[WoW][Warden] Watched Address List - Including Length & Bytes!

[jjaa]

I swear that a while back, Apoc threatened to insta-ban anyone who published this information (for a number of reasons including letting Blizzard know what we know, since we know for a fact that they read these forums). But I'm getting old and may have misremembered...

The bannable offense was if you leaked it from the elite section :P

This doesn't cover everything, there is also Patch Scans etc..

If your worried, easy way is just set a break point on it to find anything related.

what do you mean patch scan? scans that target specific well know bot/hacks hidden in patches?

Also warden has other scans too, module scans and file scans. Module scans iirc just scan for blacklisted dlls (also iirc warden does not use the PEB linked list of modules to look for dlls). File scans are used to check for model editing on blacklisted files.

[amadmonk]

In your opinion, since injection does raise the risk level. What do you primarily use it for? As far as I can tell, CTM is a big one and casting spells by ID.

Is there anything else that is worth using injection for?

Thanks again guys!

Simply put, *everything* is easier when injected, and there are some things that you simply cannot do out of process. I would not want to create a full-fledged bot out of process... too fragile, too slow, too limited.

I'm sure someone will leap in now and explain how their AutoIt bot powns everything etc. etc., but... you asked for my opinion

Also: please note that when you attach to the process and inject some ASM like BlackMagic or whatever, I consider that in-process -- since it is. "Out-of-process," to me, involves only passive methods -- memory reads and simulated input. As soon as you start running code in the target process, you're just as theoretically detectable as my code is.

[Flushie]

What is stored at these addresses? Is there some kind of use?

[-Ryuk-]

What is stored at these addresses? Is there some kind of use?

The only use is knowing that you should not touch them. Any modification will cause you to be banned.

[GameAssist]

Code:

#region Warden 
    //http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/317386-wow-warden-watched-address-list-including-length-bytes.html
    //28/01/11: 11:45 GMT
    class Warden
    {
        public uint offs;
        public uint lengh;
        public Warden(uint _offs, uint _l)
        {
            this.offs = _offs;
            this.lengh = _l;
        }
    }
    List<Warden> wardens = new List<Warden>() 
    { new Warden(0x90670, 0x9),
        new Warden(0x8F2E0, 0x9),
        new Warden(0x421EF4, 0x4),
         new Warden(0x55B2CD, 0xC),
         new Warden(0x39CAC4,0x7 ),
         new Warden(0x36F5BD, 0x6),
         new Warden(0x731728, 0x8),
         new Warden(0x39D8DE, 0x5),
         new Warden(0x557961, 0x6),
         new Warden(0x63D3D0, 0x9),
         new Warden(0x18600B, 0x4),
         new Warden(0x451070, 0xC),
         new Warden(0x8031BC, 0x8),
         new Warden(0x45D5, 0x5),
         new Warden(0x15A7E0, 0xB),
         new Warden(0x44C96E, 0x5),
         new Warden(0x185520, 0xA),
         new Warden(0xD490, 0x6),
         new Warden(0x2345B0, 0x8),
         new Warden(0x20F433, 0xB),
         new Warden(0x3A007E, 0x5),
         new Warden(0x1CEFCD, 0x7),
         new Warden(0x554A48, 0x9),
         new Warden(0x6D5EC0, 0x8),
         new Warden(0x15B1C2, 0x1),
         new Warden(0x283D08, 0x5),
         new Warden(0xD60C1, 0x8),
         new Warden(0x4547F8, 0x7),
         new Warden(0x17CF30,0x6 ),
         new Warden(0xC9F2A, 0x5),
         new Warden(0xD3B72,0x8 ),
         new Warden(0x35AC4, 0x7),
         new Warden(0x451540, 0x9),
         new Warden(0x4546B0,0xC ),
         new Warden(0x642B10, 0x9),
         new Warden(0x427072, 0x7),
         new Warden(0x8FE40, 0x9),
         new Warden(0x1BCA20, 0xA),
         new Warden(0x45ED, 0x6),
         new Warden(0x132A,0x6 ),
         new Warden(0x439BE6, 0x5),
         new Warden(0x1796D0, 0x9),
         new Warden(0x6DB944, 0x8),
    };    
    #endregion

public void Write(uint adres, byte[] b)
    {
        foreach (Warden w in wardens)
        {
            if (w.offs > (adres + b.Length) || (w.offs + w.lengh) < adres)
                continue;
            throw new Exception("WARDEN!!!");
        }

        Console.WriteLine("Write:" + string.Format("{0:x2}", adres));
        MEM.WriteBytes(handle, adres, b);
    }

[Cypher]

I did get banned from wow for posting something here that was directly related to my account. They've been following my signature aswell to send me a link to my own youtube channel and everything to make me feel guilty.... And then they sent me a satisfaction survey for the help I received with my ban <3

Doubt that, unless they REALLY have a hard-on for you. My accounts are all registered with my real name and address, and most of them are using emails which contain my 'handle'.

