Some Warden Info menu
Follow us:

Shout-Out

User Tag List

Results 1 to 7 of 7
  1. 05-16-2009 #1
    MartyT's Avatar
    MartyT
    MartyT is offline
    Active Member
    Reputation
    39
    Join Date
    Jan 2009
    Posts
    24
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Some Warden Info

    cWarden.h
    Code:
    #pragma once

class cWardenInterface
{
	private:
		virtual VOID GenerateRC4Keys() { }
		virtual VOID Unload() { }
		virtual VOID PacketHandler() { }
		virtual VOID TickCall() { }

		BYTE _1[0x10];//0x04
		cWarden* aWarden;//0x14 has to be defined as pointer, otherwise the compiler troubles..

	public:
		cWarden* GetWarden() { return (cWarden*)&aWarden; }
};

class cWarden
{
	private:
		BYTE _1[0x214];//0x04 <- somewhere in here are the RC4 keys aswell..
		cWardenScanner* pcWardenScanner;//0x214

	public:
		cWardenScanner* GetScannerClass() { return this->pcWardenScanner; }
    cWardenMisc.h
    Code:
    #pragma once


class cWardenMisc
{
	private:
		virtual VOID Function1();
		virtual VOID Function2();
		virtual VOID Function3();
/*	Virtual Function Table
	03DF9298  80 60 DF 03 A0 21 DF 03  €`ß*!ß
	03DF92A0  20 1F DF 03               ß
*/
		cWarden* pWarden;//0x04
		DWORD _1[4];//0x08
		HMODULE hKernel32;//0x18
		FARPROC fpCreateToolhelp32Snapshot;//0x1C
		FARPROC fpModule32First;//0x20
		FARPROC fpModule32Next;//0x24
		BOOL bInitialized;//0x28
		BOOL bWine;//0x2C

		/*
		039208B0  98 92 DF 03 8C 00 92 03  ˜’ߌ.’
		039208B8  00 00 00 00 00 00 00 00  ........
		039208C0  00 00 00 00 00 00 00 00  ........
		039208C8  00 00 80 7C B7 47 86 7C  ..€|·G†|
		039208D0  D8 3E 86 7C 5D 40 86 7C  Ø>†|]@†|
		039208D8  01 00 00 00              ...
		*/
};
    cWardenScanner.h
    Code:
    #pragma once

// cWarden2 houses most detection mechanism.
class cWardenScanner
{
	private:
		virtual VOID Destructor() { }//0x00
		virtual DWORD GetModuleBase(CHAR* szName) { }//0x04
		virtual DWORD AddPtr(DWORD dwValue1, DWORD dwValue2) { }//0x08
		virtual BOOL GetMemory(LPVOID lpBuffer, DWORD _1, LPVOID lpSource, DWORD dwLen) { }//0x0C
		virtual VOID Function5() { }//0x10 ?
		virtual VOID Function6() { }//0x14 VirtualQueryLoop
		virtual VOID Function7() { }//0x18 VirtualQueryLoop 2
		virtual VOID Function8() { }//0x1C VirtualQueryLoop 3
		virtual VOID Function9() { }//0x20 GetProcAddress
		virtual VOID Function10() { }//0x24 Checks for JMP patches
		virtual VOID Function11() { }//0x28 QueryDosDevice
		virtual VOID Function12() { }//0x2c GetTickCount
		virtual VOID Function13() { }//0x30 /* NO CLUE */ Some kind of GetTickCount?
		virtual VOID Function14() { }//0x34 a initialize function it seems.

