In-game Thottbot Browser
 

Hello guys..

I would like someone to try out my mod that makes you able to surf Thottbot in-game..

How it works:
- you enter /tbsearch something and a window should pop up, only clicking works, you can't type in anything (you don't need to anyway) - so you can still move around in the game..
- if you hold the CTRL button, you can click trough the window (so you click on the thing that is under the window)
- if you right click on the grey title bar the window minimizes into the titlebar (this is useful because the game runs a bit more laggy when the window is open, but when it is minimized into the titlebar it's not any slower)
- you can drag the window around by clicking the titlebar, dragging around and releasing (with the left mouse button)

How to install *IMPORTANT*:
You have to extract all the files into the World of Warcraft directory. When you want to play the game with the browser enabled you MUST run WoWeb.exe INSTEAD of WoW.exe! It does not work if you use WoW.exe (you will also see you cannot turn this "addon" on\off in the game). When the game starts up, you should see a notification in the upper-left corner of the game window, that WoWeb has loaded. Sometimes it fails to load (but this is very rare.. 95% of the times it does), but i am still working to resolve this. Just make sure you use WoWeb.exe

There still may be some minor bugs so please tell me if you find any.. I hope it works for you.



MrB.

Please not that this program has NOT been scanned for viruses nor been approved by any of the WoWI admins. Use it at your own risk. I personally scanned it and found nothing, but that doesn't mean that it is safe. Please scan it with your own virus scanners and post anything found here.

This is also used in place of WoW.exe so it may well steal passwords. For now, I would suggest not using it.

Yes i agree it is a risk because it is an exe file, so i would like to ask the administrators to approve my files. I would assure you they are OK, but it wouldn't make any difference, would it :)
About password stealing, i guess check if the program connects to any other sites than thottbot.com (which it does not). But anyway, hope you like it after it's checked.

MrB.

Why don't you just post the source? Let us compile the program ourselves :)

mrbrdo, we don't allow links to off-site mods on this site. If you would like to submit your mod, complete with source code for us to check, you are welcome to host it with us.

I will publish the source code only if and when I, me and myself decide to. I also do not need any hosting (i don't know where you got that idea) and last time i checked you're not the one doing me a favor, but it's rather like wise. I don't see how you can determine anything from the source code if you can't do basic things like scanning network activity, which is perfectly enough for your needs. There's nothing i hate more when someone is demanding source from me. When you understand that seeing someone's code is not a right, but a privilege, then call yourself an admin of a good site. Not to mention the fact that the code could easily be used for abuse and misuse.

Goodbye

I don't think it's out of line for admins to request source code especially for a program like that.

It's an executable that hacks the game client to access the internet. There's three strikes right there.

/agree

She isn't saying it to be rude. And its not like she will release it to anyone who wants it. The admins just need to be able to look through the code and make sure it doesn't do anything wrong.

WoW. Your first post was great and polite, and then you comeback with this?

First, a private forum such as this one, has every right to request anything that may be linked from it to ensure they are not violating any rules. Rules such as the TOS/EULA for WoW.

Also, since you are able to write source code, you know very well that any application can contain functions that do not always run. Merely checking the "network activiy" as you put it is little to no indication that your application isn't doing anything it is not supposed to be doing.

There was no demand, only a request to check what it did. As I said before, the admins of this site have every right to allow/disallow what they want. The admin here is good and correct for not allowing a link to a 3rd party download that has the potental to cause problems.

Lastly, your application there is a violation of the WoW's TOS/EULA since it replaces a file used during WoW's running and allows a function Blizzard deliberatly removed from the game in Beta (the ability to search Thott from within WoW).

Although I don't usually post here, I just read to find out opinions about MODs before I try them. Unfortunately, seeing someone so blatantly act like a complete jackass when a justified and minor question is asked such as giving the source to the admin of this website, I would tend to not want to try your AddOn even less. If it was a legitimate modification that did nothing heinous or underhanded to someone's computer, then there should be no trouble giving over the source for verification by the Admins. However, your rude and uncalled for post in response to the inquiry about your souce code would lead me, and I'm sure others, to now believe that your program is a bogus password stealing hack.

