Warden - The definitive anti-cheat system

[Tassader2]

I don't think Tom_Rus intented to be rude by posting his 2010 version. The versions were fairly different, with dinstict approaches. Unluckily one approach is far better than the previous only because of structure, since it's more viable. Your version, Neo, was very good in ideas, coding and progress, so you don't need to feel bad for how the situation in this thread evolved.

I personally like the Neo2003's version more, both the code and the DB layout, but the neccessity to be able to run win32 code is fatal weakness. That could be avoided by using (few) pre-generated seeds and keys for each module, stored in db.

[SignFinder]

I don't think Tom_Rus intented to be rude by posting his 2010 version. The versions were fairly different, with dinstict approaches. Unluckily one approach is far better than the previous only because of structure, since it's more viable. Your version, Neo, was very good in ideas, coding and progress, so you don't need to feel bad for how the situation in this thread evolved.

I personally like the Neo2003's version more, both the code and the DB layout, but the neccessity to be able to run win32 code is fatal weakness. That could be avoided by using (few) pre-generated seeds and keys for each module, stored in db.

why fatal?

wardend very stable work with wine

[lillecarl]

I don't think Tom_Rus intented to be rude by posting his 2010 version. The versions were fairly different, with dinstict approaches. Unluckily one approach is far better than the previous only because of structure, since it's more viable. Your version, Neo, was very good in ideas, coding and progress, so you don't need to feel bad for how the situation in this thread evolved.

I personally like the Neo2003's version more, both the code and the DB layout, but the neccessity to be able to run win32 code is fatal weakness. That could be avoided by using (few) pre-generated seeds and keys for each module, stored in db.

why fatal?

wardend very stable work with wine

Because that means you have to run it trough wine on linux, and that is a bitch... Its great for Windows

- LilleCarl

[Midna]

Ok, I got the TOM_RUS version working on Oregoncore(2.4.3), post is on thier forum.

However, I've only got one MEM_CHECK so far:

INSERT INTO `warden_data_result` (`id`, `check`, `data`, `str`, `address`, `length`, `result`, `comment`) VALUES
(803, 243, '', '', 4840352, 2, '558B', NULL);

This is for the Lua protection disabler posted earlier.

The provided PAGE_CHECKS/DRIVER_CHECKS seem to work fine afaik, no false positives yet.

Right now i'm interrested in how to get the adresses for the most populair hacks on 2.4.3 like wowemuhacker and similair hacks, I don't have enough experience to dissemble them myself so basicly im asking if somome is interested in doing this, already has the addresses, or could explain me where I should look, I got a bit of experience with dissambling.

-Midna

[Midna]

Ok, I might have found an easier way to find out the adresses, with a program called TrainerSpy.

It hooks the WinAPI WriteProcessMemory call, and you can get the modified adresses this way.

The problem however, some hacks seem to have some kind of protection against this, in the way that they spam useless(?) WriteProcessMemory calls.

So The program works, but its a bit shitty to find out which adresses are the ones your looking for.

Another problem is, the program cant hook the api on 64-bit systems. I used VMware to get around this.

Heres the program:

http://www.mediafire.com/?4z6gm3fycggqs7l

If your interested in this project, please help me find the right addresses and ill try to find the correct non-eddited value's and start filling the warden database.

This might also help you guys here with 3.3.5a just though i'd share this.

This little tool helped me create 3 checks for 2.4.3(More to come).

[nanounico]

I don't understand, why for linux is necessary use the warden with Wine?

[Patman128]

I know this is an old topic, but I have a question for the people more familiar with Warden:

If the modules are signed, and we can disassemble the client to see how it inspects the signatures, can't we figure out how to sign them ourselves? Or is there a mechanism that prevents us from doing so? (I'm thinking key pairs)

Just wondering for 1.12 reasons, since it seems to be impossible to find a real 1.12 module, let alone a Mac one.

[tyrael]

neo do u still live? are u dead?

[lillecarl]

neo do u still live? are u dead?

It was a long time since he left... TOM_RUS is managing this now

[tyrael]

pfff... lillecarl do u know witch devs are still active? or working behind the scene?

[momeni61]

Pleas someone write a step by step installation guide.

there is no helpful guide in the topic or download package included.

- Linux

- Windows

[Princess]

hi guys, I'm using warden but I don't know what means all logs in my BD. Is this 100% sure? Is there any guide to explain witch hack type is each one?