-
Member
Warden Private Server
Hey everyone,
I wanted to share a useful enum I've been working with for interacting with the Warden anti-cheat system in World of Warcraft: Wrath of the Lich King (WotLK). This enum, named WardenWOTLK, contains various memory offsets and function codes that are essential for understanding and interacting with the Warden's operations.
Here's the enum:
Code:
enum WardenWOTLK
{
WardenStructurePTR = 0x00D31A4C,
PageStoreInfo = 0x7B8, // read 3x time from the WardenStructure
LuaStringCHeck = 0x7E8, // read WardenStructurePTR > read WardenStructurePTR Value + this opcode.
Vtable = 0x228,
MemoryCheck = 0x0C,
ModuleCheck = 0x10,
CallProcCheckHashAndCompare = 0x1C,
DriverCheck = 0x20,
TimingCheck = 0x24,
GetTickCounterFromMemory = 0x28,
HeapFreeEx = 0x50,
ReturnZero = 0xDC,
ProcAddress = 0x18,
GetMethod = 0xE8,
CheckStructValue = 0x1FC,
FreeHeap = 0x2C,
closeHandle = 0xF0,
CheckFunctions = 0x00,
ReturnControl = 0x200,
duplicateHandle = 0x100,
};
This enum is crucial for anyone diving into reverse engineering or low-level manipulation of the Warden system in WoW WotLK. Understanding these offsets can help in analyzing how the Warden operates and in developing methods to interact with or bypass its checks.
Feel free to ask if you have any questions or need further clarification on any of the entries!
Note[1] : some servers use GetText instead of Lua_execute, it is recommendto just hook LoadBuffer to bypass both checks.
Last edited by Makkah; 08-25-2024 at 03:53 AM.
-
Post Thanks / Like - 1 Thanks
InnerSilence (1 members gave Thanks to Makkah for this useful post)
-
Member
Cata 4.3.4 Warden Enum for Warden Functions
Below is the WardenCata enum, which defines various functions and checks used by the Warden system in World of Warcraft Cataclysm (Patch 4.3.4). Warden is Blizzard's anti-cheat mechanism that performs various security checks to detect and prevent the use of unauthorized third-party software.
Code:
enum WardenCata {
WardenPTR = 0x0DC0C70,
Warden_ModuleCheck = 0xD4,
Warden_DriverCheck = 0xE4,
Warden_CloseHandle = 0x144,
Warden_GetProcAddress = 0xDC,
Warden_TimingCheck = 0xE8,
Warden_FreeHeap = 0x90,
Warden_GetModuleHandle = 0xC8,
Warden_MemoryCheck = 0xD0,
Warden_Return0 = 0x70,
Warden_AddTwoNumbers = 0xCC,
Warden_CallProcCheckHashAndCompare = 0xE0,
Warden_StorePageScanInfo = 0xF4,
Warden_HeapFreeEx = 0x00
};
-
Active Member
ty, do you have for MOP 5.4.8 to ?
-
Member
-
Member
wow this is amazing, must of taken you awhile to figure out all of this thank you. everyone should give you some +rep
Last edited by untouch; 09-24-2024 at 01:33 AM.
-
Member
Bypassing Warden’s `Lua_String_Check` is quite simple, but you'll need to address `memoryCheck` and `PageScan`. When detouring `LoadBuffer`, make sure the jump doesn’t trigger any flags. Properly hiding or obfuscating the `jmp` instruction is crucial to avoid detection.
but when you do, you can make the lua string into
Code:
[Warden] Lua String Check = if(fMqKyCixfear_EventFrame~= nil)then SendAddonMessage('ZStXiSYfJhi',"DppBMP",'WHISPER','Ux01')else SendAddonMessage('ZStXiSYfJhi',"bFuRia",'WHISPER','Ux01')end
[Warden] Lua String Check = local S,T,R=SendAddonMessage,function()local f=DEFAULT_CHAT_FRAME for i=1,f:GetNumMessages() do if (f:GetMessageInfo(i)):find("|cffffd200MPngTvQwnnFZ|r") then return true end end end R=S and T()if R then S('_TW',0790,'GUILD')end
Last edited by Makkah; 09-29-2024 at 08:47 AM.
-
Member
MoP 5.4.8 Warden Enum for Warden Functions
Below is the WardenCata enum, which defines various function offsets and checks used by the Warden system in World of Warcraft Cataclysm (Patch 4.3.4). Warden is Blizzard's anti-cheat mechanism designed to detect and prevent the use of unauthorized third-party software by performing system integrity checks.
In Mists of Pandaria (MoP) 5.4.8, the game uses Address Space Layout Randomization (ASLR), which means that memory addresses are randomized each time the game is launched. This adds an extra layer of security, making it more difficult to predict and manipulate specific memory locations.
