Home > Games, Programming, Reversing, Windows > WoWMimic PvPAdvance v14

WoWMimic PvPAdvance v14

Bored, so I took a look at the new version of WoWMimic PvPAdvance to see what they changed. Unfortunately v13 wouldn’t run on my PC,  so I don’t have anything to base it off, but when the next version comes out at least I will. I’m not surprised at all that there have been bans for this tool, its anti-detection is even worse than WOWMimic itselfs.

What they’re currently doing:

  1. Unlinking the module.

No. Seriously. That seems to be it.

They’re not hooking VirtualQuery (or any of its lower-level code paths), and they’re not even nulling out their PE header. This means that a Warden scan that is CURRENTLY IMPLEMENTED can be used to detect their module, all the Warden dev needs to do is add a new hash.

My guess is that with the bans from the previous version they made minor changes to their code, which changed the module hash at the point Warden was scanning, noticed they weren’t getting bans anymore, and assumed they fixed the problem. That, or they’re too lazy to fix it properly. Either way they’re idiots.

Epic fail. Quite disappointing really, that only took a minute or two to check and now I’m bored again.

  1. geoff
    May 29th, 2009 at 18:47 | #1

    did this surprise you? honestly not taking the piss.
    I would send a complaint to mimic - thats 2min of your life your not going to get back.

  2. Heyzeus
    June 5th, 2009 at 11:51 | #2

    Have you taken a look at PVPAdvamce v15?

  3. June 5th, 2009 at 14:08 | #3

    Nope, Didn’t realize it’s out.

    Thanks for the heads up, I’ll take a look.

  1. No trackbacks yet.