Warden - OS X Mach-O Modules here menu
Follow us:

User Tag List

Results 1 to 4 of 4
  1. 06-24-2010 #1
    Tanaris4's Avatar
    Tanaris4
    Tanaris4 is offline
    Contributor Authenticator enabled
    Reputation
    148
    Join Date
    Oct 2008
    Posts
    646
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Warden - OS X Mach-O Modules here

    All-

    Just thought I would post this for those that are curious, I was able to hook the function that actually loads the mach-o module into memory and then write it to a file.

    There are two modules that are streamed when you login, the first is the smaller one (ending in 0x620 then about 2-5 seconds later you're sent another module (0x742. Interestingly enough I was able to hook the function that starts to load the module, detour it, return 1 w/o calling it (so the module isn't loaded) - and I could stay logged in for 5 minutes before they would log me out If only it had been that simple hah!

    Here are the 2 modules: http://dump.ifeedr.com/warden_machO_binaries.zip IDA parses them fine, but don't forget to run the python script to fix some of the function declarations here: http://dump.ifeedr.com/idaConvertFunctions.py

    Hopefully someone will find this interesting I'm still trying to figure out wtf is going on w/in the modules. Annoyed I can't use GDB anymore /cry

    Enjoy!!
    https://tanaris4.com
    Reply With Quote Reply With Quote
    Warden - OS X Mach-O Modules here
  2. 06-24-2010 #2
    DrGonzo's Avatar
    DrGonzo
    DrGonzo is offline
    Contributor
    Reputation
    145
    Join Date
    Jun 2009
    Posts
    132
    Thanks G/R
    0/60
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Dumped warden module from PC and cleaned up IDA DB of it.
    http://rapidshare.com/files/403847794/warden.idb.html
    http://rapidshare.com/files/403847795/warden.bin.html

    edit: re-up'd again
    Last edited by DrGonzo; 06-29-2010 at 10:43 AM.
    Reply With Quote Reply With Quote
  3. 06-29-2010 #3
    garoboldy's Avatar
    garoboldy
    garoboldy is offline
    Contributor
    Reputation
    123
    Join Date
    Aug 2007
    Posts
    407
    Thanks G/R
    0/0
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Send a message via MSN to garoboldy Send a message via Yahoo to garoboldy
    can you re-up these again. the limit has been reached. I have free time today to mess with this at the office so if you get a chance I'd appreciate it.
    Reply With Quote Reply With Quote
  4. 06-29-2010 #4
    DrGonzo's Avatar
    DrGonzo
    DrGonzo is offline
    Contributor
    Reputation
    145
    Join Date
    Jun 2009
    Posts
    132
    Thanks G/R
    0/60
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Done. [filler]
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Looking for warden modules from 1.12.1
    By namreeb in forum WoW Memory Editing
    Replies: 12
    Last Post: 05-02-2012, 02:24 AM
  2. [Tool] Warden TCK module timer and AKP timer delay for packet scans
    By Skuddle in forum World of Warcraft Bots and Programs
    Replies: 33
    Last Post: 08-31-2010, 05:23 PM
  3. Guide - Saving the warden modules (Mac only)
    By Tanaris4 in forum WoW Memory Editing
    Replies: 0
    Last Post: 06-25-2010, 02:40 PM
  4. Warden - What is the module compression method?
    By Tanaris4 in forum WoW Memory Editing
    Replies: 1
    Last Post: 06-23-2010, 11:09 PM
All times are GMT -5. The time now is 12:44 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search