object names?? confused..

[Cypher]

If you're using out of process, why not just:

1) Read the Bobber XYZ
2) Read the camera struct (i posted this here)
3) Convert the XYZ to a 2D Vector using a world to screen function i also posted here.
4) Move mouse to returned X,Y
5) Click
6) ???
7) Profit

Don't you have to have WoW running on top to do that because if you send a mousemove to SendMessage WoW checks the 'real' position of the cursor?

[arynock]

so... if you are able to reverse the wow file and find all these functions... why dont you just reverse the scan.dll file to see how exactly warden works? and possibly disable it? heh

[Sychotix]

i dont think scan.dll really matters when it comes to warden =P and if it does, you could probably simply delete it from both being called in the executable and from the folder itself

[Shynd]

Scan.dll has nothing to do with Warden. Besides, Warden has been pretty well contained, from time to time, but since it can change at any time, with no warning, it's pretty difficult to just disable it altogether.

[arynock]

oh.. i guess i just figured scan.dll contained most of the functions that would be used by warden... but the fact that it is changed so frequently would make a good reason not to worry about that... hah.. duh to me..

[kynox]

oh.. i guess i just figured scan.dll contained most of the functions that would be used by warden... but the fact that it is changed so frequently would make a good reason not to worry about that... hah.. duh to me..

I would bet no function in Scan.dll is "Findable" in Warden, if they were infact in it. Warden is polymorphic, meaning that every function is different and placed in a different locations each time.

Reversing it was a real pain, but you eventually see a pattern on code flow and it becomes cake.

But to sum it up, Scan.dll was originaly used to detect virus/keyloggers running on your PC before you logged into WoW afaik, but now they've started to include hacks. You can easily get around this by deleting it on runtime (Which they make no protection against, because you don't get banned in the first place).

[Cypher]

Scan.dll is there to warn you on startup about anything that might be bannable if you choose to log in with it running. Warden is there to ban you when you do log in.

Whilst scan.dll is techincally part of 'Warden' as a technology (before anyone argues check MDY vs Blizzard and you'll see blizzard include scan.dll as part of their 'Warden' technology), its definately not of interest when it comes to bypassing detection of hacks etc.

[arynock]

yeah... and to anyone who said reading a book was a stupid way to learn... dude this book is amazing.. lol

[Sychotix]

never said it was stupid =P its, at least, not my way to learn. Oral and visual > textual

[Cypher]

yeah... and to anyone who said reading a book was a stupid way to learn... dude this book is amazing.. lol

Yeah, its definitely an excellent book, it'll teach you pretty much everything you need to get started in reverse engineering.

After that its just a matter of practice practice practice, along with reading of specialty articles on the subjects you're interested in (cracking, data reing, etc), and learning about your targets (ie reading books about programming games, a 'know thy enemy' type thing ).

[hfs]

so is scan.dll also responsible for scanning the mem residen copy of wow.exe upon login?

i.e. in the form of a quick checksum?

Or does wow.exe handle that itsself?

[Cypher]

so is scan.dll also responsible for scanning the mem residen copy of wow.exe upon login?

i.e. in the form of a quick checksum?

Or does wow.exe handle that itsself?

Err, I thought my post was pretty self-explanatory. Scan.dll is a component of Blizzard's warden technology and scans for known public hacks/bots/etc to warn the user their account security may be at risk. A checksum is done upon login regardless of the presence of scan.dll, that feature is built into WoW itself.