[WoW][Warden] Watched Address List - Including Length & Bytes!

**~~Sebbe123~~** · 02-28-2011

Okey, thanks guys!

**amadmonk** · 02-28-2011

One of the other things that "Warden" (which is really a code name for a cluster of different "security" techs) does is scan memory for various "well known" code patterns (using byte signatures). If your bot is not public, there is -- by definition -- no well known byte signature for them to latch onto. If, on the other hand, you're using someone else's bot, or library, or whatever, they can find it. Use all private code, and you disappear into the noise that is a Windows process...

Of course, now that I've been reading Cryptonomicon lately, I've been itching to do some information theoretics stuff against them, to muddy the waters. I STILL want to release a virus that does nothing except insert a well known byte signature into any WoW process it finds, but... I'm not a dick, so I won't

But, can you IMAGINE the ban-wave (and ensuing bad publicity, and ensuing troubles for Warden) that would follow in its wake?

**Cypher** · 02-28-2011

Originally Posted by amadmonk

One of the other things that "Warden" (which is really a code name for a cluster of different "security" techs) does is scan memory for various "well known" code patterns (using byte signatures). If your bot is not public, there is -- by definition -- no well known byte signature for them to latch onto. If, on the other hand, you're using someone else's bot, or library, or whatever, they can find it. Use all private code, and you disappear into the noise that is a Windows process...

Of course, now that I've been reading Cryptonomicon lately, I've been itching to do some information theoretics stuff against them, to muddy the waters. I STILL want to release a virus that does nothing except insert a well known byte signature into any WoW process it finds, but... I'm not a dick, so I won't

But, can you IMAGINE the ban-wave (and ensuing bad publicity, and ensuing troubles for Warden) that would follow in its wake?

Haha, similar to the shit that PunkBuster got into for its indiscriminate memory scanning?

I must admit, it's such an evil and hilarious idea I'm tempted to do it myself.

EDIT:

Btw, they generally like to hash the PDB string in the .rdata section of the module. (They don't actually look up sections or anything, they just do PageBase+Offset, but yeah, that's something nice and easy to dump into the process.)

**amadmonk** · 02-28-2011

Hmm, that's pretty easy. Just need some good strings to use and a nice virus capsule...

Okay, okay, NO, mods, don't worry, I won't actually write a virus. But you have to admit, it would be funny as hell if Blizzard actually had to walk back a ban wave because it turned out to just be a virus

**-Ryuk-** · 02-28-2011

Ok, updated with the latest list.

Click here for the info!

There seems to only be 40 scans now, including a few new ones down from 44 :S Not sure why, Not been watching warden long enough to know if this has happened before.

**Cypher** · 02-28-2011

Originally Posted by amadmonk

Hmm, that's pretty easy. Just need some good strings to use and a nice virus capsule...

Okay, okay, NO, mods, don't worry, I won't actually write a virus. But you have to admit, it would be funny as hell if Blizzard actually had to walk back a ban wave because it turned out to just be a virus

I'll send you my old LuaNinja PDB string and offset if you want.

**-Ryuk-** · 04-28-2011

Wiki has been updated 4.1.0.13914

Enjoy!

**BuloZB** · 05-08-2011

fix link plz

**Evieh** · 05-08-2011

Originally Posted by BuloZB

fix link plz

http://www.mmowned.com/forums/world-...ml#post2076550 In there you will find http://pastebin.com/YV2igikT , which has the current warden offset scans.

**-Ryuk-** · 05-09-2011

Originally Posted by Evieh

http://www.mmowned.com/forums/world-...ml#post2076550 In there you will find 00042E84 001D2B6D 0070EF88 00677480 0018F6FB 0018EC30 0000D8E0 0009F140 - Pastebin.com , which has the current warden offset scans.

As soon as the wiki is back up, I will be posting the offsets like I usually do. with Length and Bytes.

Evieh, would you mind contact me on msn? I would like to chat

**Evieh** · 05-09-2011

I just posted them since there was a request in the previous offset dump thread and nobody else had posted them (wiki being down).

**-Ryuk-** · 05-09-2011

Originally Posted by Evieh

I just posted them since there was a request in the previous offset dump thread and nobody else had posted them (wiki being down).

Dont worry about it

**~~JuJuBoSc~~** · 05-27-2011

Since today, 1 byte is checked at this address 0x001637F8 (rebased), only hitted on 2 EU realm, funny

**-Ryuk-** · 05-27-2011

Originally Posted by JuJuBoSc

Since today, 1 byte is checked at this address 0x001637F8 (rebased), only hitted on 2 EU realm, funny

Will investigate now, Just got back from holiday

EDIT:

I have tested on a few realms(EU) and my scanner does not detected this address. I haven't bothered to check what it is, Ill just wait until its sent to all realms unless you can remember what realm it hit?

This would be the first time that an addresses has only been pushed to just a few realms, and I wasn't even aware that this was possible.

**~~JuJuBoSc~~** · 05-27-2011

It is currently on Sargeras EU French

Shout-Out

User Tag List

Thread: [WoW][Warden] Watched Address List - Including Length & Bytes!

Thread Tools

Search Thread

Similar Threads

WoW private server master list

[Release]WoW 2.4 Addresses

Massive WoW Leveling Grinding Spots List (merged list)

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino