In the World of Warcraft folder, you will find a program with the name "SystemSurvey.exe". This program is automatically being invoked by the launcher (I think) on a regular basis. Did anyone ever analyse what's being sent during this session? Particularly this section in the LOG file (folder C:\Users\<username>\AppData\Local\Blizzard Entertainment\System Survey) caught my interest : [2015-04-04T01:04:25Z][..\source\report.cpp:245][INFO]: sysinfo_get_storage_devices(system): successful [2015-04-04T01:04:27Z][..\source\report.cpp:249][INFO]: sysinfo_get_installed_products(report): successful [2015-04-04T01:04:27Z][..\source\main.cpp:157][INFO]: Sending Report...
Hi Aetheric, afaik this is the systemsurvey they utilize to qualify your PC for beta etc. but you will only get a straightforward answer from Blizz on that You should keep in mind that everything we do is basically "reportable" and sometimes in benevolent attitude. As an example Blizzard actually checks if a instance is run via Vine on a Linux system and it adapts the game to this. This makes a whole lot of sense and so does checking for system issues and installed versions. If you just run msinfo32 on a Windows 7/8 machine you will open the System Information Tool that shows you a lot of Software iInformation about yor system. If you have WER (Windows error reporting) enabled (I could bet most do) and there's a truckload of errors reporting misbehavior of your honorbuddy (Launcher mostly), so the sheer fact that honorbuddy is installed is readily available. Should you have any doubt just run wmic product where "Name like '%honor%'" get Name, Version on a command line. The question whether blizzard can "see" what you have installed on your system or not is not a "can it be detected", it's rather are they willing to go down that path and intrude on their users privacy etc. Warden 2.0 has been modified in 2010 to "only" scan game memory space to detect 3rd party interference thereof but if this is really the case and or if this has been modified only Blizzard can tell. As for further information regarding the systemsurvey.exe, please check below(I modified it, where you find a lot of XXX): VERSION LegalCopyright: © 2013 Blizzard Entertainment, Inc. InternalName: SystemSurvey_d FileVersion: 2.2.1.37 CompanyName: Blizzard Entertainment, Inc. ProductName: SystemSurvey ProductVersion: Version 2.2.1.37, Data Version 2, Git Revision v2.2.1-5-g487a706 FileDescription: SystemSurvey OriginalFilename: SystemSurvey_d.exe PACKER Microsoft Visual C++ ?.? REGISTRY HKEY_CURRENT_USER\Software\Blizzard Entertainment\System Survey\ CREATES FILE C:\Documents and Settings\Administrator\Local Settings\Temp\systemsurvey_XXXXXXXXXX.zip CREATES FILE GLOBALROOT\Device\0000001a CREATES FILE Scsi0: CREATES FILE GLOBALROOT\Device\Ide\IdeDeviceXXXX CREATES FILE C:\Documents and Settings\Administrator\Local Settings\Application Data\Blizzard Entertainment\System Survey\log.txt CREATES FILE C:\WINDOWS\system32\WBEM\Logs\wbemprox.log CREATES FILE GLOBALROOT\Device\Ide\IdeDevicePXXXXX CREATES FILE GLOBALROOT\Device\00000061 CREATES FILE \Device\Afd\AsyncConnectHlp CREATES FILE GLOBALROOT\Device\00000042 CREATES FILE Scsi1: CREATES FILE PIPE\lsarpc CREATES FILE \Device\Afd\Endpoint DELETES FILE C:\Documents and Settings\Administrator\Local Settings\Temp\systemsurvey_XXXXXXXXX.zip CREATES MUTEX Blizzard System Survey WINSOCK DNS iir.blizzard.com Network Details: DNS iir.blizzard.com Type: A 12.129.242.24 HTTP POST Blizzard Entertainment - Error! User-Agent: blizzard-systemsurvey/1.0 FLOWS TCP 192.168.1.1:1031 ➝ 12.129.242.24:3724
I don't trust that. I don't trust Blizzard one bit. I have no reason to believe they aren't abusing their scans, and in fact, recent developments have given me way more reason to think they are absolutely overstepping the boundaries of just scanning "game memory space". I don't believe them at all.
While I agree that is very likely Blizzard could be scanning beyond their allotment, I don't understand what it has to do with being a US company. Also, thanks EazyD for the provided information. Much useful.
