So, after reading Robotos forum post, I decided to google how to detect memory injections, which is in general how bots work. Apparently there are a lot of ways to do detect and a lot of ways to obfuscate the injections. Here is one stack overflow link: http://reverseengineering.stackexchange.com/questions/2262/how-can-dll-injection-be-detected One of the methods in that link is Robotos analysis of agent.exe I would assume that detecting bots has not been a priority for blizzard, until they became a problem and after they finished up major game play elements. Then they just picked a couple of methods in that link and caught us. It would be cool to know exactly how they did it.
It would be cool, but we'll never know. As you pointed out, there's multiple ways they could detect us. What it really comes down to is if Blizz wants to know who's running HB, they'll have no problem figuring it out, no matter what security measures are put in place.
