Home > Games, Programming, Reversing, Windows > WoWMimic v53

WoWMimic v53

July 16th, 2009

Took a look at the latest build of WoWMimic yesterday. Yet again they claim to have made improvements to their “anti-detection methods”, and yet again I see little to no evidence of that. There really is only one word to describe the current state of WoWMimic and their attempts to fix their anti-warden stuff, and that is “failure”.

They have added another layer of obfuscation since the last build I looked at, but like all their obfuscation attempts their efforts are ultimately futile and it’s a 5 minute job at most to pull away all the crap and find the relevant code. What they did was simply add another level of indirection.

Simple explanation:

They use an INT3 (breakpoint) placed on the return address of the function they wish to hook, then they handle that exception in their vectored exception handler, but rather than go straight to their hook sub like previously, they now go to a block of code which raises a second interrupt. From there they handle that second interrupt and go to the hook sub. In short, all they’ve done is add another layer of indirection which is defeated by simply following flow from the exception address of that layer rather than the first layer. A very basic trick, obviously an amateur attempt.

Their hook on NtQueryVirtualMemory is STILL INSECURE. That’s right, after all this time they still can’t get it right. Sure, they fixed the hole that they got burned by in the last wave, but there are still at least 5 holes that I can see in that hook function alone, and 3 elsewhere. Plus, that’s only with a quick look! With an in-depth check I’m positive more could be uncovered.

Obviously I’m not going to tell them what all the holes are though, that would ruin the fun. But if I have some spare time this week I will write a new WardenMimic build, and we might just play a little game…

If anyone is interested, here is their latest code:


Thanks to Kynox for disassembling some misaligned bytes for me because I didn’t have a VM up and running at the time.

So, in summary:
WoWMimic is going in circles. It’s still just as detectable as it has been since day one. Every time they attempt to ‘fix’ one hole they end up opening up several more. It’s obvious their dev team have no idea what they’re doing. You’re free to waste your money on it, but imo you’re stupid for doing so, because at the end of the day you’re simply playing russian roulette with your accounts, and hey, you don’t need to throw money away to do that, there are plenty of free hacks you can use to get banned.


Oh, I have some advice for the Mimic team.

Rather than wasting all your time attempting (and failing) to obfuscate your code, why don’t you spend some time on actually implementing your anti-warden properly. Security by obscurity is stupid, because it only takes 5-10 minutes to undo what seems to take you guys days. The people you are up against (Blizzard) are not like you, they’re not amateurs. The Warden guy may be lazy, but he’s not stupid, so the only person’s time you’re wasting is your own.

Author: Cypherjb Categories: Games, Programming, Reversing, Windows Tags:
  1. July 16th, 2009 at 17:07 | #1

    As bad as ever?? Its a shame that still too many PPl using it.

  2. sodagod
    July 16th, 2009 at 22:02 | #2

    Listen Cypher, the mimic devs are idiots, and clearly they cant bring up the level of security to your standards, but it’s a half decent bot.. and at the moment the only half decent bot there is.

    Now, after the banwave i’ve managed to level another level 80 using mimic and a level 50 rogue and soon a lvl 80 DK aswell. So their anti-detection methods haven’t let us down just yet.

    Don’t be an asshole and code some sort of mimic detection software. YOU will be the one putting our accounts at risk, and your the one who’ll be hated.

    The only decent bot we have is mimic at the moment, if you can’t handle that then make your own or shut up.

  3. July 16th, 2009 at 22:14 | #3

    It’s got nothing to do with me not being able to “handle” it. I already have private bots/hacks, but I no longer play WoW anymore anyway.

    I’m going after Mimic because they keep saying they’re picking up their game and time after time I’m seeing that’s just not the case.

    The ball is entirely in their court. If they stop bullshitting everyone, I’ll leave them alone. If they continue to pretend they have warden protection though when they don’t, I’m going to keep exposing them.

    I don’t care if a bunch of randoms I don’t even know hate me, so don’t waste your time trying to guilt me out of it. If I want to expose Mimic then I’m damn well within my rights to do so, so how about YOU “handle that”.

    The only reason they haven’t “let you down” (by your definition) is that the Warden guy is slow. If they put someone with some energy in his place you would be singing a very different tune.

    In the end though, it makes no difference to me. I don’t play WoW, I no longer bot, etc. I’m simply working on my own projects and doing this stuff on the side as a service to those who request it, and to bring Mimic down to reality and show them that some people won’t put up with their nonsense, and if they try to lie they WILL be called on it.

  4. July 16th, 2009 at 22:55 | #4

    Mimic devs are assholes they did not say a Word for a Month in the official Forums and the Smeghead Brandon tells you to rename the exe and the DLL to be safe for detection….

    Mimi is a piece af shitload now.

    The only Pity is that Zuruss does not manage to get his Bot out.

  5. Do0z
    July 16th, 2009 at 23:15 | #5


    It’s good to see your still giving us feedback on the shitty work mimic’s dev’s are doing. Although it’s quite sad to see thousand of people support them and their shit work trough subscribing to them. Oh well stupidity is a well known subject trough out the bot users.

  6. Stuffy
    July 17th, 2009 at 01:40 | #6

    Cypher, I for one appreciate your work on this project.

    I am a former Mimic user, and was fortunate enough to avoid the banwave altogether (I have no idea how - just lucky I guess). Thank heavens I only paid a few bucks for it! Thanks to you I have now found another (considerably safer) bot to use, and can now sleep comfortably at night while my lowbie alts level.

    Keep on keeping on, Cypher!

  7. demise
    July 17th, 2009 at 03:39 | #7

    Cypher, great work yet again. I have a question for you. In one of your other recent blogs discussing mimic, you mentioned you are a maintainer of ISXWow. I stopped using and writing scripts for that when Lax stopped updating ISXWarden. Greyman posted a newer version minus some functionality that worked with the previous patch.

    My question is will there ever be, or could there ever be something along the lines that could be accomplished with ISXWow? I really miss the functionality that was available and just writing combat assist scripts, full on 5 man bots, etc was pretty amazing.

  8. July 17th, 2009 at 14:51 | #8

    Yes, it’s quite possible, it’s just that most of the people in the public botting world are newcomers who saw dollar signs.

  9. rille
    July 22nd, 2009 at 01:14 | #9

    Hi. cypher is Wowgremlin safe to use. or are they also retard with thier protection ? thanks

  10. Eradicator
    July 22nd, 2009 at 10:27 | #10

    Okay, got a question for you.

    In Diablo II and/or StarCraft, is Warden the same (as far as how it operates) or are there any differences that are notable?

  11. July 22nd, 2009 at 13:35 | #11

    There are notable differences. If you want more information try and coax it out of the Warden experts (Kynox, Harko, etc).

  1. No trackbacks yet.