Not only does it violate the TOS and EULA of World of Warcraft, but now I would venture to believe that it would be used to steal accounts and destroy them just for the sake of giving your bored, immature mind something to do other than act like an ******* on public forums. If Blizzard wished us to be able to browse the web or search the web from within World of Warcraft, it would have been built in and shipped with the original game or within some recent patch.

The only thing you've done is make yourself look like a complete jackass, make your program look even more shady than it already did and insult the Admins of a great site that would have been happy to host it. Unfortunately those who read this thread will now know that your Thottbot search Addon, posted by whomever, wherever is just another attempt to hack accounts and break through Blizzard's planned protection of their game and their customers.

Personally, I'll be glad to not see you at this website any longer.

GOODbye,
- Gregoryn of Kel'Thuzad

With all due respect. Here are a couple of things to consider. Using this forum is a privilege not a right. So as such, we have the right to moderate what gets posted. We don't allow links to download things on other sites.

This leads one to believe that you attempted to upload the files. As per our normal policy, the only way we feel comfortable hosting exe files is to review the source before hand. Again, that policy is within our rights as hosting files here is a privilege.

I'm sure you understand as a coder how easily it is to misuse code as per your first statement. We just wish to ensure that our users are protected, and sadly that is the only way we can.

We hope no ill will and just wish to provide the best protection for our users. This seems like a very neat idea and I would like to see how it works. If you are ever in need of hosting of this impressive idea, though we shall have to review the source.

So let’s dispense the unpleasentries and get back to being reasonable adults.

Come on guys, we appriciate the support. But please, lets make sure to keep things civil.

Just curious, but who isn't being civil that's supporting you? I don't believe anything said prior to this was really that uncivil. I'm sure a "stfu n00b" or a "learn2play" could and probably would be classified as uncivil, but I have yet to see a response take that turn. The only thing I've seen so far are well thought out, intelligently written replies from people who have nothing but the best interests of this site at heart. Although a "neat" idea, it is still against the EULA/TOS and was a feature removed by Blizzard after beta.

The only person who I feel was being uncivil was MrB's reply to the request for his code. Other than that, until I see a 12-year-olds reply as mentioned above, I think everyone supporting the Admins here is being more than civil, which is more than MrB deserves.

Nothing specific, just wanting to keep things from getting out of hand :)

Thank you all, for your support and understanding of our stance on such things. It is to protect *everyone* involved that we have these rules. It protects the *legitimate* coder community from slander and accusation, it protects our end-user community from malicious code and it protects our good name as somewhere that everyone, from coder to user, can trust and count on. It's good to know that our users support us in this. :)

Goodbye .. nice attempt at keylogging ..

Advice do NOT DO NOT use a exe to launch wow.

When reading this I just rememered the "Trusting Trust" problem (anybody knows of it?).
It describes how there can be 'evil' code in a program without being in the source code itself

Luckily this can't be applied to lua since lua is a script language :) (and I trust the interpreter build in WoW, or shouldn't I ;) )

can't you just alt-tab to a browser while playing? I play WoW in windowed mode and frequently alt-tab over to my browser. it shows over top of the game so I can still see whats going on while playing. I don't think you need an addon to do this. Granted, the browser doesn't appear as a WoW frame in-game, but the result is the same, you're seeing your browser over top of the game.

yeah this idea is pretty useless, and seems like such a blatant attempt at getting other peoples accounts. Befor I realised what a waste of time a mod like this is, I still never bothered trying it due to the simple fact that it uses an external .exe to launch the game, which in games like WoW, is a huge no no.

come to think of it, the general idea could be useful. i.e., a utility which would provide communications between the game/lua world and the "outside" windows world, allowing you to tie out-of-game actions with in-game script behavior. so you could have something in-game which triggers an Email getting sent for example. Granted, I'm not entirely sure where Blizzard's policies would fall with this sort of thing, but purely from a technical standpoint, I could see the use.

so although this particular application, viewing a web page, might not be all that useful, building a generalized tool to do this sort of thing could be.

