Unpacked The Warden < menu

User Tag List

Page 1 of 4 1234 LastLast
Results 1 to 15 of 46
  1. #1
    zhPaul's Avatar Active Member
    Reputation
    55
    Join Date
    Aug 2006
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unpacked The Warden <

    Hey all,

    Well i was tinkering around with warden and its scanning functions and i managed to unpack it and learn what API's it uses. Here are the enumerated DLLs which it uses functions from. I will highlight in RED what some if not all of the important functions are for how warden detects your cheating. (might be a lot of text but you can skim to the red color)

    I'll be coding a little app/dll that will load with WoW when the game is launched that will turn off wardens functions completely. I'm contemplating releasing it here to the public but then blizz will just patch my method way too fast. I'll discuss it with the admins of this board before i release anything.

    (code included, if you don't know what these functions do don't ask)
    KERNEL32.dll
    ------------

    Code:
    function ReadProcessMemory(hProcess: THandle; const lpBaseAddress: Pointer;
          lpBuffer: Pointer; nSize: DWORD; var lpNumberOfBytesRead: DWORD): BOOL;
          stdcall; external 'kernel32.dll' name 'ReadProcessMemory' index 577; 
    
    function OpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL;
          dwProcessId: DWORD): THandle; stdcall;
          external 'kernel32.dll' name 'OpenProcess' index 530; 
    
    function GetVersionEx(var lpVersionInformation: TOSVersionInfo): BOOL;
          stdcall; external 'kernel32.dll' name 'GetVersionExA' index 400; 
    
    function CreateToolhelp32Snapshot(dwFlags, th32ProcessID: DWORD): THandle;
          stdcall;
          external 'kernel32.dll' name 'CreateToolhelp32Snapshot' index 81; 
    
    function LCMapStringW(Locale: LCID; dwMapFlags: DWORD; lpSrcStr: PWideChar;
          cchSrc: Integer; lpDestStr: PWideChar; cchDest: Integer): Integer;
          stdcall; external 'kernel32.dll' name 'LCMapStringW' index 478; 
    
    function Process32First(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;
          stdcall; external 'kernel32.dll' name 'Process32First' index 546; 
    
    function Process32Next(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;
          stdcall; external 'kernel32.dll' name 'Process32Next' index 548; 
    
    function GetCurrentProcess: THandle; stdcall;
          external 'kernel32.dll' name 'GetCurrentProcess' index 266; 
    
    function GetLastError: DWORD; stdcall;
          external 'kernel32.dll' name 'GetLastError' index 302; 
    
    function CloseHandle(hObject: THandle): BOOL; stdcall;
          external 'kernel32.dll' name 'CloseHandle' index 31; 
    
    function GetCurrentThreadId: DWORD; stdcall;
          external 'kernel32.dll' name 'GetCurrentThreadId' index 269; 
    
    function GetCommandLine: PAnsiChar; stdcall;
          external 'kernel32.dll' name 'GetCommandLineA' index 219; 
    
    function HeapFree(hHeap: THandle; dwFlags: DWORD; lpMem: Pointer): BOOL;
          stdcall; external 'kernel32.dll' name 'HeapFree' index 443; 
    
    function HeapAlloc(hHeap: THandle; dwFlags, dwBytes: DWORD): Pointer; stdcall;
          external 'kernel32.dll' name 'HeapAlloc' index 437; 
    
    function GetProcessHeap: THandle; stdcall;
          external 'kernel32.dll' name 'GetProcessHeap' index 342; 
    
    function TerminateProcess(hProcess: THandle; uExitCode: UINT): BOOL; stdcall;
          external 'kernel32.dll' name 'TerminateProcess' index 716; 
    
    function UnhandledExceptionFilter(const ExceptionInfo: TExceptionPointers):
          Longint; stdcall;
          external 'kernel32.dll' name 'UnhandledExceptionFilter' index 732; 
    
    function SetUnhandledExceptionFilter(lpTopLevelExceptionFilter:
          TFNTopLevelExceptionFilter): TFNTopLevelExceptionFilter; stdcall;
          external 'kernel32.dll' name 'SetUnhandledExceptionFilter' index 697; 
    
