Warden

[ProAlex]

please give a patch for this

This is not a patch. This is a dll module with c# code. Source code was relesed, but I have many errors while compile this. May be someone relese source code as visual studio project? Thanks.

[doba]

Error 1 The type or namespace name 'PlainPacket' could not be found (are you missing a using directive or an assembly reference?)

How to fix this error? I compile source code with Visual Studio c# (class library). Please help.

Same error here.

[ProAlex]

TOM_RUS port your c++ to c# more correctly .

[LexManos]

Seriously guys?

Do any of you actually know anything about C++/C#?

Tom_Rus has done a great job expanding on what I posted. And I doubt he will ever post a patch for mangos to add warden support nativly.

I'm kinda curious why the main dev team hasn't given an official ya/nay on this.

But I'm kinda disappointed that nothing has come out of this. I have it in my to-do to re-write my Warden library, and I may post more information and cleaner code after that. Because in my few re-writes of my code I've found a lot better ways to do a lot of the stuff.

Anyways, PowerPC versions of WoW and other games DO support Warden, but yes, IIRC they use a different set of modules because they are different architectures. But basically, functionality wise, they are the exact same.

Anyways, if anyone actually gives a crap about warden, and wants to actually work on it and not just ask for code. Feel free to PM me if you have any questions, it sends me an email and I keep forgetting to check this place.

[ProAlex]

All understand. Now use the c version.

[kynox]

http://pastie.org/private/ow7wr6gxdvcyxkio6xnolw

Job done.

[zhenya``]

try to implement it in mangos

2kynox: i have some work on warden. may be irc,icq,skype?

[zhenya``]

where i can download modules? link http://cpanel-01.kyvon.com/suspended.page/?q=warden is broken

[zhenya`]

warden 2 is comming ;( please close this thread, because it will outday at update 3.3.5

[Patman128]

warden 2 is comming ;( please close this thread, because it will outday at update 3.3.5

There are still a 1.12 and 2.4.3 branch of mangos in case you didn't notice.

[LexManos]

Hey guys Figured i'd drop my head back in here. It appears my old Warden thread has disappeared. No worries. Just curious if anyone has a dump of any of the 'new' 'Warden 2.0' modules they would be willing to give me. Figured i'd take a crack at seeing what they did.

I got a hold of one of the mac modules, and honestly.. nothing much significant there, they just implemented stuff that was already in windows.

I have some time on my hands, i couldn't find any details about what has changed, and i'm bored. So I figured i'd ask.

[TOM_RUS]

Warden 2.0 is a lie.

[LexManos]

Well, from what i've seen 'Warden 2.0' (aside from being a gimmicky name some noobs made up) is simply Warden for Mac. Cuz IIRC warden was just a stub with minimal functionality for Mac.

I am still interested in seeing a current module.

Also, why the HELL couldn't I find this thread when I was looking for it?

Seriously, my profile -> Fime Threads Started By -> Nothing...

[tehmarto]

Hi,

I'm back at this interesting code with more knowledge about this thing than i had last time . I am stuck at the 0x05 opcode and its response. Can someone please help me? How the client generates the hash? What is this module specific hash? How can I get it? I'm completely stuck at this 0x05 and 0x04 opcode.

Thanks.

[alexluana]

bump

any news Tom_Rus?

With respect,

Axel

[tehmarto]

I don't seem to find any maiev.mod. Is it removed on 3.3.5? Perhaps its replaced with scan.dll in wow folder, scan.dll does some cheat scanning too from what I see.

Edit: Well now I see that scan.dll is not related to warden.

[Patman128]

I don't seem to find any maiev.mod. Is it removed on 3.3.5?

Where did you look?

[zhenya`]

Hi,

I'm back at this interesting code with more knowledge about this thing than i had last time . I am stuck at the 0x05 opcode and its response. Can someone please help me? How the client generates the hash? What is this module specific hash? How can I get it? I'm completely stuck at this 0x05 and 0x04 opcode.

Thanks.

You can implement warden with 1 module or collect modules with keys. Function in every module different from another.

you can get new rc4 keys from client memory;) and on this way you can avoid ModuleSpecificHash(..)

[tehmarto]

You can implement warden with 1 module or collect modules with keys. Function in every module different from another.

you can get new rc4 keys from client memory;) and on this way you can avoid ModuleSpecificHash(..)

That is very good idea about getting the rc4 keys from memory, but that way I would have to use only one module with sending the same seed in 0x05. Defenetly gonna try that. Anyways I find maiev.mod string in battle.net.dll but wow runs and responses to warden packets without battle.net.dll, and I deleted cache too. Anyone can tell me how to get maiev.mod?

Thanks.

Where did you look?

I looked in wow.exe by searching for strings maiev.mod and also putted breakpoints on every loadlibrary functions and didn't see it loading maiev.mod or battle.net.dll.

[tehmarto]

Seem to got it right after all except when I send the cheat checks that way:

       buffer_add_int8(buf, CHEAT_CHECKS);
       buffer_add_int8(buf, 0);
       buffer_add_int8(buf, warden_str->MEM_CHECK ^ warden_str->out_key[0]);
       buffer_add_int8(buf, 0);
       buffer_add_int32(buf, 0x00ADA378);
       buffer_add_int8(buf, 4);
       buffer_add_int8(buf, warden_str->out_key[0]);

It responds the same value no matter what offset I send and after that it stops responding to my memory cheat checks.

[TOM_RUS]

That is very good idea about getting the rc4 keys from memory, but that way I would have to use only one module with sending the same seed in 0x05. Defenetly gonna try that. Anyways I find maiev.mod string in battle.net.dll but wow runs and responses to warden packets without battle.net.dll, and I deleted cache too. Anyone can tell me how to get maiev.mod?

Thanks.

I looked in wow.exe by searching for strings maiev.mod and also putted breakpoints on every loadlibrary functions and didn't see it loading maiev.mod or battle.net.dll.

maiev.mod string is encrypted in wow.exe...

[tehmarto]

maiev.mod string is encrypted in wow.exe...

But how it loads maiev.mod? I putted breakpoints on every loadlibrary and I didn't see it loading maiev.mod.

[TOM_RUS]

But how it loads maiev.mod? I putted breakpoints on every loadlibrary and I didn't see it loading maiev.mod.

That module isn't actual module, it's part of wow.exe and all stuff called directly.

[alexluana]

That module isn't actual module, it's part of wow.exe and all stuff called directly.

are u tom_rus working on this?

With respect,

Axel

[tehmarto]

Hi,

Very nice thread, I've done wall climb cheat detection. But I am wondering how offi detects if movement speed value been edited. I looked at persed sniffs that tom_rus posted and looks like it scans only offsets with start with 0x0 or 0x00. From this I see that it scans only static offset - movement speed offset is not static, when i scan with memory scanner, speed is located at different place always. So to find what address is speed located at through warden so I can scan that offset, I need to do the following:

Send packet that scans the static offset - player base (0x00CD87A8 at 3.3.5a)

Handle the response packet and send another offset check that is the "playerBase" offset response + 0x34

Handle the response packet again and send the value from response + 0x24

Handle again packet and send the response value + the movement speed offset

And now I got the movement speed offset and check the movement speed value. From what I see offi got faster way to scan for speed hacks. Can anyone give me a hint how they do it?

Thanks again.