I agree with the author that no-one can make them release the source for their code. I also agree with the site admins that no-one can make them host an AddOn which doesn't comply with their rules. Bottom line is that releasing the source would probably be the only way to get widespread use of such a tool.

It is no minor thing. This application is closed-source and it will remain so until i decide otherwise. It's not the first application that is closed-source, nor it is the last and it's not the end of the world. For godness sake, Windows is closed-source, so why don't you skip to Linux? It's just a thing every programmer has to decide for himself and it's my decision to make, not yours to judge. It is not me being rude if i don't want to give my source code away, as 90% of applications made for Windows are closed-source anyway. So think before you judge me. Also, "Jorrit Jongma" contributed his code when i started making this application (he did the same thing for another MMORPG), and i cannot release any source code, even if I wanted to (which i don't), without his approval.

Oh i forgot to read the second page... Well, do you really have a legit version of Delphi, the KOL library, DirectX9 headers for Delphi and MadShi CodeHook library? Because if you don't, i don't see what you could do with my code.. You can look trough it, sure, but how will you know that is the code i used to compile the final exe? The only way is for you to compile it and use your exe and dll instead of mine... For which you need legit apps of course.

Oh one more thing, about submitting accounts.. You could hex edit the executables and dll file and you would see that WinSock and\or Wininet is not used at all. I don't see any other options for submitting the accounts anywhere. I don't think the IE ActiveX control supports sending any special data (except forms filled with user input), but i could be wrong...

No offense again, but poor comparison.

Microsoft == Multi-billion dollar International Corporation who would have hell to pay if their code did something bad.

You == Guy who posted on a forum two days ago who could just disappear if theirs did something bad.


The same can go for a great deal of closed source software.
In addition, any of the small outfits that write closed source applications can go through the same inherent mistrust or at least trepidation.

I'm not judging you for keeping your source closed. That's your decision. However in the wow addon community people don't, as a general rule, like installing exes and many will never do so unless they have read the source or the source has been read/wrote by someone they trust.



I apologize if we’re the first to apprise you of this condition. That is just the way the average member of this community is.

You could simply use html to make the ie control send data to any website.

Sorry, but I don't see it happening... I can't really trust you with the code, as i don't really know you. As i've said, misuse of the code could lead to game hacking, account stealing being one of the options too, yep. I understand your situation, but you should understand mine also. I will not send the source code to anyone, even if that leads to not publishing the application, which i am very sorry to hear, since it took over a month to complete everything.

Kaelten: I guess you are right, I never tried it though.

I'm sorry to hear that, unfortunately we are in a conundrum and have to stick with our policies as well, for much the same reasons you have listed.

They don't discuss policies often, but it would be frowned upon if it was done in the OP's method. Maybe not to a point to put it on Warden's watch list, but it would circumvent extreme effort on Blizzard's part.

There was no lua or xml at all in the original program. To get the slash command to work the program has likely modified/scanned the game client. Even something as roundabout and seemingly harmless as planting an entry in SlashCmdList that triggers an event seen by an outside polling program is bad. Simply adding a SlashCmdList entry with an executable is like breaking and entering. I have a hunch the program didn't go this route, and immediately thought of the alternatives when the OP mentioned the potential for abuse of his source.

Having an executable to start WoW is also bad karma. Cosmos' patcher does this and it's fine and legal, but the patcher only runs, then starts WoW and ends itself. It's a glorified .bat file. The executable in the original program likely stuck around to modify the game client.

Overlay programs like the teamspeak and winamp ones are fine since they don't touch the game client at all. They don't depend on WoW and don't even care about WoW running. A generalized tool should look in that direction. I'm sure we'll eventually see a top-level browser in some form, but to be legal it shouldn't add slash commands to the game and it should try not to require changing which executable starts WoW.

Source code revealed or not, I don't think this program belongs on a legitimate mod site.

Also, you are mistaken in quite a lot of things. Firstly, the EXE program does not stay and run in the background at all. Secondly, i don't know what SlashCmdList is, the only thing i do is reroute the GetMessage API and check keyboard input before passing to the rest of the chain. And yes, i don't know if it's legal or not, probably it is not as far as the method of injection is concerned.. If it is possible to load a dll by script, please tell me about it and i'll be happy to give it a try. Then there will be no need for the exe file at all. Note that WoW.exe or any other World of Warcraft files do not get modified in any way. Only memory is patched. I would assume that the Winamp control program uses a similar method of injection.

cheers

Patching the client memory (modifying the client) is what makes it illegal. There are two type of winamp "mods" around:

One is mostly a conventional type of mod. It has lua/xml script that works in game. However it exploits a hole in the UI (key bindings) to save information in real time. A separate polling program watches for those changes and works winamp from there.

This method is being killed in 1.9 by Blizzard. The bindings-cache file will not update in realtime but only on reloads. They've done this many times for other holes like the config.wtf file and chat logs. They don't want mods interacting with outside programs in real time. It makes botting more accessable to the masses. The winamp mod that uses this does not modify the game client at all (patching its memory or hooking parts to an outside program).

The other winamp "mod" is a directx overlay program that sits as a top-level frame and has no relationship to WoW. This one is safe. It can run with or without WoW and is as legal as a calculator applet that runs as a toplevel frame.

Neither of these winamp mods patch client memory or alter the client as your program does. Blizzard doesn't want anyone injecting executable code into their game outside the scripting system that they gave us.

If the program can be modified so it's a window summoned by a global key and has no hooks or relationship to WoW, it'd likely be perfectly acceptable and probably a very successful program.

Gello this is where you are wrong. If it is a DirectX overlay program then it is patching WoW's memory, much like XFire does, which is "legal" too btw. There is no other way to make something appear on top of an DirectX window, as far as i know (i've gone pretty deep into that while researching how to make this mod).

If you want proof of this, run XFire, run WoW.exe. You will see XFire works. Quit WoW.exe. Rename WoW.exe to for example WoWa.exe. Run WoWa.exe. XFire will no longer work. This is because XFire sets up a global hook and patches all games' memory it knows on startup. When you rename the main WoW executable, XFire will no longer recognise the game and will not patch it, thus XFire will no longer work in the game. This is also one of the reasons i will not release the source code, as someone could make something like XFire from it, with minor effort, and even sell it. I don't really see XFire being illegal, do you? It does essentially the same thing as my program, so why would my program be illegal then? Only difference is essentially, that XFire hooks keyboard input, while i hook mouse input aswell. But that makes no difference in legality terms..

That's interesting. I was under the impression that it hooked the DirectX API, sort of a specialized display driver. So xfire will only work on games that have been specifically programmed for it to work?

As opposed to going through all the hooking to intercept key events and to get your rendering overtop of the display, why not just run WoW in windowed mode and Alt-Tab to your web browser (or Email, or IM, or whatever)?

It seems to me there's a really, really, simpler solution to the problem of wanting to view thottbot while in game :-) All this back and forth about DLL injection, hooking, having closed-source EXEs run, etc. seems unnecessary.

coder well, a matter of taste i guess.. i really hate alt-tabbing all the time, especially because it takes me at least 5 seconds before wow minimizes, and then at least 5 more until it maximizes again..

Gello: As far as i know, yes. The only specific thing it has to know about each game is it's executable name though. My application would work the same with Anarchy online, for example, i'd just have to edit the launcher to launch it's executable instead of WoW.exe.

I also made a screenshot for you to droll on =)

thats because you're running in full-screen mode. if you enable windowed mode, Alt-tab'ing is instant. WoW doesn't minimize in that case, your browser just pops up right over the game. See the below image. I always run in windowed mode now for that reason, I can switch around very quickly between WoW, explorer, my browser, my text editor, etc.

that looks very nice.. you are running in windowed mode but it's still over the whole screen? how come? is the taskbar always visible like that?
You do know that 3d acceleration is better in full-screen mode, right? I think when it all started it wasn't even possible to run in windowed mode (didn't work).. also, my monitor is pretty small so i don't want to waste any space =P i like it very much the way i made it now, much more than alt tabbing.

I run 1600x1200 in maximized windowed mode. I get about 60-100 fps. I also do 1600x1200 on my desktop and so for me alt tabing has no lag at all.

The taskbar only shows up when you have another window in the front. When you alt-tab back to WoW, it goes away and you only see WoW. So, you simply switch over to your browser, do what you want, and then switch back.
I've seen no performance loss with running in Windowed mode. Runs very nicely and allows me to instantly view whatever other windows I want. Perhaps it wasn't always this way, but it works very nicely now.
I haven't found this to be an issue, seeing as how you're not sitting at those other windows 100% of the time. you switch over to them briefly to see what you need and switch back.
there's always personal preference, and your window overlay is very well done. it looks very clean. As a programmer I can appreciate what you've created. I just think that, in terms of the original problem at hand, running in windowed mode and alt-tab'ing is more than sufficient and avoids the hooking and DLL injection business and the need for an .exe.

I do find the technique of overlaying on top of DirectX very interesting. I wrote an open-source utility called TSDisp awhile back which uses the DLL injection/hooking to get itself into the TeamSpeak process and provides a stay-on-top window to show the name of the current speaker. I only went as far as just making a Windows stay-on-top window, though, so for DirectX fullscreen mode it doesn't work. Granted, when running in windowed mode it works. I wanted to dig around and figure out how to get the window on top of the DirectX display, but haven't taken the time to figure that out yet.

I find it hard to believe a person that can write a program does not know that you can hide the start bar

2 cents ..keep the change

windowed mode covers at much space as you want it to ..you can run it at 800x600 even though your desktop is at lets say 1920x1200 .. it just makes a smaller reso. if you match them then yes it fills the whole screen. I think you can even hide the borders.

later

I've never liked the task bar being auto-hidden, but you're right, if you enable that it doesn't show up. and, seeing as how you can get rid of a lot of the IE toolbars you don't need, you can get something which looks pretty decent and doesn't really take up extra screen space. See the updated screen below. The key is just turning on windowed mode in the WoW video settings.

Windowed 3D applications don't USUALLY hide the taskbar, might you have noticed or not...

the task bar isn't visible unless you're alt-tab'd to another window. and you can avoid this, as I indicated above, by simply turning on the auto-hide taskbar feature in Windows. personally, though, I don't bother with that. If you are concerned about screen real estate, this would work for you.

actually the wow option of 'Maximized' hides the task bar for me no problem.

Yes, however that does not mean games usually do that. I have never seen a game with full-screen windowed mode myself, TBH.

ya the feature started out as a mod, but then blizzard made it part of the game.

Well, i've come up with a solution for "browsing" Thottbot without using any "memory" exploits.

Anyone noticed the LoggingChat(); function in the WOW Api?
What i basically do is activate this function, write a message to the default channel and then parse the log with an external program which then retreives the requested search from thottbot.
Now, the only thing it can do is get you the map pointing to that particular mob. (http://www.thottbot.com/?m=87288&s=b like this one). I save the jpg image and then load it back in the client (using know methods).
I don't have nor time nor the will to expand it further, besides, this is pushing WOW Moddability way too far.



p.s.: that's something that will never leave my hardrive. not as if anyone was going to be interested anyways :D

yea, but thats assuming that the chat logging feature continually "flushes" the data to the file. it probably does this now, but if a mod like this were released, they'd probably just change it so it only flushes the data once per minute or something and this would break.

also, I think the issue with the original poster's mod was not that it was a memory exploit but that it couldn't be posted here unless source code was provided. i.e. it was just a policy issue with the site regarding requiring source.

I couldn't of said it any better Greg. /Kudos


i-right-i

Regarding the chat log... I was surprised to see it working in 1.8. I did try it before and never got it working. Besides, I expect Blizzard to break/fix (depending on which side you are) again in 1.9 so no big deal. :)

Did i say i agreed with the original poster? Didn't seem like it to me...
It is hard enough to cope with people tagging you as a "cheater" for using mods and macros and seeing people making it even harder by using "dirty tricks" (altough, you'll have to admit it, clever ones... evil, but clever... there's no limit to human immagination) just sickens me.


p.s: I won't question this site's policies but, two things.
1. There are other ones around.
2. Why blame someone for creating an account stealer without having seen what he has done? If you fear that he might send you passwords around the net... there's a simple answer... pull the plug :) And use a sniffer. Enough said. *goes back to coding*

p.s.s.: or, if you know assembler, decompile the binary. kudos.

If you'll notice, the site admins that have responded to the thread haven't accused the OP of a single thing. All we have done is explain our policy and why we have it in place. The option always remains with the authors on whether they choose to host with us or not. If they want to host with us and their mod has an executable, they provide source code for us to verify. If they don't want to honour that, they don't host with us. There is no accusation, there is no debate. Our policies are in place to protect everyone, as already stated.

/bow

Have a nice new year's eve.

Already "skipped" to Linux, so thanks for the suggestion...

Take this as you will, as I mean nothing harsh by it. This site has always, and will always approve files of all kinds before they are provided for download. We will NEVER support something that hasn't gone through approval. You can either choose to accept this, or go elsewhere. There have been others who have provided source and applications for approval on this site, as well as gone through extensive beta testing before being full hosted by us.

If you don't need hosting by us, and you consider your code too closed to offer it to us for approval, then you really have no business using us as a springboard for any kind of testing or announcement of mod release. The minute we allow someone to post code without approval, is the same minute that we allow malicious code to be hosted here. I am not saying your code is malicious -- but we don't know you. Just as you don't trust US with your code, we don't trust YOU with our hosting...

Beladona well you're late.. This has already all been said and i kinda got it...

Aw, this looked interesting too =(
Not that I need it, but, I like looking at nifty things like this =D

I am out of town so my time has been limited online lately. Sorry for rehashing what was already said. I am glad you "got it".

Just be mindful of the rules, the mods, and the admins, and be polite to everyone, and all will be fine with you and this site...

thats pretty huge to change an exe or even to modify it.

You could always load it in a VM session and then use Ethereal to see what IP's it calling to.


Save the logfile then use www.whois.sc or www.dnsstuff.com to verify where the IP's are phoning home too.

Also you could check for other nasties like rootkit installers using RootkitRevealer, services.

Or even just install it on a VM Maching using INCTRL to see what it drops. What registry keys, values, etc.

but that would take some time :)

?
 

If we did trust the guy...or be willing to take a chance for a seemingly good program, could we email you mrbrdo and get the program?

If you do so, please note that WoWInterface can't be held accountable for any problems you may encounter as a result.

Well, I sent him a PM about it, if it works without hacking me, I'll let you know, well then again you couldn't trust me on account of I might be in league with him or something like that...but if it does...haha I have it and you dont! And if not, I'll wipe WoW and reinstall it and use my recovery question.

EDIT: I got it and I'm loading it now, stupid que wait.

Where can I download the mod.....? :confused:

mrbrdo, as for your question on another forum.

You can create overlay graphics on directx by using the sprite class, or by using your own textured quad and putting the texture/image onto it. If you are using text though it would be easy to use a sprite and then the normal dxfont system to write onto the sprite.

I hope this pans out for you -- and just so you know I'm not saddened to see the file not be accepted here without source, it is an integral part of security and acceptance. But at the same time, from your posts on madshi, what you were trying to do looked harmless enough. But if you understand that some may not be as nice as they seem, you can understand others reluctance to not fully trust and endorse someone they do not know, and that is pushing them patched executables. It's not something that is commonplace without repercussions.

Also, there are applications which are not so much application specific, as much as directx specific.

http://halb.servercamp.de/proggi/Voi...eatures_en.php
Voice Overlay for example does not care about the application, only the video mode.

Why thottbot? Wowhead ftw.