[WoW][Warden] Watched Address List - Including Length & Bytes!

[dbalauca]

I don't understand. What's with that list ?

[draco1219]

Just a quick question about warden.

These memory addresses, are they "watched" for writes only? Would reading these locations also trigger warden?

Thanks!

[amadmonk]

Warden scans and sends a hash of the contents of those regions. AFAIK, any modification will trigger a DC, and possibly an autoban. Someone who knows more about the Warden signature process correct me if I'm wrong, but I'm pretty sure that's the gist of it.

Reading the addresses shouldn't cause a problem (as there's no non-kernel way to reliably prevent you from reading memory, assuming you have sufficient privileges; every detection technique -- e.g. guard pages -- has a corresponding countermeasure -- e.g. VirtualProtect(Ex)).

[draco1219]

Thank you for the response amadmonk.

So would you agree with the statement that if you created a bot which never "wrote" to the memory space of WoW and only "read" and to cast spells and movement using keybd_event do you think I would be relatively safe? My intentions are not to publish my bot only use myself.

[MMOHelping]

This doesn't cover everything, there is also Patch Scans etc..

If your worried, easy way is just set a break point on it to find anything related.

[amadmonk]

It would be safer, since there wouldn't be any way they could use memory checksumming alone to catch you. Much more limited in what it could do, but safer. Still, I've been in-process botting for nearly two years and never been banned (or even questioned by a GM) since I don't farm/grind in populated areas, I don't exploit/hack, and I use all my own code (well except for snippets that I leeched from Apoc/Cypher/etc... but I use source code, not binaries).

When it comes to risk, nothing is 100% safe (even input events can be detected if you don't have a custom driver, since sending fake input sets a flag in the kernel that indicates that the input events are synthesized), but when your risk level drops low enough, it's not worth worrying any more.

Edit: edited to give credit where it's due.

[MMOHelping]

When it comes to risk, nothing is 100% safe (even input events can be detected if you don't have a custom driver, since sending fake input sets a flag in the kernel that indicates that the input events are synthesized), but when your risk level drops low enough, it's not worthy worrying any more.

100% correct :P

[draco1219]

It would be safer, since there wouldn't be any way they could use memory checksumming alone to catch you. Much more limited in what it could do, but safer. Still, I've been in-process botting for nearly two years and never been banned (or even questioned by a GM) since I don't farm/grind in populated areas, I don't exploit/hack, and I use all my own code (well except for snippets that I leeched from Apoc/Cypher/etc... but I use source code, not binaries).

Thanks again for the reply.

Can you please clarify what you mean by in-process botting? I'm guessing you mean injection. The only limit of my current bot is I can't move around as easily and I can't target.

My only option would be using injection and hooking the end scene and using CTM/Target. How do you get around warden since I'm sure it is protection the target address and CTM?

[!@^^@!]

Thanks again for the reply.

Can you please clarify what you mean by in-process botting? I'm guessing you mean injection. The only limit of my current bot is I can't move around as easily and I can't target.

My only option would be using injection and hooking the end scene and using CTM/Target. How do you get around warden since I'm sure it is protection the target address and CTM?

Any specific reason you don't just send the "Tab" button and check mem read your current target guid, rinse and repeat till you have targeted the desired guid/mob

[draco1219]

Any specific reason you don't just send the "Tab" button and check mem read your current target guid, rinse and repeat till you have targeted the desired guid/mob

Yes this is exactly what I do. I extended my target distance out to like 100yd, I cycle through everything until I get my desired target.

[amadmonk]

Thanks again for the reply.

Can you please clarify what you mean by in-process botting? I'm guessing you mean injection. The only limit of my current bot is I can't move around as easily and I can't target.

My only option would be using injection and hooking the end scene and using CTM/Target. How do you get around warden since I'm sure it is protection the target address and CTM?

Warden does not protect the target address (AFAIK) because it is dynamic -- nothing to hash against. And yes, I mean injected.

Edit: added AFAIK because I'm not 100% sure on this (I don't use the target GUID anyway). I recommend using LastTarget and switching it in to the Target with TargetLastTarget, or getting creative and using mouseover.

[!@^^@!]

Yes this is exactly what I do. I extended my target distance out to like 100yd, I cycle through everything until I get my desired target.

Fair enough, "I can't target" just made it sound like you hadn't thought of it

[DrakeFish]

(for a number of reasons including letting Blizzard know what we know, since we know for a fact that they read these forums).

I did get banned from wow for posting something here that was directly related to my account. They've been following my signature aswell to send me a link to my own youtube channel and everything to make me feel guilty.... And then they sent me a satisfaction survey for the help I received with my ban <3

[amadmonk]

I did get banned from wow for posting something here that was directly related to my account. They've been following my signature aswell to send me a link to my own youtube channel and everything to make me feel guilty.... And then they sent me a satisfaction survey for the help I received with my ban <3

Oh, how nasty. If you've got the technical knowhow, you should bot up a bunch of level 1 toons and spell out "Hi, John Smith!" (or whoever the CSRep was who banned you) in a major city.

[draco1219]

Warden does not protect the target address (AFAIK) because it is dynamic -- nothing to hash against. And yes, I mean injected.

In your opinion, since injection does raise the risk level. What do you primarily use it for? As far as I can tell, CTM is a big one and casting spells by ID.

Is there anything else that is worth using injection for?

Thanks again guys!