Originally Posted by Itburnz
Why break the encryption when you can manipulate the client with a simple DLL and call it's own functions anyway ?
Because anything you hook/change inside the client can be detected by the one or another mean (if not now, then in the future). What when they implement a way, that you can only connect to the servers when PunkBuster was running (i.e. not disabled) and didn't found anything suspicious (by sending a special packet to the server and w/o that one, you get instant disconnect)?
But if you look at the rawdata traffic/sockets (and not simply by hooking the socket via dll), it's much harder to detect such a tool. Downside of course is, you'd have to work with a kernel mode driver which gets and modifiies
Simple capturing (i.e. for a Radar or other "informatiive" tools) works even w/o a kernel mode driver by listening to raw sockets (although it needs some work too, to listen to the right sockets).
Besides that, two of the best bots i've seen in the past 10 years were bots who didn't had to hook anything. One of it was for Ragnarok Online and the other was l2walker für Lineage II as you could run of this bots w/o even starting the client (saves ram) and they had plenty of features and it was easy to run 2, 3, 5 or even 10 bots on the same PC w/o having to start 10 clients for each one. Was very nice for buffing/Heal bot. You play on the right client and bot runs on it's own or run half of your party as bots w/o any impact on the performance.
To bad people are to lazy to write such bots anymore, as in 95% cases they are by far superior to any bot which uses hooking. Hooking is good for certain things, like seeing through a wall or let your char hoover over the ground (well last one could also be done with the standalone bots too). And they are quite hard to detect (if programmed well) as there is no tool running on your computer while you run it nor does it interfere with the main game process