3.0.8 Addresses , Few useful things :)

[Cypher]

theres more to the memory editing section then covering read-only memory? thanks for that sherlock i wasn't aware. if your paranoia of warden is so great that you feel you'd be better off entirely ignoring read-only modifications based on the idea that they *might* add something new then you simply shouldn't bother.


worry about it when it does happen not whether its going to.

Are you really that stupid? When it does happen it's too late to "worry", you're already burned. You have to worry preemptively, if you worry after the fact you're just wasting time. Its obvious you have zero experience on either side of the anti-cheat fence. Do you even think before you post?

Its hardly "paranoia" to be worried about warden updates, they happen on a regular basis. Heck, just look at how the code kynox's tool was modifying got added to the list.

Fact:
Warden gets regular updates.
Warden gets new features in some of these updates.
Warden updates are pushed without notice and can happen at any time.
There is no 100% foolproof way to catch these warden updates and check for new features in a generic manner.

Now, given the above facts (if you disagree about them being facts I would love to hear your reasoning -- i need a good laugh) would you really define worrying about warden as "paranoia"? Lets review:

"Paranoia is a disturbed thought process characterized by excessive anxiety or fear, often to the point of irrationality and delusion. ..."
Paranoia - Wikipedia, the free encyclopedia

" • noun 1 a mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance. 2 unjustified suspicion and mistrust of others."
Oxford Online UK Dictionary

Hrm.... Disturbed? Nope. Irrational? Nope. Deluded? Nope. Unjustified? Definitely not.

No I don't think I suffer from "Warden paranoia".

I love how I outlined the two main ways for them to catch hackers and challenged you to name some of the other "retardedly large" ways they could catch hackers yet you conveniently missed replying to that part. Couldn't think of a decent reply? Hardly surprising.

No you shouldn't go totally overboard worrying about stuff that will probably never get added. But for things that would be perfectly logical to implement and would be very smart for blizzard to implement, I would definitely advocate the use of caution and some thought.

Why should I "not bother" with WoW hacking if I want to try and keep my account safe. I have no problem ****ing with read-only mem on trials, emulated servers, ptrs etc, but I'd rather keep my main unbanned. Also, there is still a LOT of hacks you could implement using only function calls (with anti-stack trace code if you feel it necessary) and modifications of heap and .data memory. Not only that, but if you throw reasonable API hooks into the mix (stuff AV and IM software would also hook so as to stay innocuous) you could whip up some pretty awesome hacks (hint: Winsock APIs).

You're obviously clueless. Go back to playing with CE so the big boys can talk now.

[Sychotix]

lol Cypher there's no reason to even argue with him =P you obviously know more than him about warden and its workings.

And to arigity, hes right. Warden is downloaded (i think its either upon character login, or upon server selection) without you knowing at all... try attaching a debugger to wow.exe before you login. You will see all the modules load, and during one of the times mentioned above, it will pause saying a new module has loaded. I wonder what that could be? =P

And as to worrying about Warden... its so shitty that I have never worried about it. If i were to run into one of the features that were hashed/crc'ed, you could just simply put a code cave and warden will never know the difference. Another possible way that may work (if you were someone able to find a static location of warden (through pointers of course), you could possibly redirect its scanning to a virtual memory file (I think that's what they are called). People used to do to bypass GameGuard. Of course those methods arn't foolproof as Cypher said, because they can update at any time...

[arigity]

Are you really that stupid? When it does happen it's too late to "worry", you're already burned

your right, obviously theres no way to check whether or not wardens scans for any modifications you may make. certainly actually looking doesn't help.

Do you even think before you post?

why would i wanna do that? its so much funner to simply say whats on my mind.

Its hardly "paranoia" to be worried about warden updates, they happen on a regular basis. Heck, just look at how the code kynox's tool was modifying got added to the list.

because kynox's code was so secretive amirite, theres no way blizzard should have been able to find what was modified in wow :O

"Paranoia is a disturbed thought process characterized by excessive anxiety or fear, often to the point of irrationality and delusion. ..."

the wardenz are gonna getcha!

I love how I outlined the two main ways for them to catch hackers and challenged you to name some of the other "retardedly large" ways they could catch hackers yet you conveniently missed replying to that part. Couldn't think of a decent reply? Hardly surprising.

convenience is a matter of perspective. i challenge you to name me every country in the world, go.

No you shouldn't go totally overboard worrying about stuff that will probably never get added. But for things that would be perfectly logical to implement and would be very smart for blizzard to implement, I would definitely advocate the use of caution and some thought.

if it is both entirely logical and incredibly easy as you so boldly pointed out then it should have been done already, as it hasn't its clear either blizzard just doesn't care or your logic is wrong.


it's not that blizzard can't detect what you do, its that they aren't. not taking advantage of something like that is pointless. enjoy what you've got while you've got it.

You're obviously clueless. Go back to playing with CE so the big boys can talk now.

but playing with you is so much funner.

[Sychotix]

your right, obviously theres no way to check whether or not wardens scans for any modifications you may make.

Wrong.

/filler

[arigity]

sarcasm not your strong point huh?

[Sychotix]

and reading isn't yours huh? Hes basically telling you that warden can update at any point and time, and no way is foolproof. How do you plan on finding out if warden is scanning for your memory edits if they stop (or detect) all reading/writing of memory?

EDIT: anyways, enough flamming. back on topic please.

/leaves it to Cypher

[arigity]

How do you plan on finding out if warden is scanning for your memory edits if they stop (or detect) all reading/writing of memory?

gee i dunno. how could someone possibly go about finding out if somethings detected if everything is detected?

[Cypher]

and reading isn't yours huh? Hes basically telling you that warden can update at any point and time, and no way is foolproof. How do you plan on finding out if warden is scanning for your memory edits if they stop (or detect) all reading/writing of memory?

EDIT: anyways, enough flamming. back on topic please.

/leaves it to Cypher

YAAAAY! SOMEONE WHO CAN READ!!!!!

Apparently arigity has the power of time-travel so I guess that's something he doesn't have to worry about.

"Oh noez they've added that new feature and I got banned. Oh well, time to go backwards in time and fix my code so I can undo all those bans."

[arigity]

common sense and a few precautions > time travel. besides that blizzard COULD add a time-space-continuum module on warden to monitor for time travel, best be on the safe side and not try it.

where is that list of every single country in the world?

[Cypher]

common sense and a few precautions > time travel. besides that blizzard COULD add a time-space-continuum module on warden to monitor for time travel, best be on the safe side and not try it.

where is that list of every single country in the world?

I never said I had a list of every single country in the world so I don't know what you're trying to prove. You on the other hand DID say there were a "retardedly large" number of ways Blizzard could detect "lolhax". I named two and you didn't even name another ONE. Fail noob is fail.

Common sense and a few precautions... Hrm.. That sounds like WHAT I WAS OUTLINING YOU RETARD.

I love how now that you know you've been totally owned you've resorted to sarcastically interpreting parts of my post as literally as possible to distract from the fact you don't actually have a real comeback or response. Bravo dumbass.

Then again, I can understand how someone who has zero understanding of anti-cheat software except to the extent of copy-pasta could think along the same lines you do. Things like stack traces, read-only memory hashing, etc would most likely seem like black magic to someone who didn't even know what a VMT is (for anyone who is confused by this reference I have reproduced a snippet of a post from the Deathsoft forums below).

"i labeled them constants, because they were always in the specific object and always at the start. didn't know about the vmt. i thought i was missing one. i'll get object later."