		DWORD _1;//0x04
		cWarden* pcWarden;//0x08
		DWORD _2;//0x08
		DWORD dwVirtualQueryLoopStartValue;//0x0C
		DWORD dwVirtualQueryLoopEndValue;//0x10
		DWORD _3;//0x14
		DWORD _4;//0x18
		DWORD _5;//0x1C
		DWORD _6;//0x20
		DWORD dwVirtualQueryLoopFixValue;//0x24
		DWORD _8;//0x28
		BYTE _9;//0x2C
		BYTE _10;//0x2D
		WORD _11;//0x2E
		DWORD _12;//0x30
		cWardenMisc* pcWardenMisc;//0x38
	/*
	Virtual Functions:

	037D9224  EA 21 7D 03 7E 68 7D 03  ê!}~h}
	037D922C  80 58 7D 03 3B 31 7D 03  €X};1}
	037D9234  35 1A 7D 03 63 1B 7D 03  5}c}
	037D923C  EF 71 7D 03 19 69 7D 03  ïq}i}
	037D9244  98 38 7D 03 46 33 7D 03  ˜8}F3}
	037D924C  88 68 7D 03 10 56 7D 03  ˆh}V}
	037D9254  CA 1D 7D 03 35 19 7D 03  Ê}5}*/

		/*
		Warden2 Class Memory Dump
		-------------------------
03920868  24 92 DF 03 8C 00 92 03  $’ߌ.’
03920870  00 00 00 00 00 10 00 00  .......
03920878  00 00 01 00 FF FF FE 7F  ...ÿÿþ
03920880  03 00 00 00 02 00 00 00  ......
03920888  4A 02 00 00 00 00 01 00  J.....
03920890  06 00 06 17 00 01 00 00  ....
03920898  05 00 00 00 01 00 00 00  ......
039208A0  B0 08 92 03 00 00 00 00  °’....
039208A8  38 00 04 00	
		*/

	public:
		cWardenMisc* GetWardenMisc(VOID) { return this->pcWardenMisc; }
}
    Information was gathered from Diablo 2 Warden Modules, WoW Warden modules have a few more entries in the Scanner-Function table. Hope this helps.
    Reply With Quote Reply With Quote
    Some Warden Info
  2. 05-16-2009 #2
    MartyT's Avatar
    MartyT
    MartyT is offline
    Active Member
    Reputation
    39
    Join Date
    Jan 2009
    Posts
    24
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Harko View Post
    current D2 modules are one update behind WoW. This will change for sure with the 1.13 patch.

    In the new WoW modules the memory scan is sorted out into a seperated class and called differently. This was an anti lag approch since many people complained about lag spikes.
    Interesting, thanks for the information!
    Reply With Quote Reply With Quote
  3. 05-16-2009 #3
    RobinLD's Avatar
    RobinLD
    RobinLD is offline
    Member
    Reputation
    13
    Join Date
    Sep 2008
    Posts
    21
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow this all looks interesting, +rep to help get you out of leecher status as its obvious your not, also for the info may it be extremely useful or not
    Reply With Quote Reply With Quote
  4. 05-16-2009 #4
    LegacyAX's Avatar
    LegacyAX
    LegacyAX is offline
    Active Member
    Reputation
    21
    Join Date
    Apr 2009
    Posts
    193
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Very good analysis, Some nice info to look at . +Rep for your time.
    Reply With Quote Reply With Quote
  5. 05-17-2009 #5
    kynox's Avatar
    kynox
    kynox is offline
    Member
    Reputation
    830
    Join Date
    Dec 2006
    Posts
    888
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice work. You're definitely in the right direction!
    https://blog.kynox.org/
    Reply With Quote Reply With Quote
  6. 05-17-2009 #6
    dekz's Avatar
    dekz
    dekz is offline
    Member
    Reputation
    5
    Join Date
    Jan 2008
    Posts
    37
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks MartyT and harko
    Reply With Quote Reply With Quote
  7. 05-17-2009 #7
    Bacanze's Avatar
    Bacanze
    Bacanze is offline
    Member
    Reputation
    3
    Join Date
    May 2009
    Posts
    20
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thankyou for posting this.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Have some account info.
    By Teh_Homer in forum World of Warcraft General
    Replies: 2
    Last Post: 11-10-2007, 03:37 PM
  2. I need some better info for my computer upgrade.
    By Wheeze201 in forum Community Chat
    Replies: 0
    Last Post: 06-07-2007, 07:43 PM
All times are GMT -5. The time now is 01:08 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search