[GUIDE] How to set up a simple jump and speed hack using CE *moved* menu

User Tag List

Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 52
  1. #31
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Etherea View Post
    He made the point he was trying to make, and there was nothing factually inaccurate in his remarks. There you go again with calling people stupid or retarded. Let's not be so quick to judge.
    I agree with Chazwazza. If you view it as an int, you are viewing it completely wrong (although it does work). You should view it how it was defined in the code so you get a more accurate measure of it and how you can increase it. For example, if the value was 5 as float but 324324324 as an integer, which one is easier to tell how to double it? I am sure that if you double 324324324, you would instantly hit the roof of the game while if you changed the 5 to a 10, you would jump twice as high.

    The only thing I agree with the other guy is that if it works, it works. However inaccurate and noobish it may be.

    The fact that he is not reading it as a float value means that he probably got it from another source other than scanning the memory manually as he should have.

    EDIT: oh yeah and kynox, isnt the value stored in another location in the memory as well? Couldn't you edit the value on there instead of where Warden scans or is it just scanning to see if the value changes or not?
    Last edited by Sychotix; 07-11-2008 at 01:46 PM.

    [GUIDE] How to set up a simple jump and speed hack using CE *moved*
  2. #32
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    EDIT: oh yeah and kynox, isnt the value stored in another location in the memory as well? Couldn't you edit the value on there instead of where Warden scans or is it just scanning to see if the value changes or not?
    If thats the case, then yes. I'm not sure if it is stored anywhere else though.

    One thing i can say, is that i havn't seen warden reading any code which reads from the address, so you could hijack each read from it and replace it with your own address.

    Or, you could use the better method, and put a onread memory breakpoint on it, and send back bogus results. Both methods would be warden proof, the latter being the long term solution.

  3. #33
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    yeah, I'm sure warden runs via CRC which people use the "find what reads from" method to figure out where its at. OR, I could use the header that I downloaded from "someone's" site =P I might have lost that though durring my reformatting but idc.... i dont even have WoW atm. I'm thinking about waiting till after OB.NET comes out and botting up a few chars before WOTLK comes out.

    EDIT: nope still got it.

  4. #34
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    *blank* Uh, what?

    I don't understand a word you just said

  5. #35
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wikipedia
    A cyclic redundancy check (CRC) is a type of function that takes as input a data stream of any length, and produces as output a value of a certain space, commonly a 32-bit integer. The term CRC is often used to denote either the function or the function's output. A CRC can be used as a checksum to detect alteration of data during transmission or storage.
    GameGuard uses this as well (if the buyer of the program activates it). People use the method of putting a breakpoint (Find what reads from) on the function and sees what reads from it. Once they find out that, they go to another address which they know is under the CRC and they do the same thing. They then normally compare the two and see if anything is similar and if there is, they have found where the CRC function is. Now they just need to disable it/trick it to think it always returns true. =P

  6. #36
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Sychotix View Post
    I agree with Chazwazza. If you view it as an int, you are viewing it completely wrong (although it does work). You should view it how it was defined in the code so you get a more accurate measure of it and how you can increase it. For example, if the value was 5 as float but 324324324 as an integer, which one is easier to tell how to double it? I am sure that if you double 324324324, you would instantly hit the roof of the game while if you changed the 5 to a 10, you would jump twice as high.

    The only thing I agree with the other guy is that if it works, it works. However inaccurate and noobish it may be.

    The fact that he is not reading it as a float value means that he probably got it from another source other than scanning the memory manually as he should have.

    EDIT: oh yeah and kynox, isnt the value stored in another location in the memory as well? Couldn't you edit the value on there instead of where Warden scans or is it just scanning to see if the value changes or not?
    The value isn't stored anywhere else, only references to it in the text segment. Like kynox said you can just hijack all reads to it and point the code to a new value in memory somewhere (tested and working as warden-proof), or hook the value itself in the data seg and send back the value you want (untested but will work).

    Also, kynox know's what a CRC is, trust me, I think he was just confused by the general rambling in the post as opposed to the terminology.

  7. #37
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Chazwazza View Post
    The value isn't stored anywhere else, only references to it in the text segment. Like kynox said you can just hijack all reads to it and point the code to a new value in memory somewhere (tested and working as warden-proof), or hook the value itself in the data seg and send back the value you want (untested but will work).

    Also, kynox know's what a CRC is, trust me, I think he was just confused by the general rambling in the post as opposed to the terminology.
    aww but i never got into code caving =P. Instead of doing all that, why not simply bypass Warden's CRC where it will not be reading anything? or even if it does, it always returns that the function hasnt changed?

  8. #38
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Sychotix View Post
    aww but i never got into code caving =P. Instead of doing all that, why not simply bypass Warden's CRC where it will not be reading anything? or even if it does, it always returns that the function hasnt changed?
    It's not CRCing, the WoW server sends a request to read from certain addresses, warden complies by sending back the resulting bytes to the server.

    Server checks if they're abnormal, if so - ban.