    IsDebuggerPresent()
    
    function GetProcAddress(hModule: HMODULE; lpProcName: LPCSTR): FARPROC;
          stdcall; external 'kernel32.dll' name 'GetProcAddress' index 340; 
    
    function GetModuleHandle(lpModuleName: PAnsiChar): HMODULE; stdcall;
          external 'kernel32.dll' name 'GetModuleHandleA' index 315; 
    
    procedure ExitProcess(uExitCode: UINT); stdcall;
          external 'kernel32.dll' name 'ExitProcess' index 141; 
    
    function TlsGetValue(dwTlsIndex: DWORD): Pointer; stdcall;
          external 'kernel32.dll' name 'TlsGetValue' index 723; 
    
    function TlsAlloc: DWORD; stdcall;
          external 'kernel32.dll' name 'TlsAlloc' index 721; 
    
    function TlsSetValue(dwTlsIndex: DWORD; lpTlsValue: Pointer): BOOL; stdcall;
          external 'kernel32.dll' name 'TlsSetValue' index 724; 
    
    function TlsFree(dwTlsIndex: DWORD): BOOL; stdcall;
          external 'kernel32.dll' name 'TlsFree' index 722; 
    
    function InterlockedIncrement(var Addend: Integer): Integer; stdcall;
          external 'kernel32.dll' name 'InterlockedIncrement' index 460; 
    
    procedure SetLastError(dwErrCode: DWORD); stdcall;
          external 'kernel32.dll' name 'SetLastError' index 669; 
    
    function InterlockedDecrement(var Addend: Integer): Integer; stdcall;
          external 'kernel32.dll' name 'InterlockedDecrement' index 457; 
    
    procedure Sleep(dwMilliseconds: DWORD); stdcall;
          external 'kernel32.dll' name 'Sleep' index 708; 
    
    function SetHandleCount(uNumber: UINT): UINT; stdcall;
          external 'kernel32.dll' name 'SetHandleCount' index 665; 
    
    function GetStdHandle(nStdHandle: DWORD): THandle; stdcall;
          external 'kernel32.dll' name 'GetStdHandle' index 361; 
    
    function GetFileType(hFile: THandle): DWORD; stdcall;
          external 'kernel32.dll' name 'GetFileType' index 297; 
    
    procedure GetStartupInfo(var lpStartupInfo: TStartupInfo); stdcall;
          external 'kernel32.dll' name 'GetStartupInfoA' index 359; 
    
    procedure DeleteCriticalSection(var lpCriticalSection: TRTLCriticalSection);
          stdcall; external 'kernel32.dll' name 'DeleteCriticalSection' index 91; 
    
    function GetModuleFileName(hModule: HINST; lpFilename: PAnsiChar;
          nSize: DWORD): DWORD; stdcall;
          external 'kernel32.dll' name 'GetModuleFileNameA' index 313; 
    
    function FreeEnvironmentStrings(p1: PAnsiChar): BOOL; stdcall;
          external 'kernel32.dll' name 'FreeEnvironmentStringsA' index 194; 
    
    GetEnvironmentStrings()
    
    function FreeEnvironmentStringsW(p1: PWideChar): BOOL; stdcall;
          external 'kernel32.dll' name 'FreeEnvironmentStringsW' index 195; 
    
    function WideCharToMultiByte(CodePage: UINT; dwFlags: DWORD;
          lpWideCharStr: LPWSTR; cchWideChar: Integer; lpMultiByteStr: LPSTR;
          cchMultiByte: Integer; lpDefaultChar: LPCSTR;
          lpUsedDefaultChar: PBOOL): Integer; stdcall;
          external 'kernel32.dll' name 'WideCharToMultiByte' index 770; 
    
    function GetEnvironmentStringsW: PWideChar; stdcall;
          external 'kernel32.dll' name 'GetEnvironmentStringsW' index 284; 
    
    function HeapDestroy(hHeap: THandle): BOOL; stdcall;
          external 'kernel32.dll' name 'HeapDestroy' index 441; 
    
    function HeapCreate(flOptions, dwInitialSize, dwMaximumSize: DWORD): THandle;
          stdcall; external 'kernel32.dll' name 'HeapCreate' index 439; 
    
    function VirtualFree(lpAddress: Pointer; dwSize, dwFreeType: DWORD): BOOL;
          stdcall; external 'kernel32.dll' name 'VirtualFree' index 754; 
    
    function QueryPerformanceCounter(var lpPerformanceCount: TLargeInteger): BOOL;
          stdcall;
          external 'kernel32.dll' name 'QueryPerformanceCounter' index 556; 
    
    function GetTickCount: DWORD; stdcall;
          external 'kernel32.dll' name 'GetTickCount' index 391; 
    
    function GetCurrentProcessId: DWORD; stdcall;
          external 'kernel32.dll' name 'GetCurrentProcessId' index 267; 
    
    procedure GetSystemTimeAsFileTime(var lpSystemTimeAsFileTime: TFileTime);
          stdcall;
          external 'kernel32.dll' name 'GetSystemTimeAsFileTime' index 375; 
    
    procedure LeaveCriticalSection(var lpCriticalSection: TRTLCriticalSection);
          stdcall; external 'kernel32.dll' name 'LeaveCriticalSection' index 479; 
    
    procedure EnterCriticalSection(var lpCriticalSection: TRTLCriticalSection);
          stdcall; external 'kernel32.dll' name 'EnterCriticalSection' index 112; 
    
    function VirtualAlloc(lpvAddress: Pointer; dwSize, flAllocationType,
          flProtect: DWORD): Pointer; stdcall;
          external 'kernel32.dll' name 'VirtualAlloc' index 751; 
    
    function HeapReAlloc(hHeap: THandle; dwFlags: DWORD; lpMem: Pointer;
          dwBytes: DWORD): Pointer; stdcall;
          external 'kernel32.dll' name 'HeapReAlloc' index 446; 
    
    function HeapSize(hHeap: THandle; dwFlags: DWORD; lpMem: Pointer): DWORD;
          stdcall; external 'kernel32.dll' name 'HeapSize' index 447; 
    
    function WriteFile(hFile: THandle; const Buffer; nNumberOfBytesToWrite: DWORD;
          var lpNumberOfBytesWritten: DWORD; lpOverlapped: POverlapped): BOOL;
          stdcall; external 'kernel32.dll' name 'WriteFile' index 783; 
    
    function LoadLibrary(lpLibFileName: PAnsiChar): HMODULE; stdcall;
          external 'kernel32.dll' name 'LoadLibraryA' index 480; 
    
    procedure InitializeCriticalSection(var lpCriticalSection:
          TRTLCriticalSection); stdcall;
          external 'kernel32.dll' name 'InitializeCriticalSection' index 454; 
    
    function GetCPInfo(CodePage: UINT; var lpCPInfo: TCPInfo): BOOL; stdcall;
          external 'kernel32.dll' name 'GetCPInfo' index 208; 
    
    function GetACP: UINT; stdcall;
          external 'kernel32.dll' name 'GetACP' index 202; 
    
    function GetOEMCP: UINT; stdcall;
          external 'kernel32.dll' name 'GetOEMCP' index 327;
    ADVAPI32.dll // few things here, but not important <

    USER32.dll

    ----------

    Code:
    function GetWindowTextW(hWnd: HWND; lpString: PWideChar;
          nMaxCount: Integer): Integer; stdcall;
          external 'user32.dll' name 'GetWindowTextW' index 358; 
    
    function GetWindowText(hWnd: HWND; lpString: PAnsiChar;
          nMaxCount: Integer): Integer; stdcall;
          external 'user32.dll' name 'GetWindowTextA' index 355; 
    
    function EnumWindows(lpEnumFunc: TFNWndEnumProc; lParam: LPARAM): BOOL;
          stdcall; external 'user32.dll' name 'EnumWindows' index 211;

    Unpacked The Warden &lt;
  2. #2
    afiwarlord's Avatar Active Member
    Reputation
    77
    Join Date
    May 2006
    Posts
    474
    Thanks G/R
    0/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    holy **** dude. /bow /praise

  3. #3
    LightWave's Avatar Contributor
    Reputation
    202
    Join Date
    May 2006
    Posts
    410
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    Great post man +rep for u

  4. #4
    Relz's Avatar Feed the trolls
    Reputation
    429
    Join Date
    May 2006
    Posts
    2,124
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    awesome, i am REALLY looking forward to the "warden killer" app =P anyways +rep
    "Step right up and shake hands with the devil"

  5. #5
    zhPaul's Avatar Active Member
    Reputation
    55
    Join Date
    Aug 2006
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    I need some people to help me with some testing, feel free to add my msn. [email protected] to help me with testing you must be a contributor or above.

  6. #6
    LightWave's Avatar Contributor
    Reputation
    202
    Join Date
    May 2006
    Posts
    410
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    As in testing what u mean ? cuz im not going to put my account up for ban lmao so ya if there is any way to test besides that im down to test

  7. #7
    Lyvan's Avatar Member
    Reputation
    1
    Join Date
    Jul 2006
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    I'm not in to hacks, but there is something called trial accounts for you...needs.