Warden Function Enum:
Code:
enum WardenMoP {
WardenPTR = GetModuleHandle + C8E494,
Warden_ModuleCheck = 0xD4,
Warden_DriverCheck = 0xE4,
Warden_CloseHandle = 0x144,
Warden_GetProcAddress = 0xDC,
Warden_TimingCheck = 0xE8,
Warden_FreeHeap = 0x90,
Warden_GetModuleHandle = 0xC8,
Warden_MemoryCheck = 0xD0,
Warden_Return0 = 0x70,
Warden_AddTwoNumbers = 0xCC,
Warden_CallProcCheckHashAndCompare = 0xE0,
Warden_StorePageScanInfo = 0xF4,
Warden_HeapFreeEx = 0x00
};
Last edited by Makkah; 2 Weeks Ago at 03:03 AM.
-
Post Thanks / Like - 1 Thanks
aeo (1 members gave Thanks to Makkah for this useful post)
-
Member
How can i FInd WardenPTR In retail? ?
-
Member
i do know how to find it but no, i wont give out this type of information to the public.
-
Member
This is a very detailed enum for interacting with Warden in WoW WotLK. It can be helpful for those reverse-engineering or working with private servers. However, bypassing anti-cheat systems can have legal implications, so it's important to be mindful of the terms of service. DomyPaper Do My Paper For Me | Paper Writing Service by DoMyPaper.com is hands down one of the best academic writing services I’ve ever used. The quality of the paper was outstanding, and the writer’s attention to detail was commendable. The entire process was hassle-free, from placing the order to receiving the final product. I’m extremely satisfied with their service and would recommend it to anyone in need of academic assistance.
Last edited by EmersonPeterson; 2 Weeks Ago at 07:14 AM.
-
Member
These are the static functions utilized by World of Warcraft (WoW) to load and manage the Warden system in the Wrath of the Lich King (WotLK) expansion.
Code:
enum WardenFunctions : uintptr_t {
DBCache_Warden = 0x676ac0,
DBCache_WardenCachedModule_InternalDelete = 0x6791b0,
DbWardenCache_Load = 0x67fe00,
WardenCached_LoadKey = 0x7da1c0,
WardenCachedModule_StoreToCDataStore = 0x7da220,
WardenCachedModule_LoadFromCDataStore = 0x7da260,
Warden_UnloadModule = 0x7da300,
Warden_ShutdownAndUnload = 0x7da420,
Warden_MemoryAlloc = 0x7da4b0,
Warden_MemoryFree = 0x7da4d0,
Warden_StateSave = 0x7da4f0,
Warden_StateLoad = 0x7da550,
WardenCachedModule_Copy = 0x7da5c0,
WardenLoadModule = 0x7da610,
WardenClient_Initialize = 0x7da8c0,
Warden_ModuleCache = 0x7da9f0,
Warden_Data = 0x7daab0,
WardenZlibDecompress = 0x866770,
UnloadWardenModule = 0x8722c0,
LoadWardenModule = 0x872350
};
-
Post Thanks / Like - 1 Thanks
Kangaroo6052 (1 members gave Thanks to Makkah for this useful post)
-
Member
Originally Posted by
Makkah
These are the static functions utilized by World of Warcraft (WoW) to load and manage the Warden system in the Wrath of the Lich King (WotLK) expansion.
Code:
enum WardenFunctions : uintptr_t {
DBCache_Warden = 0x676ac0,
DBCache_WardenCachedModule_InternalDelete = 0x6791b0,
DbWardenCache_Load = 0x67fe00,
WardenCached_LoadKey = 0x7da1c0,
WardenCachedModule_StoreToCDataStore = 0x7da220,
WardenCachedModule_LoadFromCDataStore = 0x7da260,
Warden_UnloadModule = 0x7da300,
Warden_ShutdownAndUnload = 0x7da420,
Warden_MemoryAlloc = 0x7da4b0,
Warden_MemoryFree = 0x7da4d0,
Warden_StateSave = 0x7da4f0,
Warden_StateLoad = 0x7da550,
WardenCachedModule_Copy = 0x7da5c0,
WardenLoadModule = 0x7da610,
WardenClient_Initialize = 0x7da8c0,
Warden_ModuleCache = 0x7da9f0,
Warden_Data = 0x7daab0,
WardenZlibDecompress = 0x866770,
UnloadWardenModule = 0x8722c0,
LoadWardenModule = 0x872350
};
Awesome! May I know which version this is? What’s the version number?
-
Member
Wrath of the Lich King (3.3.5a) Build 12340
Last edited by Makkah; 3 Weeks Ago at 11:52 PM.
-
Member
Originally Posted by
Makkah
Wrath of the Lich King (3.3.5a)
Wrath of the Lich King (3.3.5a) Build 12340?