What blizzard is allowed to scan for + why the tripwire is ineffective.

Let me just get this out of the way, the tripwire system does not work at all and this is the reason why it does not work :
This is what you agree to in order to play Blizzard games :
http://bit.ly/1NraqRH

(i) the Random Access Memory ("RAM") that is occupied by a Blizzard Game to confirm that the Blizzard Game's program has not been altered or "hacked" in violation of the Blizzard Games Terms of Use;
(ii) the Blizzard Games "process" to determine if any unauthorized third-party programs or computer code has been attached to the Blizzard Games process; and
(iii) the Windows Process List to determine if any confirmed hacking or *****ing programs are presently open in violation of the Blizzard Games Terms of Use.

Note number (iii) :
Warden scans your windows process list to determine if any confirmed (this means they are 100% against their ToS such as bots) are presently open. This means you do not need to be running the bot on your account at the time warden is scanning or even have it attached to WoW. If you have honorbuddy open whilst warden is scanning, then guess what? You will be flagged and banned.

The tripwire system does not prevent this, in fact the only way to prevent this is to have some form of warden protection which either stops warden from scanning the process OR tricking warden in to thinking the process is a legitimate one, many coders have done this in the past with huge success such as ZoiD and ValiantChaos (there maphacks for WC3 and Sc2 did not have ban waves, warden simply could not detect them due to their warden protection they used).

 

It seems you dont quite understand what warden is.

Warden is a serverside detection system that loads modules within the game, which it sometimes accesses when it scans. The purpose of tripwire is to detect when warden starts to scan a module, by your theory, scanning hte "process list" through warden would be simply a module, and would be detected.

This is ofcourse all useless because tripwire is useless. Also scanning process list is very rarely used because it just returns process list names, not very specific data about hte application, such data can easily be changed by altering exe names or metadata info.

What you seem to mean is that Tripwire does not help client side detection methods, and this is obviously obvious.

Which is why pretty much all anti ***** measures scan the memory space that it protects(the game) which honorbuddy injects modules into(which arent meant to be there) when simply gets detected, and off you are.

 

I have a very good understanding of how Warden works actually but thank you for not actually refuting anything I have said and agreeing with the information I have provided. You say it is obvious but just read through 90%+ of the posts on the forums after a ban wave and you will see it is quite clearly not that obvious to most people as they do not even know warden exists let alone how it operates. Warden works in many more ways then you have specified, the most common method it utilizes is scanning the WoW process for any applications hooked to it, they input different offsets (memory addresses) in to Warden, then Wardens scans your WoW process, if it detects those then it gets sent back to Blizzard with your account name and various other information about the hack itself as well. I am just letting you and others known what Warden is capable of, one of them is having the ability to scan through your windows process list, most experienced coders combat warden by tricking it in to thinking what it is scanning is legitimate or by preventing it from scanning it in the first place.

Your post is not very clear and so I replied the best I could, nice try though.

 

Sigh. You're not the first unique snowflake reading the TOS/EULA and coming here to wildly speculate on what Warden or Tripwire does or doesn't do, and certainly not the last. Nice try though, thread will be closed soon as such speculation is against the rules.

 

First unique snowflake reading the ToS / EULA? Uhm yes I found that one part about anti-*****ing and I do not wildy speculate or even speculate at all, I stated facts of what they are actually doing and you agree to it by playing their games, that is no speculation, that is fact. I did not speculate on what the tripwire does, I am simply saying that it does not work, heck the proof is in the pudding, if the trip wire worked the ban waves would not be anywhere near as huge as they are, again this is not speculation, this is a matter of fact. Also I did not speculate at all what warden does, I am well aware of what it is capable of and how it functions, I have spoken with many renown coders in the past about it. Exzap, ZoiD, Chaotic, ValiantChaos aka Zynastor all who worked on hacks / *****s for Blizzard game, so again I am not speculating anything. Also just go and read the wikipedia about Warden, it is even explained their on how it functions and operates, naturally some things may be inaccurate but for the most part the information is current and correct, again not speculation.

Learn what speculation means, try to be a less of a smart ass, it doesn't suit you one bit.
Nice try though .

 

Warden does not scan your process list, warden only handles the modules that Blizzard feeds the users at intervals that sometime spand more then 60 days. Scanning of a process list is easily done client side, completely independant of warden, which is just as "secure". For the same reason that any anti warden methods that include "disabling warden" is incredibly stupid.

You patch warden so warden doesnt work(thus does not return any data when it is requested)
Is this normal?
No.

Well look, seems about 100k accounts return no data when we request it, maybe we should hit the red button.

Whenever tripwire detects ANY modular changes to warden, it activates. It is actually not very difficult to build such a protection system, tripwire isnt failing because its failing to detect changes in warden

It is failing because warden isnt whats being used to detect HB, and the buddyteam is oblivious as to what is. Just like they didnt notice client side detection code for weeks after it was added in early 2015.

 

And my family works for Blizzard and I'm a GM. See? I can post entirely baseless and pointless appeals to authority as well. You still don't have anything but speculation.

 

Actually yours is baseless because it is simply not true and holds absolutely no value, difference being what I said can be researched, sadly Zmap and VC's Sc2 hack have been discontinued both due to being sued or the threat of being sued because their protection was simply that good, Blizzard could not utilize Warden to beat them in-game, that is fact, not speculation.

 

Do you not have a clue on how to read, that can scan your processes in the windows list, that is a matter of fact and you agree to it when you accept their terms and conditions. I linked you it to read from their ToS but keep being ignorant to what it says. The best anti-detections did not 'disable warden' they simply hide from being detected in one way or another, some anti-warden systems developed in the past were highly complex but never became detected, granted they were maphacks for Wc3 which granted isn't the same cash cow as WoW is.

Honestly, you have absolutely no idea how warden works if you think it operates in such a way, Warden does not request data which then is sent back to Blizzard, what the fuck are you on about? Warden scans for changes or abnormalities within their games, hacks / software being hooked in to the WoW process would be one example. Please do not talk about something if you have absolutely no clue at all how it functions.

You will find that it is highly likely Warden is still causing the ban waves and detection's are seeing, proof of this is simply that many people got banned running only enyo's for rotation purposes and do everything else by hand, they got flagged and banned. So did the hardcore botters, who bot all day, everyday. Some got banned after using the bot for a few hours and then stopping. This type of detection you will find is due to Warden detected abnormalities or changes within the WoW Process, it is afterall, what Warden scans for.

Keep talking nonsense though.

 

Process scanning detection is a fantasy ! Wow client run as normal user(unless you are stupid and run everything under the admin account), honorbuddy as admin => Wowclient can list processes of the user only,he CANT list admin processes on windows.

End of debate.

 

This exactly. My sister-in-law does actually work for blizz, she has for years. Did I get notified by her about some ban wave? hell no. she does dev work for overwatch and hasn't been on the wow side since MoP I don't think. Regardless just because you "know" an employee doesn't mean they are going to give you TONS of info on some ban or detection method. The people that do "know" aren't going to tell you anything for many reasons both legal and non.

Did I get banned? no. Was it because I knew some special way of getting around detection or that I'm special? no. It's literally luck and out of our hands to decide.

 

Based on my knowledge tripwire is there to prevent further detections once it has become clear that a detection has occurred - not to actually prevent the detection in the first place. Its only to lessen the impact.

 

my under standing of what tripwire is doing is preventing further accounts from loging on and further bans not used to detect if there is something running to bust everyone