  8. #8
    Relz's Avatar Feed the trolls
    Reputation
    429
    Join Date
    May 2006
    Posts
    2,124
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    ill help if its not a 50+% chance of being banned. im starting school soon so i wont be playing WoW much but id still like to have an account for the weekends/breaks.
    ps: hacks ftw
    "Step right up and shake hands with the devil"

  9. #9
    zhPaul's Avatar Active Member
    Reputation
    55
    Join Date
    Aug 2006
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    Originally Posted by Lyvan
    I'm not in to hacks, but there is something called trial accounts for you...needs.
    Lol yea, i was looking around for my guest pass key, but i can't seem to find it.. Anybody have one to donate to "science"?

  10. #10
    LightWave's Avatar Contributor
    Reputation
    202
    Join Date
    May 2006
    Posts
    410
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    lol well he need testers to see if it works cuz i have used process hind hacks befor and ya but

    Here is the catcher with trials if u use one internet connectio u share the ip with ur other wow and wow can track ips for people that didnt know that so they can trace it back to your other account and look at the activity on that account form that ip

    And dont say what if ur at a cyber cafe or anyting cuz Cyber Cafes dont allow downloading anything i know use to work at one

    And what if i was at a firends house well u just ****ed oyur friend over his account has been flaged for ip searching to see if he cheats

  11. #11
    zhPaul's Avatar Active Member
    Reputation
    55
    Join Date
    Aug 2006
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    Originally Posted by LightWave
    lol well he need testers to see if it works cuz i have used process hind hacks befor and ya but

    Here is the catcher with trials if u use one internet connectio u share the ip with ur other wow and wow can track ips for people that didnt know that so they can trace it back to your other account and look at the activity on that account form that ip

    And dont say what if ur at a cyber cafe or anyting cuz Cyber Cafes dont allow downloading anything i know use to work at one

    And what if i was at a firends house well u just ****ed oyur friend over his account has been flaged for ip searching to see if he cheats
    Well i actually have my wow on a thumb drive for portability, so i could just go to any decent computer and "plug & play". Also I use a program which spoofs my mac so WoW never has my real IP.

  12. #12
    Relz's Avatar Feed the trolls
    Reputation
    429
    Join Date
    May 2006
    Posts
    2,124
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    id be glad to test, if you got me a trial account that is. i dont care if my ip gets flagged, ill just be a little more carefull =P just dont want my account banned.
    "Step right up and shake hands with the devil"

  13. #13
    zhPaul's Avatar Active Member
    Reputation
    55
    Join Date
    Aug 2006
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    Originally Posted by relz
    id be glad to test, if you got me a trial account that is. i dont care if my ip gets flagged, ill just be a little more carefull =P just dont want my account banned.
    I have a dll for you to test, you don't even need to login to see if it's working... This is going to be hard to facilitate if you don't have an IM service.

  14. #14
    Relz's Avatar Feed the trolls
    Reputation
    429
    Join Date
    May 2006
    Posts
    2,124
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    i have AOL i believe its in my profile (my screen name that is) of course we could use PM's if you dont like AIM.
    "Step right up and shake hands with the devil"

  15. #15
    Lyvan's Avatar Member
    Reputation
    1
    Join Date
    Jul 2006
    Posts
    35
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Unpacked The Warden <

    http://teaser.wow-europe.com

    That's the europe adress (doh!)

    And in case you need for the US version, i got that one too.

    http://www.worldofwarcraft.com/accou...a-friend.html?

    I won't support you with any testing or anything else releated to hacks, since i don't think it's fair playing.

    However, if you intead to block Warden from checking my modelchanged files, i will/can support you.

    Send me a PM and i will give you contact details.

Page 1 of 4 1234 LastLast

Similar Threads

  1. Will actual human input for a few secs break the warden?
    By zijincheng in forum Diablo 3 Bots and Programs
    Replies: 8
    Last Post: 07-28-2012, 05:43 AM
  2. How to get inside the Warden's Vigile tower in Tol'Barad
    By kveer278 in forum World of Warcraft Exploits
    Replies: 3
    Last Post: 01-25-2011, 05:09 PM
  3. Guide - Saving the warden modules (Mac only)
    By Tanaris4 in forum WoW Memory Editing
    Replies: 0
    Last Post: 06-25-2010, 02:40 PM
  4. Disabling The Warden
    By Chrommie in forum World of Warcraft Bots and Programs
    Replies: 36
    Last Post: 05-13-2007, 02:29 AM
  5. What is the warden, and what doe it do?
    By WoWLegend in forum World of Warcraft General
    Replies: 2
    Last Post: 09-24-2006, 07:04 PM
All times are GMT -5. The time now is 05:26 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search