TOM_RUS
Members-
Posts
164 -
Joined
-
Last visited
Never -
Donations
0.00 GBP
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
TOM_RUS's Achievements
Advanced Member (3/3)
0
Reputation
-
How do I extract the latest *.dbc files' structure
TOM_RUS replied to ptrts's topic in OldGeneral discussion
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-bots-programs/wow-memory-editing/285075-collection-wow-binaries-release-ptr-5.html#post2067796 -
How do I extract the latest *.dbc files' structure
TOM_RUS replied to ptrts's topic in OldGeneral discussion
That's actually structs generated by my IDA script from leaked internal cataclysm alpha build WoW [Release Assertions Enabled] Build 11792 (Apr 1 2010) (as you can see it was build even before 3.3.5 ). There's small differences between structs in 11792 and 12340, but mostly they are same. -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
Have you modified 0x03 warden packet for 2.4.3? It's required step... -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
Blizzard don't have to run whole module on server, they only need single function to generate RC4 encryption seed's and they can compile this function for any platform they want... -
Is is client locale dependent: for enUS/esMX(?) clients use: http://launcher.worldofwarcraft.com/alert and for european clients (notice additional folder for locale): enGB: http://status.wow-europe.com/en/alert deDE: http://status.wow-europe.com/de/alert frFR: http://status.wow-europe.com/fr/alert esES: http://status.wow-europe.com/es/alert ruRU: http://status.wow-europe.com/ru/alert
-
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
That's weird, because header looks correct... http://paste2.org/p/1478703 -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
Yeah, i've re-uploaded 20110427 file and it should be available using old link. -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
Yeah, someone deleted all uploaded files. -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
I've add some test code for Mac, but: - Warden on Mac doesn't support any scanning. - I can't test anything, because I don't have mac. - Mac related code not activated. -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
It scans whole virtual memory, not just exe and dll's. This way you can detect some third party code caves allocated in game process for example. There's also difference between PAGE_CHECK_A and PAGE_CHECK_B: type A scans all memory pages, while B only scans pages that starts with MZ+PE headers (dll's). Server: PAGE_CHECK Hashing bytes: 00B00000355B000000A0 Sending packet 02, size 33: Data: 02 opcode 00 strings B2 PAGE_CHECK_A 19E8E264 seed 7DAE3A9E2EFC509E0086F32C8F19CDC4FB2DC3BF hash 00000000 offset 0A size 00 xor Client: Handled: 33 VirtualQuery(0x00010000) = 0x0000001C VirtualQuery(0x00020000) = 0x0000001C VirtualQuery(0x00030000) = 0x0000001C VirtualQuery(0x00040000) = 0x0000001C VirtualQuery(0x00050000) = 0x0000001C VirtualQuery(0x00060000) = 0x0000001C VirtualQuery(0x00070000) = 0x0000001C VirtualQuery(0x00080000) = 0x0000001C VirtualQuery(0x00090000) = 0x0000001C VirtualQuery(0x00100000) = 0x0000001C VirtualQuery(0x00110000) = 0x0000001C VirtualQuery(0x00120000) = 0x0000001C VirtualQuery(0x00130000) = 0x0000001C VirtualQuery(0x00140000) = 0x0000001C VirtualQuery(0x00170000) = 0x0000001C VirtualQuery(0x00180000) = 0x0000001C VirtualQuery(0x00190000) = 0x0000001C VirtualQuery(0x001A0000) = 0x0000001C VirtualQuery(0x001B0000) = 0x0000001C VirtualQuery(0x001C0000) = 0x0000001C VirtualQuery(0x001D0000) = 0x0000001C VirtualQuery(0x001E0000) = 0x0000001C VirtualQuery(0x001F0000) = 0x0000001C VirtualQuery(0x00227000) = 0x0000001C