-
EverScan - An Open Source Warden Scanner
Info:
EverScan is an open source Warden scanner. EverScan does not need updates, unless Warden changes... The address and length of the scan will be dumped to a file. The address and length will also be displayed in game. B/c of the scanning method used EverScan could hook and crash wow. The last time I release a warden scanner people asked "what does it do?" -_- So EverScan just tells you what address not to change when coding a hack or bot.
You will need :
-Microsoft DirectX SDK (June 2010) (included, still need End-User Runtime)
-Detours Express 3.0 (included)
-An injector (use CE or something)
-WoW trial account
How to use :
-Set wow to Directx 9
-Log in, must be in game for Warden to load
-Open CE or anything and inject EverScan.dll and run SetHooks
CE -> Memory View -> Tools -> Inject Dll -> EverScan.dll -> Yes -> SetHooks -> Ok
Set up compiler :
http://darkenedlinux.com/mmowned/EverScan/1.png
http://darkenedlinux.com/mmowned/EverScan/2.png
http://darkenedlinux.com/mmowned/EverScan/3.png
You will need to change the path to the Directories in the project.
Include Directories
Detours Express 3.0\include
Microsoft DirectX SDK (June 2010)\Include
Library Directories
Microsoft Research\Detours Express 3.0\lib.X86
Microsoft DirectX SDK (June 2010)\Lib\x86
ScreenShot:
Download : EverScan v1.0
Virus Scan : EverScan v1.0 Virustotal
Other :
Leave a comment if you have any improvements or ideas. I do not take credit as lots of the code I have found from all over the web. I would like this to be a community project that we can all work on and make it better Also Rep / comment if you like it and would like to see more
Also, Do it your self
http://www.ownedcore.com/forums/worl...ml#post2107572 (Simple Warden Check)
Last edited by DarkLinux; 06-24-2016 at 10:52 PM.
-
Post Thanks / Like - 2 Thanks
eSko,
CrazyCo (2 members gave Thanks to DarkLinux for this useful post)
-
Nice work. +4 Rep.
Also, you could redirect scans in the .text and .rdata sections to the WoW binary (don't redirect .data though, see here ([Question] Warden Scanner and hooking)), or just check against a list of known scans if you wanted to stop Warden from detecting hacks by looking for modified bytes.
Last edited by l0l1dk; 09-24-2012 at 02:19 AM.
-
-
Kynox's Sister's Pimp
-
Thanks everyone for the support! Anything I should add?
-
Contributor
Could you maybe make the dump feature work better? now it just closes out the file when you hit F6, so if you hit it again after another address shows up it doesn't do anything.
I am thinking make it repopulate the text file and close it out every time the F6 key is pressed.
nice work
-
Ya, I guess I could add that Ill try and update it tonight...
or just add
after the dump.open
-
Member
This is really interesting work but when I try to run this it will only display the scans in the text file and not inside WoW. I'm running WoW under directX9. Otherwise, great work!
Last edited by oldmanofmen; 12-02-2012 at 10:03 AM.
-
can I use this on my main account
-
Hmm odd, it crashes.. Ill look into why its doing that... I dont think you would want to use this on your main account.. It would be funny if Blizzard patched my hook..
-
Member
Originally Posted by
DarkLinux
Hmm odd, it crashes.. Ill look into why its doing that... I dont think you would want to use this on your main account.. It would be funny if Blizzard patched my hook..
Yes, I managed to fix that problem after stepping through the assembly code in WoW. There's a NULL pointer in function bool hook(DWORD HookAddress, DWORD CaveAddress), the pointer byteP points to NULL and is then written to with E9. Hope that helps, and thanks again.
-
Member
I think your PatternScan function is broken it always seems to return 0 (false).
-
-
Member
Originally Posted by
DarkLinux
The method I used to find Warden is really bad.. Its fast but does not always work
If the RegionSize, State or Type of the code block warden is in changes the pattern scan will not work. But I like speed
And it works.. hmm that odd..
Got it working finally, really excellent work you've got here.
I very rarely give rep out on here but this is definitely deserving of all the rep I can give, +3 rep from me!
-
Member
Very great program!
I'd give you rep but I don't have any to give. >.<