I'm just here to increase the number of functioning brain cells in this thread.
So, the line 4400-4401 are definitly nothing dangerous. It's simply the instructions that were overwritten when creating the hook on the so-called "engine". It's mostly a hook on the main loop of Guild Wars that allow to execute the command sent by GWA2.
You can see in the following screen the highlighted lines are the instructions replaced by the "jump" to the custom code. Screen capture here:
Second point: Of course virus total won't detect anything, it's a text file. There is simply not enough information to do any kind of relevant diagnostics, so what virus total tells you is meaningless in this case.
Third point: It's a completly garbage the claim that copy-pasting your password is safe. If the guy can open an r/w handle to the game, the password is there in clear.
Let's move to more interesting to the actual code for whoever is interesting and for whoever made those fixes.
So, you did restore the stack frame after the call of the functions, but you could improve that a bit. Let's take UseFunction as an example:
So, you added 4 pops at the end. It will work, but generally speaking you don't really want to pop in ebx, esi & edi, because they are "non-volatile registers". In this case, you could have done the following if you don't care about the return value:
Indeed, the return value is stored in eax. (eax & edx if 64 bits, like uint64_t or double)
But, you can do even better, you can restore the stack frame without affecting any registers. (That's in fact how the compiler does it)
Code:
_('add esp,10')
Indeed, the stack is reversed (it grow down and shrink up), so adding 0x10 = 16 = 4 * 4 has the similar effect of poping 4 times.
Fourth and final point, there is a lot of random stuff and it's understandable, but there is also a bunch that could be taken from other ressources. Especially regarding how things are scanned. See here:
Finally, there is nothing malicious in the code, but you can expect some instabilities.
Those two lines of ASM just move that start of the stack pointer up 8 bytes and do not constitute virus code... you will have to be more elaborate to show how this is dangerous, and since we are dealing with one file...gwa2.au3, instructions that take advantage of this stack pointer setting would also have to be included in this file that would make it be dangerous... VIRUS isn't the word you really mean, malignant code maybe or spy code??
anyway we respect you sticking up for your conviction, especially against an elite member of the site, but, some explaining needs to follow.. and also the choosing of your name is questionable since the original DerMoench14 is a respected member here that has helped the community quite a bit...
Also the web site selling bots has these same lines in their code as well, and as far as I know the person running the site has never stolen accounts... although I do have some issues with him.
Small update seemed to have broken something to do with the return to outpost packet from my initial testing. I will see if I notice anything else broken from the update. I am referring to the update of 2/14/2020.
So far the only packets I found broken are the return to out post, pickupitem, and sendchat. I have updated them in the file. It is possible more packet headers are broken but that is all that is affected from my testing so far.
So far the only packets I found broken are the return to out post, pickupitem, and sendchat. I have updated them in the file. It is possible more packet headers are broken but that is all that is affected from my testing so far.
the travel func seem always broken on my test but i don't have spend to much time time on
for GStoC: they added a fake packet, so a lot packets just increased by 1. easy fix tho
for CtoGS: they also increased a lot headers with +1 and made few changes to some at the beginning
[GWA2] How to chase after updated header values? 11/14/2024 - GW Bots - 11 Replies Hi all,
First post, but have been following the tips all over this forum for about 6 months since I started writing my own bots.
Recently the server headers changed, and although it looks like the community have pulled through and released a new version of GWA2 to reflect it, there are other headers that I'm using, that aren't in the vanilla GWA2 code.
SendPacket(0x14, 0x6F, $lItemID, $lQuantity, $lBagID, $aSlot - 1)
The above command would have previously told GW to move $lQuantity...
Leader/followbot - Updated with new GWA2/headers (functional) 07/21/2019 - GW Exploits, Hacks, Bots, Tools & Macros - 29 Replies EDIT: Updated 6/16/18
Hey all,
I updated the follow/leader bot with the new headers (I think there were a few that I didn't bother updating, since the script doesn't seem to use them anywhere). I haven't done extensive testing, but it's working for me so far. Please let me know if you get any errors/crashes, and I'll attempt to fix them.
Enjoy!
GWA2 A/mo Vaettir Bot; Need Help!! 02/19/2012 - GW Bots - 1 Replies http://www.elitepvpers.com/forum/gw-exploits-hacks -bots-tools-macros/1568881-gwa-vaettir-mo-farm-bot .html
ENGLISH:
I can't seem to get this to work. I've spent 3-4 hours, read the entire thread here, tried to search for a detailed guide on how to get this to work but it's not.
What I've done was: Downloaded the 2 files shown in the Original Post... "GWA2 A_Mo Vaettirs Farm by bl4ck3lit3.zip"
Extracted it to desktop
Ran GW.EXE as admin.
Set-up assassin with appropriate gear and...
but i don't have spend to much time time on
Nothing to worry much about
