Warden clarification

[Nightavanger]

Hello there, altho i know this is not so much of a question section, I've been searching for a while and didn't find any actuall information on Blizzard's Warden for Diablo III.What I've found is

• Model edits.
• Known cheat modules (DLLs)
• Known modifications to game functions
• Known cheating addons
• Speedhacks
• Known API hooks from cheats

Altho it's kind of close up to what i want to know, it's still not enough information.Because I want to some memory editing, i would like to ask you for some secure way to do it precisly. As i read before, Warden checks for "WpeSpy.dll", already took care of that. Other things i don't know anything about is, if it actually checks for browsing memory or just for editing? In this thread (Warden Scan Info 1.0.3) i found which part's is Warden watching over, is there a full list? Where did he found that information? I found nothing on that in changelog. Any other professional and usefull advices for beginner in this field of work would be appriciated. Sorry for your time, hopefully I'll bring something back for community with acquired knowledge. //edit: Oh yeah, probably forgot to mention that I'm planning on using WPEpro so some pro's and con's on that?

[Beaving]

They just detect you for editing.

BP ReadProcessMemory and you get all addresses they scan with it.

To avoid Warden, BP ReadProcessMemory, look where it's called from, look where that is called from, nop the call, done. Or you could hook ReadProcessMemory and VirtualQueryEx.

[Nightavanger]

Thank you for your time but your answer is very, very user unfriendly)). To "BP" (which i don't know what does it stand's for) ReaProcessMemory, i have to write down some C++/C# code, right? What process should i read, Diablo3 or there's process for warden? What address should i read? Does this all mean that WPEpro and CE is useless for me? Do you have any saved (links) "easy to learn" tutorials?

[Apoc]

Thank you for your time but your answer is very, very user unfriendly)). To "BP" (which i don't know what does it stand's for) ReaProcessMemory, i have to write down some C++/C# code, right? What process should i read, Diablo3 or there's process for warden? What address should i read? Does this all mean that WPEpro and CE is useless for me? Do you have any saved (links) "easy to learn" tutorials?

If you're only at the level of using CE/WPE, you probably shouldn't be trying to figure out how to understand anti-cheats. Chances are; you won't be running into them if you're not injecting anything.

Stick to the basics, then learn the more advanced stuff. Don't dive right into reversing anti-cheats with little working knowledge.

[Nightavanger]

Well pretty much what i wanted to, was to export list of AH items. And i wanted to find out if it was secure to probably change AH page thru memory edit. The ting is, i kind of can find any basics on this beside "learn how to change your stat in CE" or "how to use WPE filter". But thanks anyway)

[Beaving]

You can do that safely, yes. There are no basics for this. If you don't even know what a breakpoint is, probaly even not what ollydbg is, you will fail. I'm sorry to say that, but you still have a long road ahead. Go learn a proper programming language, learn ASM basics, check Crackmes and Keygenmes. It took me much time to get anything of that at all.

[Valtharak]

my understanding of warden is your at risk if you

-hooking functions (modifying the code)
-injecting known dll that they have signature of
-modify there code if watched (Beaving list of watched address)

so you safe if your
not hooking
using all private code you did yourself
don't modify the code to hack.

if you do one of those like said you could hook there readmemory and unpatch when they scan your memory address

[booba]

change AH page thru memory edit.

Not sure exactly what you mean here, but if you're changing memory (e.g. Writing in the process memory), then you're at much higher risk of being detectable.

[Kroge]

my understanding of warden is your at risk if you

-hooking functions (modifying the code)
-injecting known dll that they have signature of
-modify there code if watched (Beaving list of watched address)

so you safe if your
not hooking
using all private code you did yourself
don't modify the code to hack.

if you do one of those like said you could hook there readmemory and unpatch when they scan your memory address

I thought AH bots were getting discovered through tracing of rapid clicks, repetitive non-random moves, and elongated hours active. Is this not still the case?

[Valtharak]

ya but those are server side check. nothign to do with warden