He was referring to the VMT pointer. quod erat demonstrandum

[arigity]

I never said I had a list of every single country in the world so I don't know what you're trying to prove. You on the other hand DID say there were a "retardedly large" number of ways Blizzard could detect "lolhax". I named two and you didn't even name another ONE. Fail noob is fail.

so... what your saying is you can't name every single country? hrmm. obviously then they must not exist except for the ones you can name.

edit: i'll just leave this here http://dictionary.reference.com/browse/metaphor

I love how now that you know you've been totally owned you've resorted to sarcastically interpreting parts of my post as literally as possible to distract from the fact you don't actually have a real comeback or response. Bravo dumbass.

i was being totally serious. blizzard COULD start monitoring for time travel in warden, you never know!

p.s. take what you just said, apply it to your previous post, and then consider ritual suicide to please the wardenz.

Then again, I can understand how someone who has zero understanding of anti-cheat software except to the extent of copy-pasta could think along the same lines you do. Things like stack traces, read-only memory hashing, etc would most likely seem like black magic to someone who didn't even know what a VMT is (for anyone who is confused by this reference I have reproduced a snippet of a post from the Deathsoft forums below).

"i labeled them constants, because they were always in the specific object and always at the start. didn't know about the vmt. i thought i was missing one. i'll get object later."

witchcraft, the lot of it! i suppose you walked into C++ automatically knowing everything did you? that must have been some accomplishment.

since you clearly have no greater argument on your side than pointing out an unrelated post made months ago i suggest you go back to the debate club at your local middle school to try and get some pointers.

He was referring to the VMT pointer. quod erat demonstrandum

Vi Veri veniversum vivus vici

C wut i did thar?

[Cypher]

so... what your saying is you can't name every single country? hrmm. obviously then they must not exist except for the ones you can name.

edit: i'll just leave this here metaphor definition | Dictionary.com



i was being totally serious. blizzard COULD start monitoring for time travel in warden, you never know!

p.s. take what you just said, apply it to your previous post, and then consider ritual suicide to please the wardenz.



witchcraft, the lot of it! i suppose you walked into C++ automatically knowing everything did you? that must have been some accomplishment.

since you clearly have no greater argument on your side than pointing out an unrelated post made months ago i suggest you go back to the debate club at your local middle school to try and get some pointers.




Vi Veri veniversum vivus vici

C wut i did thar?

I don't have any greater argument on my side? You're still not understanding this "reading" thing are you? Granted you like to ignore half my post when you quote me so that's probably where the missed steps in logic are.

Disappointing you're still not willing to actually address any of my concerns (the ones you claim don't exist). To make it easy I'll give you a list:

* Name me some of the other ways Blizzard could implement anti-cheat detection both efficiently and easily (apparently there's a 'retardedly large' number, but because I know how to read I know that's hyperbole and as such just a handful will do).
* Elaborate on "if you were that were about warden you really ought not to be in the memory editing section". I pointed out that there is more to 'memory editing' than read-only memory (which is what you complained about), then you turned around and said you already knew that. Well if thats the case, what was your complaint? Why should I not be here?
* Outline how avoiding the two main anti-cheat methods Blizzard could use does not constitute "common sense and a few precautions", yet totally ignoring the issue until its too late does. Furthermore, explain why doing the former constitutes "paranoia".
* Explain how you would account for warden updates (which seems to be your solution to new things being detected) given the fact Warden is polymorphic and updates can be pushed at any time.

Last I looked I didn't claim to know all of C++ when I walked into it, far from it given I like to read about programming and am constantly learning new things, but given virtual methods (or the equivalent) are one of the building blocks for all object-oriented languages I would expect someone claiming at least basic knowledge to be aware of their existence. And furthermore, someone who is claiming to know about reversing to know about their implementation. Its all pretty basic stuff.

Its really quite amusing how pathetic your posts are getting, frankly I'm starting to feel sorry for you.

[arigity]

I don't have any greater argument on my side? You're still not understanding this "reading" thing are you? Granted you like to ignore half my post when you quote me so that's probably where the missed steps in logic are.

i responded to every part of your post whereas you only responded to half of mine, convenient no?

* Name me some of the other ways Blizzard could implement anti-cheat detection both efficiently and easily (apparently there's a 'retardedly large' number, but because I know how to read I know that's hyperbole and as such just a handful will do).

let me simplify, your lack of ********** must be making my simple metaphor seem overly complicated.

i have no list of every possible method of anti-cheat detection because no-such list exists, this does not mean however that the methods themselves are non-existent.

i am no expert in the field of catching cheaters and as such i can't name half of the methods there might be off the top of my head, however if you think that hashing memory regions and stack traces are the only decent ways of anti-cheat detection go back to runescape where you belong.

* Elaborate on "if you were that were about warden you really ought not to be in the memory editing section". I pointed out that there is more to 'memory editing' than read-only memory (which is what you complained about), then you turned around and said you already knew that. Well if thats the case, what was your complaint? Why should I not be here?

and i already elaborated. see my previous posts or gtfo with your fail.

* Outline how avoiding the two main anti-cheat methods Blizzard could use does not constitute "common sense and a few precautions", yet totally ignoring the issue until its too late does. Furthermore, explain why doing the former constitutes "paranoia".

metaphor time. wear a condom or abstinence? which ones better.

avoiding something entirely does not constitute as either common nor precaution. it is paranoia because your only reason for such a step is the basis that something drastic may or may not happen based on whether or not a company may or may not decide to implement a new feature in warden.

their is always a risk when cheating, nothing you do can be 100% safe and as such avoiding one thing because of this while not the other constitutes paranoia.

2. baseless or excessive suspicion of the motives of others.

* Explain how you would account for warden updates (which seems to be your solution to new things being detected) given the fact Warden is polymorphic and updates can be pushed at any time.

are you implying that if warden started hashing the entire section it would be unduly hard to find out so based on the fact that it can happen at any time? wardens not gonna update for 5 seconds just when you decide to modify something then ban you and revert back so you'll never know when it will happen.

Last I looked I didn't claim to know all of C++ when I walked into it,

what a coincidence neither did I!

far from it given I like to read about programming and am constantly learning new things, but given virtual methods (or the equivalent) are one of the building blocks for all object-oriented languages I would expect someone claiming at least basic knowledge to be aware of their existence.

and i have since taken time out of my busy-busy schedule to take a look at it.

And furthermore, someone who is claiming to know about reversing to know about their implementation. Its all pretty basic stuff.

oh? i guess its my turn to ask where you got that claim from. or did you pull it out your ass like all your other arguments?

Its really quite amusing how pathetic your posts are getting, frankly I'm starting to feel sorry for you.

odd, i was just going to say the same about you... your posts seem to move in a circular motion starting with a "no your wrong" then elongating the conversation towards every single aspect that you might think you can win at. its kinda funny really cuz your arguments fail and your reasoning is based upon next to nothing.


put up or shut up cypher, you've got no reasonable basis for your points and as such resort to skirting around the well-based arguments i provide to simply re-affirm what you have stated previously. i take back what i said, an elementary school debate club might suit you far better. you fail.

[Cypher]

i responded to every part of your post whereas you only responded to half of mine, convenient no?

Convenient? Try 'incorrect'.

Here you are:
http://www.mmowned.com/forums/wow-me...ml#post1347064

Also, the parts I ignored were ignored because they were irrelevant. eg. Pedantic grammatical complaints, silly issues such as 'time travel [monitoring] in warden', incorrect usage of memes (the latin you used was irrelevant, the latin I used is commonplace when demonstrating a point, so no I don't see what you did there, I used a relevant phrase that is in commonplace use, you on the other hand dug up something from an irrelevant piece of literature. i assume you thought you were funny but infact you just looked stupid)

let me simplify, your lack of ********** must be making my simple metaphor seem overly complicated.

i have no list of every possible method of anti-cheat detection because no-such list exists, this does not mean however that the methods themselves are non-existent.

i am no expert in the field of catching cheaters and as such i can't name half of the methods there might be off the top of my head, however if you think that hashing memory regions and stack traces are the only decent ways of anti-cheat detection go back to runescape where you belong.

