[DLL] Reverse engineered Scan.dll menu

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 15 of 36
  1. #1
    Seifer's Avatar Site Donator
    Reputation
    129
    Join Date
    Apr 2007
    Posts
    270
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [DLL] Reverse engineered Scan.dll

    Reverse engineered Scan.dll file, by SaFxZ./AFRAiD

    The whole purpose of this release is to circumvent the error message, and possible account/IP flagging of World of Warcraft.

    Been using this for myself for a while now, thought it would be a good one to release to the public now.

    According to my small research, WoW can (ofcourse) not flag your account, but they can flag your MAC/IP/HDD GUID and ban it from WoW. A MAC/GUID ban is what we call a hardware ban, and prevents you from playing WoW on the specific machine you were banned on, and and IP ban.. well, bans your IP. This can be worked around by a single phone call to your ISP though.

    So, why change Scan.dll?
    Good question. Scan.dll runs when you launch WoW, and it scans your memory for trojans, keyloggers etcetera, but also for bots. We're okay with it finding keyloggers, trojans etc, but we don't want it to find our bots.
    Therefore we keep the actual file in-tact, but make the part where it should scan for bots unreadable, by placing zero's.

    Does WoW update it's Scan.dll?
    They do in fact. On every boot, WoW initializes the following:
    Launcher -> Scan using Scan.dll -> Update Scan/Warden/WoW
    But, with our custom Scan file, it shouldn't be finding Glider!

    Is this undetected?
    Yes, it is. I've been using it for roughly two weeks now, launched Glider before launching WoW, and have had no problems whatsoever. But, be aware that they may (hot)fix this at any time.

    Will this get me banned?
    No, it's highly unlikely. Although Blizzard may change it's policy regarding modification of game files later on.

    As always, use at your own risk!

    Please note that I used this method of changing gamefiles on several games, it worked on all of them. But since 90% of the activities in WoW are server-sided, there is not much to change, except for their anti cheating systems...

    Enjoy this public, this may be your last.
    http://awake.zxq.net/temp/792136yt23...AN.-AFRAiD.rar

    This file is 100% keylogger/virus/trojan free, as it is Blizzard's own file.

    [DLL] Reverse engineered Scan.dll
  2. #2
    Ermok's Avatar Contributor
    Reputation
    212
    Join Date
    Jul 2007
    Posts
    447
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    who cares, ;p
    j/k
    thanks for this, i think
    even though you can just delete it, but it will re appear after next login, blizzard shouldnt be finding glider, but rootkits arent a match anymore ;p

  3. #3
    Seifer's Avatar Site Donator
    Reputation
    129
    Join Date
    Apr 2007
    Posts
    270
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, deleting it has the same purpose, except for that Blizzard will having a harder time checking for file corruption than just a simple is_File(); command.

    At the other hand, if they would check the MD5 hash we'd be screwed as well. Anyway, it worked perfectly for me, let's hope they don't catch up on this as for checking for file existence, or even worse, MD5 hashes.

    // Edit
    Virus scan report taken from Virusscan.jotti.org:
    Scan taken on 29 Jan 2008 19:11:12 (GMT) A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

  4. #4
    tripleblade3's Avatar Member
    Reputation
    42
    Join Date
    Sep 2007
    Posts
    164
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow, this is awesome, i look forward to trying this as soon as i get home

    +rep

  5. #5
    Kartio's Avatar Contributor

    Reputation
    165
    Join Date
    Apr 2007
    Posts
    1,619
    Thanks G/R
    7/1
    Trade Feedback
    2 (50%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm still suspicious with this.

  6. #6
    [ Prototype ]'s Avatar Account not activated by Email
    Reputation
    719
    Join Date
    Dec 2006
    Posts
    844
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wooow!
    I haven't tested this, and I'm not waiting for a confirmation!

    I've been waiting for about 2 years for someone to realize the point of scan.dll.
    Finally, someone found out!

    +9 rep!

  7. #7
    Evolution's Avatar Contributor
    Reputation
    142
    Join Date
    Sep 2006
    Posts
    289
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm sure this will help ppl with stuff... but scan.dll doesn't detect glider, does it?
    I'm never getting the "A third party program has been found on your machine" message.
    "I was right in the middle of a fking reptile zoo, and somebody was giving booze to these goddamn things."

