Warden Scan Info

**Evieh** · 06-15-2012

Warden doesn't seem active for me, memory is allocated that matches Warden size from warden mapping code however the memory is VirtualFree'd right after. Why does this happen? It has been like this ever since warden started being 'active'.

**Beaving** · 06-15-2012

Warden module is.copied to.various locations. Also it wont exist there long, because it.will.scan a bit and then it will get freed. It repeats that process to random locations.

**Evieh** · 06-15-2012

Originally Posted by Beaving

Warden module is.copied to.various locations. Also it wont exist there long, because it.will.scan a bit and then it will get freed. It repeats that process to random locations.

Ah, you're right. I never logged the calls long enough to actually see them being called multiple times.

**TheArkanaProject** · 06-15-2012

Me again with another possibly silly question.

How does warden utilize VQEx, exactly? Is it just scanning for code caves (allocated memory which shouldn't be), or doing something more complex?

Sorry if I'm annoying with all the questions.

**DrGonzo** · 06-15-2012

Shot in the dark, but checking memory pages set to executable?

**TheArkanaProject** · 06-15-2012

Also, as far as the "fake" scans go, I think they might be scanning various system functions (checking to see if, say, virtualqueryex has been tampered with), although I can't prove it. Would certainly make sense for them to want to watch them.

**anonym0use** · 06-20-2012

Where Warden called from? Does it run in separate thread? Is it possible to do memory swapping in Win kernel thread manager?

**Beaving** · 06-20-2012

Called from ff 95 90 fb ff ff 84 c0 74 08 8b 0d

Shout-Out

User Tag List

Thread: Warden Scan Info

Thread Tools

Search Thread

Similar Threads

What does warden scan for?

Hook Warden Scan

Warden Scan Info 1.0.3

Warden Scanning for Viruses???

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino