ISXWarden fail implemetation menu

Shout-Out

User Tag List

Page 2 of 2 FirstFirst 12
Results 16 to 26 of 26
  1. #16
    Xarg0's Avatar Member
    Reputation
    61
    Join Date
    Jan 2008
    Posts
    389
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But I want to write scanned memory reagions, for the sake of beeing "warden update" safe I'd even hide patches that aren't scanned, cause it would be realy bad to be banned with some private stuff just because they updated warden to crc hole functions or something like that ^^
    I hacked 127.0.0.1

    ISXWarden fail implemetation
  2. #17
    layane1982's Avatar Member
    Reputation
    19
    Join Date
    Jun 2008
    Posts
    10
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Warden executes in a ring3 develop a ring0 kernel (for the moment), develop a antihook ring0 isn't a trivial task, sometimes ago Dark_Mage- wrote a good article about evading game detections in ring3, stealth is posible, not easy but posible). Good luck Xarg0!!

    And the article for you : Evading Hack Detection Mechanisms In Online Games

  3. #18
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by layane1982 View Post
    Warden executes in a ring3 develop a ring0 kernel (for the moment), develop a antihook ring0 isn't a trivial task, sometimes ago Dark_Mage- wrote a good article about evading game detections in ring3, stealth is posible, not easy but posible). Good luck Xarg0!!

    And the article for you : Evading Hack Detection Mechanisms In Online Games
    You can bypass Warden from ring3. Just hook the scanning function. Dll injection ftw.

    Originally Posted by Xarg0 View Post
    But I want to write scanned memory reagions, for the sake of beeing "warden update" safe I'd even hide patches that aren't scanned, cause it would be realy bad to be banned with some private stuff just because they updated warden to crc hole functions or something like that ^^
    You can be 'warden update' safe from ring3 with a function hook.


  4. #19
    Xarg0's Avatar Member
    Reputation
    61
    Join Date
    Jan 2008
    Posts
    389
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You're right Cypher, it's hell easier to hook the Scann function of Warden instead of building a memorycloak driver that redirects memory acces to faked memory pages, but there's already such a driver for winxp sp2 so I'll just try if it works, still I don't have the stupid WDK because you can't resume the f***** download >.< f*** you Microsoft I hate you!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Btw this thread was about a failed isxwarden, so we should talk about how to implement a working one, yet I don't care if there ever will be a new working isxwarden since I wont subscribe to Innerspace anyways :-)
    I hacked 127.0.0.1

  5. #20
    layane1982's Avatar Member
    Reputation
    19
    Join Date
    Jun 2008
    Posts
    10
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Shynd's lib is a dll cloaker that hooks api reading memory functions and unlink dll from modules list, so the api hook fail. hook warden internal functions bad idea. unload warden from memory causes ban by server warden, perver isxwow code with codepervert (to avoid scanner signature) + change isxwarden.dll references to isxwdummy.dll into isxwow with a hexeditor to avoid check signatures of loaded modules... fail. I hate warden

  6. #21
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Xarg0 View Post
    You're right Cypher, it's hell easier to hook the Scann function of Warden instead of building a memorycloak driver that redirects memory acces to faked memory pages, but there's already such a driver for winxp sp2 so I'll just try if it works, still I don't have the stupid WDK because you can't resume the f***** download >.< f*** you Microsoft I hate you!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Btw this thread was about a failed isxwarden, so we should talk about how to implement a working one, yet I don't care if there ever will be a new working isxwarden since I wont subscribe to Innerspace anyways :-)

    As I have already pointed out, such a driver will not work correctly on multi-core or multi-processor systems unless you want to force feed WoW a new processor affinity. And even then you're stuck with lower performance and no working x64 anti-anti-cheat.

    Originally Posted by layane1982 View Post
    Shynd's lib is a dll cloaker that hooks api reading memory functions and unlink dll from modules list, so the api hook fail. hook warden internal functions bad idea. unload warden from memory causes ban by server warden, perver isxwow code with codepervert (to avoid scanner signature) + change isxwarden.dll references to isxwdummy.dll into isxwow with a hexeditor to avoid check signatures of loaded modules... fail. I hate warden
    Hooking Warden's internal functions is NOT a bad idea. I've been hooking them for months now. As long as you do its right you're fine. You don't need to use a DLL cloaker, or hook Windows APIs, or use ring0 drivers, or any of that bullshit.

    Two simple function hooks are all that's needed.

  7. #22
    Xarg0's Avatar Member
    Reputation
    61
    Join Date
    Jan 2008
    Posts
    389
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cypher I guess I'm forced to use a ring3 solution, because Microsoft wont let my download the WDK xD, I've got a realy bad Internet connection and you can't resume a download from microsoft after a dc, because they use some stupid ip bound session management on their page -.-
    @Microsoft Web Devs
    You Fail at coding for the internet, plx go kill yourself the world would be a better place without you...
    I hacked 127.0.0.1

  8. #23
    nexenx's Avatar Member
    Reputation
    1
    Join Date
    Sep 2008
    Posts
    23
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cool. Stuff.
    Last edited by nexenx; 09-29-2008 at 04:49 AM.

  9. #24
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its not really a matter of 'forced', it's the 'better' solution to begin with. It may need a tad more maintenance, but it will work on both x86 and x64, on multi-core processors, AND in Wine under Linux. I don't know about you but the advantages greatly outweigh the disadvantage(s) (is there more than one?).

    Besides, I had no problems downloading the WDK in chunks. I used a download manager and paused it half way through. You getting it through Microsoft Connect??

    Also. Nexenx. What the **** are you talking about? Please refrain from posting unless you have something of value to say.

  10. #25
    Xarg0's Avatar Member
    Reputation
    61
    Join Date
    Jan 2008
    Posts
    389
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes I get it from Microsoft Connect, but I had another Idea just now on how to hide from Warden, since I mainly use Linux I got wine, and I've seen some d3dhacks implementation for wine, so how about hiding your bot within wine :-), you can do stuff like you're in Windows Kernel Mode without going into ring0, by changeing the WineWinApi do to what you want it to do, it's like recompiling windows kernel and api *gg
    I hacked 127.0.0.1

  11. #26
    Cypher's Avatar Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sigh. You're still over complicating things. First of all, Warden checks to see if you're running Wine, I myself have witnessed it making the API calls to do so, andyou're not gaining any real advantage over Windows because all the APIs that you want to 'recompile' can be hooked from within windows anyway. Second of all, Warden doesn't check for D3D hooks so just because you saw a 'D3D Hack' doesn't mean a thing. Third of all, hooking two functions inside WoW.exe is all that's needed to bypass Warden and the login checksum, you're going way over the top.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Server connection failed!
    By dromeztah in forum World of Warcraft Emulator Servers
    Replies: 3
    Last Post: 10-08-2007, 03:38 PM
  2. How do you fix "The app failed to initialize properly(0xc0150002)"?
    By explode13 in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 08-30-2007, 07:34 PM
  3. My own try,failed...
    By Mysti- in forum WoW ME Questions and Requests
    Replies: 0
    Last Post: 07-20-2007, 11:51 PM
  4. funny failed backflips
    By Sacrifice in forum Screenshot & Video Showoff
    Replies: 0
    Last Post: 07-14-2007, 12:18 PM
  5. Few model changes. please help :) , tryed self and failed
    By luddo9 in forum WoW ME Questions and Requests
    Replies: 12
    Last Post: 07-04-2007, 12:32 PM
All times are GMT -5. The time now is 11:34 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search