Bloog

Interesting, I hadn't considered that. So I suppose the next thing to do would be to get it to "pass" Thanks again Olion!

Thanks Olion. Any idea specifically how it works? I'm playing around trying to add scans of type LUA_STRING_CHECK and my test client fails the check no matter what I use.

Hi all, I'm experimenting with Warden on a local Mangos Zero install, trying to figure out how Warden's LUA_STR_CHECK works. No matter what value I use for "str", the check seems to fail. Here's an example: I'm connecting to the server with just a normal unmodified client. Does anybody know how this Warden check works? What does it actually do on the client side? And how is it normally used? Thanks!

@Olion - thanks so much for the reply. You were right, the module name needed to be uppercase (LOADER.DLL instead of Loader.dll). Once I changed that, the warden check fails. I think what threw me off was that the data seeded into the warden table has 2 records with uppercase names, and 2 with lowercase names. If the lowercase names don't work, it may be worth removing them from the seeded data: (955,166,5875,217,'','tamia.dll',0,0,'','Tamia hack'), (978,189,5875,217,'','speedhack-i386.dll',0,0,'','CheatEngine'), Also might be worth updating the documentation to note this - I couldn't see it anywhere. Thanks again, really appreciate it!

Hi everyone! I'm playing around with my local Mangos Zero installation, and I'm trying to test that Warden's MODULE_CHECK is working. I'm at looking at the documentation here which shows me that type 217 is used for MODULE_CHECK. Next, I looked at a record seeded into the warden table for an example. Like this one: (1557,768,5875,217,'','RPE.DLL',0,0,'','rEdoX Packet Editor - injected dll') So, using that as an example, I added this record into the warden table: Then I wrote a dummy Loader.dll and injected it into the WoW.exe process, and connected to my server. Using ProcessExplorer, you can clearly see the module is loaded into the process: But when I connect to the server, my client still passes the Warden module scan: Is it possible I'm doing something wrong? The record I added to check for Loader.dll looks exactly the same as the example seeded into the database. I'd appreciate any help identifying the problem. Thanks so much