I happen to know that Lax (former maintainer of ISXWarden) also registered all his WoW accounts using his real details, which like mine are public knowledge (his name is Joe Thaler, it's posted on his website, just like mine is posted in my code, in my email sig, etc).

Heck, I even emailed the hacks team once to send them a 'tip', and that was from an email addressed registered to one of my accounts, and the email header contained my real name (also tied to my accounts). Not to mention I explicitly stated who I was and listed all my handles.

My accounts have also been reported at least a dozen times for various hacking offenses, but I'm yet to receive a ban or any contact from GMs. Unless they 'catch you in the act' they don't seem to do anything. I was speedhacking around various zones farming herbs, face-raping people in STV by clipping through walls and spamming spells from underneath terrain, etc etc. Basically just being a huge *******.

Honestly I think you're just either really unlucky, or you did something extraordinarily stupid, caus I hacked on my accounts all the ****ing time.

Simply put, *everything* is easier when injected, and there are some things that you simply cannot do out of process. I would not want to create a full-fledged bot out of process... too fragile, too slow, too limited.

I'm sure someone will leap in now and explain how their AutoIt bot powns everything etc. etc., but... you asked for my opinion

Also: please note that when you attach to the process and inject some ASM like BlackMagic or whatever, I consider that in-process -- since it is. "Out-of-process," to me, involves only passive methods -- memory reads and simulated input. As soon as you start running code in the target process, you're just as theoretically detectable as my code is.

Pfft, please. Nobody here with any credibility is going to jump in and defend AutoIt. The only person who might be able to pull that off is Malu, but even he knows and says that AutoIt sucks and that he just hasn't gotten around to learning a more appropriate language yet. Anybody else would just get torn to shreds because they'd obviously be retarded.

Code:

#region Warden 
    //http://www.mmowned.com/forums/world-of-warcraft/bots-programs/memory-editing/317386-wow-warden-watched-address-list-including-length-bytes.html
    //27.01.2011
    class Warden
    {
        public uint offs;
        public uint lengh;
        public Warden(uint _offs, uint _l)
        {
            this.offs = _offs;
            this.lengh = _l;
        }
    }
    List<Warden> wardens = new List<Warden>() 
    {
         new Warden(0x55B2CD, 0xC),
         new Warden(0x39CAC4,0x7 ),
         new Warden(0x36F5BD, 0x6),
         new Warden(0x731728, 0x8),
         new Warden(0x39D8DE, 0x5),
         new Warden(0x557961, 0x6),
         new Warden(0x63D3D0, 0x9),
         new Warden(0x18600B, 0x4),
         new Warden(0x451070, 0xC),
         new Warden(0x8031BC, 0x8),
         new Warden(0x45D5, 0x5),
         new Warden(0x15A7E0, 0xB),
         new Warden(0x44C96E, 0x5),
         new Warden(0x185520, 0xA),
         new Warden(0xD490, 0x6),
         new Warden(0x2345B0, 0x8),
         new Warden(0x20F433, 0xB),
         new Warden(0x3A007E, 0x5),
         new Warden(0x1CEFCD, 0x7),
         new Warden(0x554A48, 0x9),
         new Warden(0x6D5EC0, 0x8),
         new Warden(0x15B1C2, 0x1),
         new Warden(0x283D08, 0x5),
         new Warden(0xD60C1, 0x8),
         new Warden(0x4547F8, 0x7),
         new Warden(0x17CF30,0x6 ),
         new Warden(0xC9F2A, 0x5),
         new Warden(0xD3B72,0x8 ),
         new Warden(0x35AC4, 0x7),
         new Warden(0x451540, 0x9),
         new Warden(0x4546B0,0xC ),
         new Warden(0x642B10, 0x9),
         new Warden(0x427072, 0x7),
         new Warden(0x8FE40, 0x9),
         new Warden(0x1BCA20, 0xA),
         new Warden(0x45ED, 0x6),
         new Warden(0x132A,0x6 ),
         new Warden(0x439BE6, 0x5),
         new Warden(0x1796D0, 0x9),
         new Warden(0x6DB944, 0x8),
    };    
    #endregion

Wtf is the point of that? Are you actually using that list anywhere? (Like for example, in your memory writing routine, to ensure that you're not modifying in a 'flagged' address range)

Because your code in its current state accomplishes nothing...

[GameAssist]

...
Because your code in its current state accomplishes nothing...

lol that the unhealthy assaults - take it easy
I spent a lot of time to convert the first topic in a format that could be used in my Bot, and therefore published here, Yes I now use this array for each record in the memory.