1. I never asked you to post such a list, I asked for a handful at most, one or two at the least.
2. I never said you were an expert, but SOME knowledge would probably be helpful given you're arguing against someone who DOES have that knowledge.
3. I never said that hashing memory reigions and stack traces are the ONLY decent ways to implement AC detection, I said they would be the easiest ways for them to generically catch cheaters.

So let me get this straight. You're by your own admission not exactly experienced in this field, demonstrated by the fact you couldn't name a single method on top of what I already provided to detect cheaters generically, yet I'm somehow stupid (implied from the runescape comment) for stating those original two, even though I never qualified them as the be-all and end-all, but rather as "primary ways I see them adding better generic (generic being the key) cheat detection".

It seems your only real argument there was that I "missed my **********" and "play runescape". Both of which are incorrect. I do not take **********, and I do not play runescape. Kinda pathetic to see you grasping at irrelevant (and incorrect) stereotypes due to the fact you've run out of actual points or counter-points.

and i already elaborated. see my previous posts or gtfo with your fail.

Oh? Could you please direct me to the posts where you:
a) Outline the other ways you'd detect cheaters generically (oh wait you admitted you can't)
b) Explain why I should get out of the memory editing section just because I pointed out that if warden is a concern you probably shouldn't be modifying read-only memory (oh wait, thats right, its because theres a "retardedly large" amount of ways they could add new anti-cheat to detect you, but as stated in 'a', you can't name any)
c) Outline why avoiding the two main anti-cheat methods they could implement (and the only ones you know of or could thinkg of) doesn't consitute common sense yet sinking your head in the sand till after the fact does (oh wait thats right, because apparently "wardens not gonna update for 5 seconds just when you decide to modify something then ban you and revert back so you'll never know when it will happen.", see below for why that makes no sense)
d) Explain how you would account for the warden updates so you don't just get ****ed and have to deal with it after the fact (oh wait thats impossible)

metaphor time. wear a condom or abstinence? which ones better.

avoiding something entirely does not constitute as either common nor precaution. it is paranoia because your only reason for such a step is the basis that something drastic may or may not happen based on whether or not a company may or may not decide to implement a new feature in warden.

their is always a risk when cheating, nothing you do can be 100% safe and as such avoiding one thing because of this while not the other constitutes paranoia.

2. baseless or excessive suspicion of the motives of others.

Actually for you it seems to be incorrect metaphor time. Let me help you out.

The choice is not between two methods of before-the-fact protection. Rather, I'm advocating the use of a condom where its appropriate, and abstinence where it might be too dangerous even for a condom to be safe. The choice is more along the lines of a choice between protection + common sense and just going in without any protection or forethought at all.

Just because something isn't 100% safe doesn't mean you can't make it safer. Heck, lets use your original analogy. I assmue you were advocating the condom? Great choice! Is it 100% safe? No! I never stated there was a 100% safe method to protect yourself, but just because you can't guarantee safety doesn't mean there isn't anything you can do to improve your odds.

Furthermore, its not some arbitrary decision that you don't have any grounds to base a conclusion off. Blizzard have recently been tightening their anti-cheat code and adding new detection for things. Granted, you may not be privy to some of the details, but rest assured Blizzard is getting sneakier and better at detecting cheaters. Take the previous ISXWoW banwave for example, that happened because an encrypted code stub was placed in WoW that would be decrypted at runtime using a key sent from the server whenever the user performed a certain interface action or a certain packet was sent from the client (I forget the trigger). The key and the rest of the payload was tagged onto the that already existing packet (so it didn't trip any checks for new opcodes added which is common practice among the emulation community). The code stub was decrypted and executed, and the client would send back whether ISXWoW was detected (it was detected via a code hook on the function that checks the pointer boundaries for callback functions).

Given that Warden is being improved (other improvements have been made over time) I fail to see how its "paranoid" to expect more improvements to be in the works. Heck, even serverside improvements are being tested as was evident on the PTRs with the speedhack checks, jump height checks, fall height checks, etc.

The suspicions are based on the fact that checking the two things I outlined would be a great way to detect cheaters and Warden/Blizzard has/have been getting more aggressive as of late. Hardly baseless.

