Adding detection protections?

[apparentlyallnamestaken]

Not worried with server side heuristic detection. That can be handled in the scripts themselves. More concerned with preventing the exe and its actions client side being detected.

I'm not sure where to start (in the source), but I'm willing to put time into it if you think it's worthwhile. I was thinking along the typical lines of injecting to hide process, using kernel memory read/writes (using a custom driver or exploiting some signed driver). I don't know much about D2's detection methods on the client side, so maybe I'm just barking up the wrong tree. But I figured I'd start here.

[swinkz]

Afaik blizz use several detection methods... memory scan (read/write), system processes scan, user click/move speed and more. If any process runned into system and it e.g. read memory or d2 network packages it can be detected by warden... So remember - it's not only server side. When you modify anything and send it via tcp you can be sure you will get ban very very fast. From client side... it's not that easy too - their detection tools implemented into d2 are rly good. Atm imo most secure is AutoIT and pixel detection mechanism. Lmk if you have any question :) Cya :)

[noah-]

You would need to start in the D2 code. The current client side protection is delivered as an arbitrary binary that is extracted and injected into D2. You can find it by tracing the BNET packet S > C [0x4C] which downloads an mpq file that contains this binary. After the binary is loaded, the client responds via C > S [0x4B]. Note that the binary is designed to avoid standard debugging techniques by executing via TLS callback, obfuscation and encryption.