[WoW][Warden] Watched Address List - Including Length & Bytes!

[Anotherfox]

If this is the case, then apoc can feel free to remove this thread. However if blizzard dont already know that we do this sort of thing, then they really need to hire a new warden guy!

It's a girl actually.....

[ramey]

It's a girl actually.....

We now all know why Warden is a joke ;]

[Xelper]

Looks like a Warden update was pushed out tonight.

[-Ryuk-]

Looks like a Warden update was pushed out tonight.

Correct, four new addresses.

I have updated the original post!

[caytchen]

Client connection stuff and some anti-AFK bullshit. Nothing to see here, move on.

[-Ryuk-]

Updated for 4.0.6!

[ddebug]

Ryuk,

Thanks for this, but I think some of the offsets are a tad bit off (at least their lengths don't make sense). For example, according to this dump, Warden checks an offset which is a couple of bytes away from a speed hacking offset, an offset which is a couple bytes away from a fly hacking offset, etc... but they don't actually hash the actual offset patched for the hack to work.

[-Ryuk-]

Ryuk,

Thanks for this, but I think some of the offsets are a tad bit off (at least their lengths don't make sense). For example, according to this dump, Warden checks an offset which is a couple of bytes away from a speed hacking offset, an offset which is a couple bytes away from a fly hacking offset, etc... but they don't actually hash the actual offset patched for the hack to work.

Ok, Ill look at this

[ddebug]

Ok, Ill look at this

An example can be found in CMovement__MoveUnit.
One way to enable speed hacking can be to NOP the jbe loc_XXXX instruction at 0x188E0B.

Warden, on the other hand, according to your dump scans the region in memory just above this offset:

--------------------------------
Offset: 0x188DE0
Length: A
Bytes: 85 139 236 131 236 12 83 139 93 12

--------------------------------

So, only the first A (10 bytes) are monitored which are:

push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
mov ebx, [ebp+arg_4]

This seems irrelevant to the actual patch required to make the speed hack work.
Hence why I thought the offsets (or at least the lengths) were off. The same can be seen in other offsets (like the fly hacking one).

[amadmonk]

Without having IDA in front of me, that looks like just enough bytes to catch a standard detour of the function. Maybe they're going after that?

[-Ryuk-]

An example can be found in CMovement__MoveUnit.
One way to enable speed hacking can be to NOP the jbe loc_XXXX instruction at 0x188E0B.

Warden, on the other hand, according to your dump scans the region in memory just above this offset:



So, only the first A (10 bytes) are monitored which are:


This seems irrelevant to the actual patch required to make the speed hack work.
Hence why I thought the offsets (or at least the lengths) were off. The same can be seen in other offsets (like the fly hacking one).

Well testing the speedhack one, and NOPing the offset you provided and no ban, waited an hour.

EDIT: Nope the offsets/length are correct. There checking just before, I guess this is for some other hack/to stop people detouring the hack.

Do doubt this speedhack offset will be in the next warden update; If not, it will be soon!

[ddebug]

Well testing the speedhack one, and NOPing the offset you provided and no ban, waited an hour.

EDIT: Nope the offsets/length are correct. There checking just before, I guess this is for some other hack/to stop people detouring the hack.

Do doubt this speedhack offset will be in the next warden update; If not, it will be soon!

I didn't believe Warden bans were that quick. I was under the impression that they were delayed (like how VAC does them).

[-Ryuk-]

I didn't believe Warden bans were that quick. I was under the impression that they were delayed (like how VAC does them).

It depends, It send the result back to blizzard(correct me if im wrong) and then the ServerSide Warden Handler deals with the rest; Like put them on a waiting list(banwave) or just ban them outwrite.

[demisehi]

Most likely ban in a wave. Maximizing their catch.

[jjaa]

In my experience, general warden scans will ban you in less than 10mins. Its only popular bots ect. that get ban waves.