Code:

 public void Write(uint adres, byte[] b)
    {
        foreach (Warden w in wardens)
        {
            for (int i = 0; i < w.lengh; i++)
                for (int a = 0; a < b.Length; a++)
                    if ((adres + a) == w.offs + i)
                        throw new Exception("WARDEN!!!");
        }

        Console.WriteLine("Write:" + string.Format("{0:x2}", adres));
        MEM.WriteBytes(handle, adres, b);
    }

Actually represented 40 positions do not check the range of CTM, and therefore completely useless to me

[Cypher]

lol that the unhealthy assaults - take it easy
I spent a lot of time to convert the first topic in a format that could be used in my Bot, and therefore published here, Yes I now use this array for each record in the memory.

Code:

 public void Write(uint adres, byte[] b)
    {
        foreach (Warden w in wardens)
        {
            for (int i = 0; i < w.lengh; i++)
                for (int a = 0; a < b.Length; a++)
                    if ((adres + a) == w.offs + i)
                        throw new Exception("WARDEN!!!");
        }

        Console.WriteLine("Write:" + string.Format("{0:x2}", adres));
        MEM.WriteBytes(handle, adres, b);
    }

Actually represented 40 positions do not check the range of CTM, and therefore completely useless to me

It wasn't an "unhealthy assault" it was an observation, and an accurate one at that. The code snippet in your previous post does 'nothing' (inb4nitpickers). That's just a fact...

Also, I asked whether or not you incorporated it somewhere in your write routine, all you had to say is "yes". Lol.

[Bananenbrot]

Actually, for all those 40 instances of 'Warden' with an estimated length of 6 bytes each, you get 960 checks for writing only 4 bytes...
Not very efficient for one of your core bot API's. You should use a range check instead, though I'm not sure if the compiler is able to optimize this away.
Nevertheless, not really a permission to write lazy code.

Wasn't meant to hack on you and your intention to share some code, only a thought while reading over it.

[-Ryuk-]

lol that the unhealthy assaults - take it easy
I spent a lot of time to convert the first topic in a format that could be used in my Bot, and therefore published here, Yes I now use this array for each record in the memory.

Code:

 public void Write(uint adres, byte[] b)
    {
        foreach (Warden w in wardens)
        {
            for (int i = 0; i < w.lengh; i++)
                for (int a = 0; a < b.Length; a++)
                    if ((adres + a) == w.offs + i)
                        throw new Exception("WARDEN!!!");
        }

        Console.WriteLine("Write:" + string.Format("{0:x2}", adres));
        MEM.WriteBytes(handle, adres, b);
    }

Actually represented 40 positions do not check the range of CTM, and therefore completely useless to me

This is pointless, A better way would be have a thread that checks for updated addresses, if n new addresses is found then shutdown wow and your bot instantly.
Although theres still no guarantee that you wont have already been detected.

It wasn't an "unhealthy assault" it was an observation, and an accurate one at that. The code snippet in your previous post does 'nothing' (inb4nitpickers). That's just a fact...

Also, I asked whether or not you incorporated it somewhere in your write routine, all you had to say is "yes". Lol.

I agree with you, your observation was an accurate one, and if he spent 'alot of time' writing that code, then something is seriously wrong.

Offtopic: Good to have you in my thread Cypher! :P

[GameAssist]

you get 960 checks for writing only 4 bytes....

Naturally this decision in the forehead, the writing of which took 5 min.
I checked the absence of me getting used KTM, calmed down and comment out this method until the next update of the first topic)

You should use a range check

This code is processed System.Diagnostics.Stopwatch.Elapsed.TotalMilliseconds = 0.0207 !!!

surely you are a great programmer familiar with sophisticated algorithms - teach me a fool - share range check code that is better to use in this case?

[MaiN]

Naturally this decision in the forehead, the writing of which took 5 min.
I checked the absence of me getting used KTM, calmed down and comment out this method until the next update of the first topic)

This code is processed System.Diagnostics.Stopwatch.Elapsed.TotalMilliseconds = 0.0207 !!!

surely you are a great programmer familiar with sophisticated algorithms - teach me a fool - share range check code that is better to use in this case?

It's funny when checks like that begin to take longer than the actual reads themselves.

A tip about the range intersection checks: They are a pain to get right in your head. Instead of checking whether they intersect, check whether they DON'T intersect and it becomes 10 million times easier.

[Bananenbrot]

Code:

    public void Write(uint adres, byte[] b)
    {
        foreach (Warden w in wardens)
        {
            if (w.offs > (adres + b.Length) || (w.offs + w.length) < adres)
                continue;

            throw new Exception("WARDEN!!!");
        }

        Console.WriteLine("Write:" + string.Format("{0:x2}", adres));
        MEM.WriteBytes(handle, adres, b);
    }

If checked range begins after or ends before affected adress range, continue with next checked range. Not too sophisticated.

[GameAssist]

Code:

 if (w.offs > (adres + b.Length) || (w.offs + w.length) < adres)
                continue;

inclined knees - your method is better
I had a similar idea to cut off the range - I even wanted to show off a little diagram on paper - but laziness (

[Bananenbrot]

Yeah, some visualization helps for these kind of problems. Especially when adding some more dimensions (rectangle/bounding box intersection).