Injection Botting

An injection bot is a type of bot that utilises the RuneScape code itself. It injects itself into the RuneScape client and is able to read the client's code. It makes sense of the code and is able to make choices based on what the code states it will do. This is similar to how we react to what we see on the screen. However, an injection bot does not see the pictures; it sees the computer code that generates the pictures, and can modify that code to be alerted when things happen. By doing this, it can do very complex commands, and typically can be coded to do anything that humans do and act as we do. When combating this type of bot, it must be given a piece of computer code that it has not seen before, or a variation of it that would cause it to hook into the wrong part of the code to receive notifications. When most injection bots mess up, it is often caused by Jagex updating or changing objects in the game. The most successful instance of messing up injection bots was the update introducing ClusterFlutterer. This update disabled most injection and reflection bots by changing where they can access code and putting false code for the bots to read, messing them up and causing the weird behaviour.
Reflection Bots

Reflection bots create a mirror image of the RuneScape applet by accessing the loaded classes and then read the code of the "reflected" copy, without injecting any code. This is considered to be much harder to detect than injection but, if done right, both are completely undetectable. Most bots used both injection and reflection to be able to gather as much data as possible. A custom-engineered game client is used to run the bot, rather than through a web browser with Jagex's official client (as is done with most colour-based bots). This allows the game to be slightly modified, making it listen to fake mouse or key events (thus allowing the bot owner to play other games while using the bot) and to disable direct system access (say: faking runtime information) to mislead Jagex's servers.