@QEazyD : Useful information. Thank you very much indeed! I also noticed that this routine creates .json files, containing your WoW settings and the addons you're using. Which is interesting, since the first shifting between 64-bit clients (non-HB users) and 32-bit clients (potential HB users) is an easy one for them - that narrows it down quite considerably already.. Which also means, never use any addons related to HB or its combat-routines etc.. Just saying, no anti-HB sentiment here ..
I think hb should just go to 64 bit - we wait any longer the only people that will be running 32 bit will be just the botters lol.
Personally, I block all network access to systemsurvey.exe and have done for years. I haven't opted in for any "survey", and I've never had any issues running or playing WoW with this process blocked. The only reason I mention this is to let others here know that blocking the process will not cause any problems for you if you wish to do so. In fact, I'd recommend it for obvious reasons. We don't know for sure what it does, and while I'm not implying that this process is doing anything malicious, surely it's better to err on the side of caution. I also agree HB needs to go 64 bit. Right now WoW defaults to using 64 bit so most people are running it without even being aware. There is very little scope for people needing to forcefully set their client to 32 bit, as 64 bit compatibility is very good. It's not perfect, but by and large it's workable for the majority of people. Using 32 bit is and will become a tell-tale trait in the future if HB is not updated. I understand it's going to be complicated to update- I'm not claiming it's easy, but it's something that needs to be done. We may even find one day that Blizzard will drop the 32 bit client altogether and force people to use the new one.
Except they can not do that with their current architecture (At least how i understood it). They use 32-bit client because there windows allow them to freely access RAM of other programs, where in 64-bit the RAM is restricted to the parent program, and not just every program, hence making "hooking into" WoW quite another challenge.
not sure, someone should check on that. I'd imagine it's pretty massive on 64 bit. Any pc built in the past 5 years is prob running 64 bit. you must have a really old/cheap cheap pc if you can't get 64 bit.
Pretty much any comp can. My "beastly" machine built in 2008 with the great vision of being able to run Age of Conan handles 64 bit perfectly. I'd also bet that the main usage of 32 bits is not located in the US or EU servers. In these servers, maybe 10% of the population use 32 bit, and obviously most are bots. Just like playing for a week straight.Does that identify a bot 100% sure? No, but is does with a 99 % chance. Similar situation with the 32-64 bit issue imho.
You dodge to see the big picture, don't you? US doesn't mean USA only, but this region have dozens of other countries as well. I can name pretty huge number of countries in both US and EU realm regions mostly with computers, suitable to run the 32bit client only. So this 10% assumption is very inaccurate. But hypothetically, lets say its 10% clients on US region running 32bit systems, and half of them are , running bots, then the other half are legit players running on low-end systems. So this fact delivers 5% false-positives off the total WoW subscribers on the region, or 50-100 000 players, which got actioned for botting, when none of them had botted indeed. Here you are quite right, the common sense says it all!
Who spoke about actioning? If you have 10 million accounts to look upon, and this allows you to reduce the amount of possible offenders to 1 million, that's amazingly efficient. It will save 90% of their time. I think you should open your mind a little mate. No one is trying to blame HB for anything, you don't have to defend them. We all know we owe them a lot. This is merely trying to speculate how to establish a safer environment for botting purposes. So, is in everybody's best interest.
Its definitely correct, but here we are trying speculations about the right methods Blizzard are using for flag&action botting accounts, not about defending or blaming anyone, be it HB or 3rd party. And this approach of filtering out botters out of the whole community, even if have some ground, cannot be productive for Blizzard, so I think it is pointless, and we should focus in more common sense scenarios