VirtualQuery(0x00229000) = 0x0000001C VirtualQuery(0x00230000) = 0x0000001C VirtualQuery(0x00269000) = 0x0000001C VirtualQuery(0x0026C000) = 0x0000001C VirtualQuery(0x00270000) = 0x0000001C VirtualQuery(0x00280000) = 0x0000001C VirtualQuery(0x00290000) = 0x0000001C VirtualQuery(0x002A0000) = 0x0000001C VirtualQuery(0x002D0000) = 0x0000001C VirtualQuery(0x002E0000) = 0x0000001C VirtualQuery(0x002E1000) = 0x0000001C VirtualQuery(0x003D6000) = 0x0000001C VirtualQuery(0x003D8000) = 0x0000001C VirtualQuery(0x003E0000) = 0x0000001C VirtualQuery(0x003F0000) = 0x0000001C VirtualQuery(0x00400000) = 0x0000001C VirtualQuery(0x00410000) = 0x0000001C VirtualQuery(0x00449000) = 0x0000001C VirtualQuery(0x0044C000) = 0x0000001C VirtualQuery(0x00450000) = 0x0000001C VirtualQuery(0x00460000) = 0x0000001C VirtualQuery(0x00470000) = 0x0000001C VirtualQuery(0x00480000) = 0x0000001C VirtualQuery(0x00490000) = 0x0000001C VirtualQuery(0x004C9000) = 0x0000001C VirtualQuery(0x004CC000) = 0x0000001C VirtualQuery(0x004D0000) = 0x0000001C VirtualQuery(0x004E0000) = 0x0000001C VirtualQuery(0x004F0000) = 0x0000001C Data(0x008EE1CC, 0x00000008) = 02 opcode 0100 size D6097373 checksum 4A result = cheat found -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
Dear TOM_RUS if you're interested, please tell where you can send the cheats that do not catch warden. To pm on here you do not answer I'm not interested in cheats analysis. It's may take a lot of time. I have different things to do... Detection of memory writes to dynamic player structures is possible, but it's not implemented. -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
You can create new signatures, but you need to analyze how that cheat work (writing memory at some address, injecting dll etc) first... -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
That explains a lot of things If I put timeout kicks under effect of kick config, can it result any error? One more short notice, logging is a bit too detailed, I should have to buy a new hdd after a week of usage I've fixed bug with timeout kicks ignoring config. You can comment out some of logging if you don't need it... It's there mostly for debugging purposes. -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
Even if there's any disconnection issues, it's not caused by windows firewall... I never had any random disconnects. Also, kick option is ignored at client response timeout, so it may disconnect client that not sent warden response in given time (1.5 minutes). -
Warden - The definitive anti-cheat system
TOM_RUS replied to Auntie Mangos's topic in OldCore modifications
(403, 243, '', '', 4609675, 5, '5E5DC20800', NULL), this address is in code section and can't be modified without third-party programs .text:0046568B 5E pop esi .text:0046568C 5D pop ebp .text:0046568D C2 08 00 retn 8 (438, 243, '', '', 11287980, 8, '04000000903C9F00', NULL) this address is in data section and has default value: FFFFFFFF903C9F00 .data:00AC3DAC FF FF FF FF dword_AC3DAC dd 0FFFFFFFFh ; DATA XREF: sub_4D80C0+5r .data:00AC3DB0 90 3C 9F 00 dd offset aCharacterattac ; "CharacterAttachment" There's a 2 legit memory writes in client, that may change first 4 bytes (FFFFFFFF) at this address. So it indeed may fail on server side. .text:004D80E2 A3 AC 3D AC 00 mov dword_AC3DAC, eax // eax value may vary based on login state (0...17) .text:004D8AA5 89 0D AC 3D AC+ mov dword_AC3DAC, ecx // ecx = -1 Mac clients not supported, and probably never will, because I need physical access to mac book, which I don't have.
Contact Us
You can also email us at [email protected]
Privacy Policy | Terms & Conditions
This website is in no way associated with or endorsed by Blizzard Entertainment®