  8. #8
    [ Prototype ]'s Avatar Account not activated by Email
    Reputation
    719
    Join Date
    Dec 2006
    Posts
    844
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Evolution ; that's maybe because you have Shadowmode Enabled ?
    I don't really know much about glider, since I've only used v1.0.6 and v1.2.6
    :P

  9. #9
    puppychow's Avatar Active Member
    Reputation
    43
    Join Date
    Feb 2007
    Posts
    70
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you know how scan.dll & warden work? This really doesn't protect you much at all.

    scan.dll is the pre-login checker. Its main purpose is to scan for viruses and trojans before you login (type your password), it also checks for glider, autoit, etc to tell users "we know you have a bot, turn it off or we'll be forced to ban you".

    warden is a piece of code inside the wow.exe that is downloaded AFTER you login and can be updated anytime while you play. it can check anything on your system, anytime. it has nothing to do with scan.dll.

    So hacking up scan.dll doesn't really do much, you are still vulnerable to warden. Glider's shadow protect or IS's isxwarden try to hide glider/is from warden.

    Its kind of like a sign outside the house that says "beware of dog", and a big large angry dog inside the house. The sign is scan.dll, and the dog is warden. Even if you replace the sign, spray paint it, change the words, whatever the dog is still inside and willl tear you up if you break in.

  10. #10
    1337asusual's Avatar Member
    Reputation
    18
    Join Date
    Jan 2008
    Posts
    107
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so this is a ....FAIL?

  11. #11
    Evolution's Avatar Contributor
    Reputation
    142
    Join Date
    Sep 2006
    Posts
    289
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Pvpede View Post
    Evolution ; that's maybe because you have Shadowmode Enabled ?
    I don't really know much about glider, since I've only used v1.0.6 and v1.2.6
    :P
    Aha, okey thanks.
    Can't see a reason of disable shadowmode tho :P
    "I was right in the middle of a fking reptile zoo, and somebody was giving booze to these goddamn things."

  12. #12
    Seifer's Avatar Site Donator
    Reputation
    129
    Join Date
    Apr 2007
    Posts
    270
    Thanks G/R
    1/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by The Cool One View Post
    I'm still suspicious with this.
    No need, this is an original Blizzard file, only bytehacked.

    Originally Posted by puppychow View Post
    Do you know how scan.dll & warden work? This really doesn't protect you much at all.

    scan.dll is the pre-login checker. Its main purpose is to scan for viruses and trojans before you login (type your password), it also checks for glider, autoit, etc to tell users "we know you have a bot, turn it off or we'll be forced to ban you".

    warden is a piece of code inside the wow.exe that is downloaded AFTER you login and can be updated anytime while you play. it can check anything on your system, anytime. it has nothing to do with scan.dll.
    I do, in fact, I've created hooks to work around PunkBuster a dozen of times, and I'm well-aware of how those anti-cheat systems work. But, in close regard to what has been said here, and on the Glider forums, Glider is being detected by Scan.dll, even at people who have enabled all Shadow. This merely is a way of circumventing the message on start-up, not to prevent Warden to work properly.

  13. #13
    Biggunz's Avatar Member
    Reputation
    1
    Join Date
    Aug 2007
    Posts
    16
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This would be helpful if blizz banned your machine, but they don't. Now if you have a punkbuster ban or a steam ban this would help. Blizzard bans your account not your comp.

  14. #14
    Demonshade's Avatar get in da van, i got epix

    Reputation
    494
    Join Date
    Mar 2007
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    imo what we really need is something anti-warden. We all know that warden scans for injections into WoW and scans ur processes and anything on ur computer, so isn't there a way to make it not scan a certain thing or even better, keep warden stuck on scanning a certain file which we can create so that warden is wasting its time on a file while we hack and do whatever we want with wow

  15. #15
    issacobra's Avatar Active Member
    Reputation
    48
    Join Date
    Nov 2006
    Posts
    262
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, scan.dll has NOT detected glider. If you look in your glider logs when you start with shadow mode on and still get the "mmoglider" message from wow, you will see that shadow mode did not start up right.
    www. leetbrowser .com
    The in-game web browser! No more alt-tabbing out of full screen games!

Page 1 of 3 123 LastLast

Similar Threads

  1. Learning Reverse Engineer
    By =sinister= in forum WoW Memory Editing
    Replies: 25
    Last Post: 07-15-2010, 08:45 AM
  2. Reverse Engineering (i think)
    By ToughCat in forum WoW Scams Help
    Replies: 6
    Last Post: 09-18-2009, 06:24 PM
  3. [Guide] Reverse engineer proof your Phisher App!
    By dj_hype in forum WoW Scam Prevention
    Replies: 8
    Last Post: 02-27-2009, 08:41 PM
  4. Reverse Engineering
    By typedef in forum WoW EMU Questions & Requests
    Replies: 6
    Last Post: 12-26-2008, 06:50 AM
  5. Reverse Engineering/Disassembly
    By Clain in forum Programming
    Replies: 2
    Last Post: 10-22-2008, 04:24 PM
All times are GMT -5. The time now is 03:22 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search