  9. #39
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    ahh... well either it is sending "yes its abnormal" or it is sending the value back. If it is sending the value back, you cant really mess with the function itself but if it is jusaying "no its not abnormal", there is probably a conditional jump that can simply be changed to make it always say that.

  10. #40
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, it sends back the raw bytes read. You need to hook the internal function which is called to scan memory and add it to the output buffer.

  11. #41
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    hm... so does the server send the value that it wants it to be to the function? if so, its probably stored in one of the registers and can be completely bypassed by doing (for example)
    mov edi,eax //eax being the value it wants and edi being the value it sends back
    jmp 8675309 //the jump leading to where the end of the function is where it actually sends the data back (or somewhere close... depending on how the function is)

    I will have to poke at it some when this damn AoC raid stops -.- havnt had a chance to even finish patching WoW.

    EDIT: alright. I poked at it some. I have NOP'ed quite a few addresses and tried to get warden to detect me yet nothing. Are you sure warden reads from the jump address (and some other addresses I have been provided with). If it does (which i think it does since i found a common section which reads them and the area is dynamic so ima have to do a pointer search to try and find it tomorrow)...

    it cant be an instant ban though unless warden only reads from them like every hour or so -.-
    Last edited by Sychotix; 07-13-2008 at 10:02 PM.

  12. #42
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've found that warden won't ban me on my trial account, the only time i've had one banned is when my Warden Emulator was returning bad results and packet hashes.

  13. #43
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Sychotix View Post
    hm... so does the server send the value that it wants it to be to the function? if so, its probably stored in one of the registers and can be completely bypassed by doing (for example)
    mov edi,eax //eax being the value it wants and edi being the value it sends back
    jmp 8675309 //the jump leading to where the end of the function is where it actually sends the data back (or somewhere close... depending on how the function is)

    I will have to poke at it some when this damn AoC raid stops -.- havnt had a chance to even finish patching WoW.

    EDIT: alright. I poked at it some. I have NOP'ed quite a few addresses and tried to get warden to detect me yet nothing. Are you sure warden reads from the jump address (and some other addresses I have been provided with). If it does (which i think it does since i found a common section which reads them and the area is dynamic so ima have to do a pointer search to try and find it tomorrow)...

    it cant be an instant ban though unless warden only reads from them like every hour or so -.-
    You can't NOP random crap in the hope you get banned, Warden is quite specific. Also, warden scans occur every 15-20 seconds or something along those lines.

    If you want to get banned just change your jump height or climb angle, that SHOULD work, unsure if it will work on trials. If you want to find warden you can probably put an on-read breakpoint on the address and find the function that warden is scanning the value with (untested).

  14. #44
    Sychotix's Avatar Moderator Authenticator enabled
    Reputation
    1443
    Join Date
    Apr 2006
    Posts
    4,001
    Thanks G/R
    295/587
    Trade Feedback
    1 (100%)
    Mentioned
    9 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Chazwazza View Post
    You can't NOP random crap in the hope you get banned, Warden is quite specific. Also, warden scans occur every 15-20 seconds or something along those lines.

    If you want to get banned just change your jump height or climb angle, that SHOULD work, unsure if it will work on trials. If you want to find warden you can probably put an on-read breakpoint on the address and find the function that warden is scanning the value with (untested).
    Yeah i have already done that. I changed my jump height to -30 and was jumping around to hell hoping to get a ban. And also, I have a list of things that Warden scans thanks to a little someone. I put a breakpoint on it last night and i came to a function in the 0F494B48 region. I am going to do some scanning to see if i can find a pointer for it.

    EDIT: is it because i changed the value via debugger and not a memory editor? lol

  15. #45
    kynox's Avatar Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I put a breakpoint on it last night and i came to a function in the 0F494B48 region.
    The function thats reading from it is inside of Warden.

    It reads offsets (yes, you could hook this , but it also reads other data)..
    Though Warden is dynamically allocated, so that address is quite useless once its unloaded .

Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. [Guide] How to set up a private server and making it public
    By riley211 in forum WoW EMU Guides & Tutorials
    Replies: 11
    Last Post: 08-07-2008, 03:42 PM
  2. [GUIDE] How to set up your own registration website
    By Etzzhy in forum WoW EMU Guides & Tutorials
    Replies: 18
    Last Post: 06-16-2008, 12:22 PM
  3. [GUIDE] how to set up a 2.4x server!!
    By Tomac123 in forum WoW EMU Guides & Tutorials
    Replies: 7
    Last Post: 06-02-2008, 11:20 AM
  4. [GUIDE] How to set up phpBB3 forum!! :D[Newb Friendly]
    By Etzzhy in forum WoW EMU Guides & Tutorials
    Replies: 5
    Last Post: 04-26-2008, 03:05 AM
  5. [Guide] How to set-up the RoSpora Website(Mangos Spora)
    By SlimWoW in forum WoW EMU Guides & Tutorials
    Replies: 7
    Last Post: 12-08-2007, 06:57 PM
All times are GMT -5. The time now is 04:13 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search