help with the IP issue - I don't think they'd ban EVERYONE using it, just because 1 person using it was botting (plus you can make it look like you're connecting from a different location).
(Keep in mind that by running WoW.exe they could basically be executing any code on your machine, not just "game logic", or in-game stuff... literally anything any other program could do)
Detecting HonorBuddy: (could also apply to other hacks/bots)
1. Check to see if a program called "Honor Buddy" is running (in title of the application's window - or "Attached to WoW with ID" :/)
2. Check to see if a program with the filename "HonorBuddy.exe" is running
3. Check to see if any program has certain DLLs, such as "Tripper.Tools.dll", loaded
4. Check to see if any program running has a certain checksum of any known "bad programs" (this is much less likely check, but still possible)
Detecting Botters:
1. Check for excessive "invalid" or "illegal" commands, either repeatedly or on a regular basis (eg: someone running a "daily" profile every day, and common invalid things happening - I also remember reading on this forum about a profile or Custom Class that was trying to execute a Druid spell, which other classes don't have - also interacting with a quest giver repeatedly without picking up or handing in the quest - something my HN does often :/)
2. Detect "stuck-movement" - character's running but co-ords in the game aren't changing over a period of time (this could happen fairly easily, for a bit of time, without botting so they'd probably have a fairly high time limit on this)
3. Check for (lack of) mouse movements in/over the WoW window
4. Check for (lack of) key presses in/on the WoW window
5. Check for character activity, while WoW is not the active (focused) window
(though the above 3 could also be triggered by mulit-boxing, I'd imagine)
6. Check if Windows is locked, screensaver's on, or if the monitor's in standby mode (see GetDevicePowerState if you don't believe me
) but the character's still moving7. Check if Windows (and WoW) is running in a VirtualMachine
8. Checking to see if action bars have been setup
Detecting other accounts: (that might be related to a botting account)
1. Possibly guild members
2. Possibly people items/gold have been mailed to
3. Possibly accounts characters have been transferred to/from
4. Same computer name used
5. Same IP address used
6. Same computer MAC address used
7. Same router MAC address used
8. Same computer names on the network
9. Same hardware signatures (device IDs)
10. Same Windows install date and time
11. Cookies left by Launcher (it uses a web browser component, to read in the news, I believe)
12. Same "last modified" date/time stamp on (WoW) files
13. Same browser footprint used to log in to BattleNet site (browser version, plugins, etc)
14. Same contact/billing/username/password info for BattleNet accounts
I'm not saying any 1 thing is enough for Blizzard to ban us, but these are all things they could use to strengthen their suspicions
This also isn't a complete list, just some of the things I've thought up, if you doubt any of them I'd be more than happy to provide more info but you should also be able to Google for most of it.The reality is you could find away around all of the above, run a bad profile, get reported, have a GM watch you, and still get banned - you're never going to be 100% safe.
Personally I've renamed my HonorBuddy.exe file to another very common app, have a separate BattleNet account for botting with different contact details and payment (vouchers), and I don't log my main account from the same IP as my bot account (I basically never log my main account anymore... just in case
)Using something like WoWTunnels or WTFast might help with the IP issue - I don't think they'd ban EVERYONE using it, just because 1 person using it was botting (plus you can make it look like you're connecting from a different location).
But no, I don't think they do or are allowed to.