Also, what are you so against? Avoiding stack traces isn't going to stop you from doing anything you couldn't already, it will just make you safer. Yes avoiding read-only memory mods has downfalls, but they're only huge if you're writing hacks, if you're writing a bot you CAN implement an ISXWoW equivalent (and better) with zero code hooks.

are you implying that if warden started hashing the entire section it would be unduly hard to find out so based on the fact that it can happen at any time? wardens not gonna update for 5 seconds just when you decide to modify something then ban you and revert back so you'll never know when it will happen.

No, I'm implying/stating that protection for such a check needs to be preemptive, because if an update gets pushed mid-patch and you're already logged in at the time you will have a very high chance of being banned (given warden scans are done every 15s).

I never said it would revert back... I don't know whether you don't know how to read or just like to make crap up but I suggest you follow closely.

Steps:
1. User logs on with a currently undetected hack, implemented by avoiding static scan locations.
2. User plays for an irrelevant amount of time.
3. During this playtime a warden update is pushed and the user is one of the computers who recieves a variant of the new strain.
4. Within minutes the user will most likely be detected as a cheater and get banned.

Because the user is already banned its too late to update the software to avoid the ban, the ban has already happened. If you preemptively protected from such an attack though you would most likely not be banned in such a scenario (which is quite common). I would rather err on the side of safety when dealing with code you don 't have control over.

what a coincidence neither did I!

and i have since taken time out of my busy-busy schedule to take a look at it.

Good for you. But given you're still grappling with the basics, is it really a good idea to get into an argument on one of the much more advanced topics? My guess would be no given you would probably look like a huge idiot. (You have amply demonstrated the accuracty hypothesis)

oh? i guess its my turn to ask where you got that claim from. or did you pull it out your ass like all your other arguments?

Your claims about knowing about reversing is implied by the fact you're arguing with me about a topic specifically related to reversing. No intelligent person would enter into an argument if they didn't have knowledge of the subject matter. Then again, given your knowledge of the subject matter seems to be minimal at best I'm doubting your intelligence more and more.

Also, I'm not pulling stuff from my 'ass'. How about you recap your posts where you throw unfounded (oh hey! the word 'baseless' comes to mind!) insults which are neither correct nor relevant.

odd, i was just going to say the same about you... your posts seem to move in a circular motion starting with a "no your wrong" then elongating the conversation towards every single aspect that you might think you can win at. its kinda funny really cuz your arguments fail and your reasoning is based upon next to nothing.

put up or shut up cypher, you've got no reasonable basis for your points and as such resort to skirting around the well-based arguments i provide to simply re-affirm what you have stated previously. i take back what i said, an elementary school debate club might suit you far better. you fail.

No reasonable basis? How about rather than just asserting things like you have been doing, you back them up like I've been doing. I've provided examples of things that have actually happened, examples of actual methods employed by most advanced anti-cheat software, information on the workings of warden and parts of its history, etc. You on the other hand feel its adequate to just assert that something is right/wrong without actually providing any evidence or debunking any of the alledged innacuracies.

How about you put out or get out. Put out some actual information rather than just employing sarcasm, metaphor, or other literary techniques to mask your lack of actual logic and arguments.

[Gamer]

Oh damn, when Cypher gets into an argument, he doesn't do a half-assed job

Steps:
1. User logs on with a currently undetected hack, implemented by avoiding static scan locations.
2. User plays for an irrelevant amount of time.
3. During this playtime a warden update is pushed and the user is one of the computers who recieves a variant of the new strain.
4. Within minutes the user will most likely be detected as a cheater and get banned.

One question I had about detecting Warden updates before you can be banned (seeing as this thread is already massively derailed) is Glider's tripwire. If I'm not mistaken (which I may well be) this scans for updates in Warden, so in the above scenario, the user would be logged off before a ban can occur.

Couldn't this or something similar be used to provide failsafe anti-warden protection?

*erects anti-flame shield*