My SystemSurvey log file has uuid... This may affect the bans? Code: [2016-03-30T12:04:16Z][..\source\main.cpp:684][INFO]: System Survey 2.3.0.42, Data Version 3, Git Revision v2.3.0.38-37-g4de5d47, Copyright (C) 2013 Blizzard Entertainment. All rights reserved. [2016-03-30T12:04:16Z][..\source\main.cpp:697][INFO]: Generating report... [2016-03-30T12:04:16Z][..\source\report.cpp:420][INFO]: sysinfo_get_system_product_info(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:421][INFO]: sysinfo_get_system_has_battery(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:422][INFO]: sysinfo_get_physical_memory(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:423][INFO]: sysinfo_get_bios_info(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:426][INFO]: sysinfo_get_vm_info(system): successful [2016-03-30T12:04:16Z][..\source\sysinfo\win\os_win.cpp:137][WARN]: Windows Assessment State: 3 [2016-03-30T12:04:16Z][..\source\report.cpp:429][INFO]: sysinfo_get_os_info(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:432][INFO]: sysinfo_get_cpu_info(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:435][INFO]: sysinfo_get_video_adapters(system): successful [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:600][ERROR]: pEnumerator->GetDefaultAudioEndpoint(eCapture, eMultimedia, &defaultInputDevice): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:600][ERROR]: HRESULT 0x80070490 (-2147023728): Элемент не найден. [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: pDevice->Activate(__uuidof(IAudioEndpointVolume), CLSCTX_ALL, nullptr, (void**)&pEndpointVolume): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: HRESULT 0x80070490 (-2147023728): Элемент не найден. [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: pDevice->Activate(__uuidof(IAudioEndpointVolume), CLSCTX_ALL, nullptr, (void**)&pEndpointVolume): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: HRESULT 0x80070490 (-2147023728): Элемент не найден. [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: pDevice->Activate(__uuidof(IAudioEndpointVolume), CLSCTX_ALL, nullptr, (void**)&pEndpointVolume): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: HRESULT 0x80070490 (-2147023728): Элемент не найден. [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: pDevice->Activate(__uuidof(IAudioEndpointVolume), CLSCTX_ALL, nullptr, (void**)&pEndpointVolume): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\audio_win.cpp:636][ERROR]: HRESULT 0x80070490 (-2147023728): Элемент не найден. [2016-03-30T12:04:16Z][..\source\report.cpp:438][INFO]: sysinfo_get_audio_devices(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:441][INFO]: sysinfo_get_input_devices(system): successful [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:516][ERROR]: DeviceIoControl(device, IOCTL_CDROM_GET_CONFIGURATION, &configInput, sizeof(GET_CONFIGURATION_IOCTL_INPUT), config, CONFIGURATION_DATA_BUFFER_SIZE, &returnedLength, NULL): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:516][ERROR]: Win32 Error 0x00000001 (1): Неверная функция. [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:449][ERROR]: DeviceIoControl (scsiDevice, IOCTL_SCSI_MINIPORT, buffer, sizeof(SRB_IO_CONTROL)+sizeof(SENDCMDINPARAMS) - 1, buffer, sizeof (SRB_IO_CONTROL) + sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE, &dummy, NULL): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:449][ERROR]: Win32 Error 0x0000045d (1117): Запрос не был выполнен из-за ошибки ввода/вывода на устройстве. [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:516][ERROR]: DeviceIoControl(device, IOCTL_CDROM_GET_CONFIGURATION, &configInput, sizeof(GET_CONFIGURATION_IOCTL_INPUT), config, CONFIGURATION_DATA_BUFFER_SIZE, &returnedLength, NULL): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:516][ERROR]: Win32 Error 0x00000001 (1): Неверная функция. [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:449][ERROR]: DeviceIoControl (scsiDevice, IOCTL_SCSI_MINIPORT, buffer, sizeof(SRB_IO_CONTROL)+sizeof(SENDCMDINPARAMS) - 1, buffer, sizeof (SRB_IO_CONTROL) + sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE, &dummy, NULL): failed [2016-03-30T12:04:16Z][..\source\sysinfo\win\storage_win.cpp:449][ERROR]: Win32 Error 0x0000045d (1117): Запрос не был выполнен из-за ошибки ввода/вывода на устройстве. [2016-03-30T12:04:16Z][..\source\report.cpp:444][INFO]: sysinfo_get_storage_devices(system): successful [2016-03-30T12:04:16Z][..\source\report.cpp:447][INFO]: sysinfo_get_bluetooth_radios(system): successful [2016-03-30T12:04:25Z][..\source\report.cpp:451][INFO]: sysinfo_get_installed_products(report): successful [2016-03-30T12:04:25Z][..\source\main.cpp:739][INFO]: report uuid: 960D551F-3FD9-4E47-8D03-372D06628EA0 [2016-03-30T12:04:25Z][..\source\main.cpp:740][INFO]: user uuid: 52A1819E-29D1-44D4-B654-7423500071F8 [2016-03-30T12:04:25Z][..\source\main.cpp:741][INFO]: report datetime: 2016-03-30T12:04:16Z [2016-03-30T12:04:25Z][..\source\main.cpp:743][INFO]: report system uuid: 7C50A705-1F60-F1AC-BE5E-5466A84D37AC [2016-03-30T12:04:25Z][..\source\main.cpp:168][INFO]: Sending Report... [2016-03-30T12:04:28Z][..\source\main.cpp:216][INFO]: Report successfully sent! [2016-03-30T12:04:28Z][..\source\main.cpp:758][INFO]: Exit value: 0
