Jump to content

Warden - The definitive anti-cheat system

Auntie Mangos

By Auntie Mangos
in OldCore modifications

 Share

Recommended Posts

  • Replies 286
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Tassader2 Advanced Member

Tassader2

Posted
Posted
And what do you think MEM_CHECK is for? I'm not sure what you're definition of "modify the client" is, but if it's screwing with WoW's data I would most certainly call that modifying the client.

It may check only the code, not data (as data that are dynamic probably can't be digitally signed) - like run speed that's just a variable in memory, that may change every now and then.

But I don't know - that's why I was asking ;-)

Link to comment
Share on other sites
Patman128 Advanced Member

Patman128

Posted
Posted
And what do you think MEM_CHECK is for? I'm not sure what you're definition of "modify the client" is, but if it's screwing with WoW's data I would most certainly call that modifying the client.

It may check only the code, not data (as data that are dynamic probably can't be digitally signed) - like run speed that's just a variable in memory, that may change every now and then.

But I don't know - that's why I was asking ;-)

Well, presumably since it's in the same memory space it should be able to check it. But it might have to change depending on what the data should be. So maybe there's more involved then just sending cheat checks.

Link to comment
Share on other sites
  • 2 weeks later...
Sephiroth1983 Advanced Member

Sephiroth1983

Posted
Posted
Hi TOM_RUS, firstly BIG thanks for amazing work.

I am testing on local, and i have questions, my gm account continue been banned by warden without any third program...

Here examples of this bans

2011-06-29 06:09:31 RESULT PAGE_CHECK fail, CheckId 800 account Id 5

2011-06-29 06:36:40 RESULT PAGE_CHECK fail, CheckId 261 account Id 7

2011-06-29 06:36:40 RESULT PAGE_CHECK fail, CheckId 88 account Id 7

2011-06-29 06:36:42 RESULT PAGE_CHECK fail, CheckId 261 account Id 5

2011-06-29 15:45:56 RESULT PAGE_CHECK fail, CheckId 799 account Id 5

2011-06-29 15:56:00 RESULT PAGE_CHECK fail, CheckId 799 account Id 5

2011-06-29 16:17:59 RESULT PAGE_CHECK fail, CheckId 261 account Id 5

2011-06-29 18:53:57 RESULT PAGE_CHECK fail, CheckId 88 account Id 5

2011-06-30 00:48:43 RESULT PAGE_CHECK fail, CheckId 261 account Id 5

2011-06-30 03:19:02 RESULT PAGE_CHECK fail, CheckId 799 account Id 5

2011-06-30 03:53:15 RESULT PAGE_CHECK fail, CheckId 134 account Id 5

2011-06-30 04:36:18 RESULT PAGE_CHECK fail, CheckId 261 account Id 11

2011-06-30 17:12:57 RESULT PAGE_CHECK fail, CheckId 782 account Id 11

2011-06-30 17:58:36 RESULT PAGE_CHECK fail, CheckId 88 account Id 11

Thanks for any reply man

There are false positives indeed. A friend of mine told me warden is banning for having Ati Tray Tools opened, which only changes Anti Aliasing and other graphic stuff.

This quite screws up everything if not fixed. Checks that found Ati Tray Tools as cheat are page ckecks with id 88, 261 and 783 (with `address` = 174688 AND `length` = 37)

Link to comment
Share on other sites
kerhng Member

kerhng

Posted
Posted 
INSERT INTO `warden_data_result` (`check`, `data`, `str`, `address`, `length`, `result`, `comment`) VALUES
(243, '', '', 5345728, 2, '558B', NULL);

For LUA Protected function usage client side (this is the most common address to modify for it)

Link to comment
Share on other sites
leak Advanced Member

leak

Posted
Posted

On a server with a few hundred players there are some that exceed the maximum client response delay (90sec default) even though they still seem to be connected and their latency is fine. The number of people failing the max response delay is much bigger than those who fail actual checks, that seems a bit odd.

Anyone an idea what that is all about?

Link to comment
Share on other sites
Tassader2 Advanced Member

Tassader2

Posted
Posted

There are some dupes in SQL data (TOM_RUS version)

SELECT MAX( id ) 
FROM`warden_data_result` 
GROUP BY address, length, data, result
HAVING count(*)>1
ORDER BY MAX( id )ASC; 

DELETE FROM `warden_data_result` WHERE id IN 
(385,450,473,476,477,482,483,484,488,497,554,569,617,626,652,655,667,694,747,758,763,765,791);

Link to comment
Share on other sites
lillecarl Advanced Member

lillecarl

Posted
Posted
Why is wardend external and not a part of mangosd? Sucks to use wine imo.....

It needs to be able to run Windows binaries (Warden modules).

Heh, this has been in my head ever since you posted it... And i cannot understand how it must run the modules on the server? doesn't the server just throw them away to the clients and receive data? I mean i hardly think blizzard is running Windows servers for WoW, i mean they must have some kind of unix systems

Sorry for might being rude questioning you but it has been so bothering i have been thinking on it alot :S

- LilleCarl

Link to comment
Share on other sites
tyrael Advanced Member

tyrael

Posted
Posted

I believe that the purpose of mangos and especially of this patch is not to standardize the server only for unix...but for all platforms!... And blizz use unix servers only for speed, safety, low resources.... addion to this they use like 2 servers for 1 realm... 1 is server with realmd in our case only with accounts... and the other one is the world...

Link to comment
Share on other sites
lillecarl Advanced Member

lillecarl

Posted
Posted

That is false, the world is divided into instance servers, bg servers.. And i think each big map got its own server, anyways warden is only Windows atm so your answer did not clearify anything, i asked why warden were Windows only;) MaNGOS is built completly platform indepentent, so if warden is going into mangos main some time ut must be independent of platform(i apologise for my spelling, using my iphone atm)

Link to comment
Share on other sites
Wojta Advanced Member

Wojta

Posted
Posted

Well, I guess blizz has source code of warden since its their creation, so they can compile it for whatever they like. And they do not need to load it, neo2003 is loading the modules because its the easiest way to get hash/crypted something - forgot what already, but tom_rus explained it here a few posts ago - i think blizz is doing it entirely different way.

Link to comment
Share on other sites
lillecarl Advanced Member

lillecarl

Posted
Posted

But i do not understand, if the modules has to be run on the server, then their warden cannot be unix compiled, or its compiled platform independent or something, i see no reality in how you have to run windows modules on the server when only the client is windows and the server for sure is some kind of *nix platform i mean seriously? You must get my idea, the modules cannot be windows only if they are going to run on the blizz servers, and if blizzard aint running them on the server, then mangos wardend does not have to run them either, this problem must be solved to get warden into mangos/master

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use