Code:
struct WardenInfo
{
DWORD m_ver;
DWORD m_offset; /* Warden_CopyMem Function Offset (MEM_CHECK)*/
DWORD m_offsetCall; /* Warden_CallCopyMem Call Offset to Warden_CopyMem (MEM_CHECK) */
DWORD m_offsetPageHash; /* Warden_SHA1Update Copy Offset (PAGE_CHECK_A / PAGE_CHECK_B) */
DWORD m_pageHashType; /* Hook Type*/
...
}
WardenOffset(0x00003E2D, 0x00001C5D, 0x00001F73, 0x000049C6, 2);
WardenOffset(0x00001982, 0x00006DC4, 0x0000196B, 0x00003DF1, 2);
WardenOffset(0x00006270, 0x00004A8D, 0x000038C3, 0x000028EA, 1);
WardenOffset(0x00005ACC, 0x00004E7C, 0x00002AE8, 0x00007224, 1);
WardenOffset(0x00004BE0, 0x000071D8, 0x00004FC6, 0x00002BB6, 2);
WardenOffset(0x00001B20, 0x00005F06, 0x00003CA4, 0x000035E7, 3);
WardenOffset(0x00004DE0, 0x00005F1F, 0x000022B8, 0x000039C1, 2);
WardenOffset(0x00004389, 0x000029E8, 0x000031D0, 0x00003129, 3);
WardenOffset(0x00001BD7, 0x00004FB9, 0x00005FC0, 0x00005193, 1);
WardenOffset(0x000011A0, 0x0000116E, 0x0000509F, 0x00004197, 3);
WardenOffset(0x00001438, 0x0000137D, 0x0000292F, 0x000034BB, 3);
WardenOffset(0x00003150, 0x0000263E, 0x000036EB, 0x00002D51, 2);
WardenOffset(0x00001EB0, 0x00002B6F, 0x0000391B, 0x00004B01, 2);
WardenOffset(0x00002839, 0x00003917, 0x000029EB, 0x000034C6, 2);
WardenOffset(0x000071B0, 0x0000710C, 0x00005A1B, 0x000037D1, 2);
WardenOffset(0x00003890, 0x00001F1F, 0x00003881, 0x00006951, 2);
WardenOffset(0x00003DAC, 0x000018EE, 0x00004D2B, 0x00001885, 1);
WardenOffset(0x000036F0, 0x000060AA, 0x000057A7, 0x0000132B, 1);
WardenOffset(0x0000540D, 0x000026C6, 0x0000193B, 0x00007A0C, 3);
WardenOffset(0x00007452, 0x000054C6, 0x00005F7D, 0x000045D2, 1);
WardenOffset(0x00005496, 0x0000159C, 0x000046DB, 0x00005925, 3);
WardenOffset(0x00006980, 0x00005525, 0x00001136, 0x00001906, 2);
WardenOffset(0x000040A0, 0x000037A1, 0x000066C0, 0x00002F68, 1);
WardenOffset(0x00003EA0, 0x00001696, 0x00004BEB, 0x00001681, 2);
WardenOffset(0x000019FB, 0x00001088, 0x0000240B, 0x00004221, 2);
WardenOffset(0x00005E1C, 0x0000140D, 0x0000597B, 0x00006D59, 3);
WardenOffset(0x00003124, 0x0000542D, 0x00001B8B, 0x00002DC9, 1);
WardenOffset(0x00003D08, 0x000044CB, 0x0000461C, 0x0000118B, 1);
WardenOffset(0x00005C2B, 0x000025A6, 0x00005D5B, 0x000043D6, 2);
WardenOffset(0x000028D2, 0x000014C1, 0x0000210B, 0x00001937, 1);
WardenOffset(0x000055C0, 0x000018D9, 0x0000407B, 0x000015F6, 2);
WardenOffset(0x00004997, 0x00002587, 0x0000172B, 0x00005546, 2);
WardenOffset(0x00005E40, 0x00003233, 0x00001BBB, 0x000024C2, 1);
WardenOffset(0x00004DDD, 0x0000281A, 0x0000672B, 0x00004723, 3);
WardenOffset(0x000044A0, 0x00003866, 0x00003561, 0x00006C46, 2);
WardenOffset(0x00004030, 0x0000480C, 0x00004B1B, 0x00004E04, 1);
WardenOffset(0x000063B8, 0x00002A7F, 0x0000178B, 0x00002B24, 1);
WardenOffset(0x00006DC0, 0x00004B1B, 0x00006506, 0x0000682B, 1);
WardenOffset(0x00004ED7, 0x00001C6A, 0x0000492F, 0x000049D1, 1);
WardenOffset(0x000030F0, 0x00004626, 0x00004ADB, 0x000016CF, 1);
WardenOffset(0x00001A42, 0x00006F20, 0x00006D45, 0x000067C1, 2);
WardenOffset(0x000077FA, 0x00003F07, 0x0000260B, 0x00006C11, 2);
WardenOffset(0x00002890, 0x00001837, 0x00006BD7, 0x00006479, 3);
WardenOffset(0x00002070, 0x000047B8, 0x000036EB, 0x000015C5, 3);
WardenOffset(0x000014A0, 0x0000486D, 0x0000377B, 0x000029F6, 2);
WardenOffset(0x00001000, 0x00006192, 0x000023B8, 0x00006A23, 1);
WardenOffset(0x000011F5, 0x00005204, 0x000011DA, 0x00004C3C, 3);
WardenOffset(0x00002E58, 0x000025B8, 0x000010D7, 0x00004F96, 2);
WardenOffset(0x000043E0, 0x000061C6, 0x0000199B, 0x00001FB6, 2);
WardenOffset(0x000040F0, 0x00005FDA, 0x0000141B, 0x00004809, 1);
WardenOffset(0x000050D0, 0x00003F52, 0x00001FFB, 0x00004C26, 2);
WardenOffset(0x000047E0, 0x000038D3, 0x00006F30, 0x00007261, 3);
WardenOffset(0x00002D30, 0x00003446, 0x00002506, 0x00002A76, 2);
WardenOffset(0x00004D99, 0x0000100A, 0x0000273F, 0x00005F22, 1);
WardenOffset(0x00006210, 0x000081D6, 0x000081CB, 0x00007AEA, 1);
WardenOffset(0x00006135, 0x0000274B, 0x00001DBB, 0x00006B11, 2);
WardenOffset(0x00006798, 0x000063FA, 0x0000279B, 0x00001766, 2);
WardenOffset(0x00004184, 0x00004FF8, 0x00003889, 0x00004E36, 2);
WardenOffset(0x00001E40, 0x000059B3, 0x000053ED, 0x00005DD7, 3);
WardenOffset(0x000023B0, 0x000029EA, 0x0000459D, 0x000024AE, 3);
WardenOffset(0x00004533, 0x00006395, 0x000046DB, 0x00004176, 2);
WardenOffset(0x00001065, 0x00001E08, 0x00005D17, 0x00004085, 3);
WardenOffset(0x00003181, 0x000023F2, 0x000043F7, 0x000024BD, 1);
WardenOffset(0x00006456, 0x0000614C, 0x0000516B, 0x000053D9, 1);
WardenOffset(0x00006376, 0x00003734, 0x000063EB, 0x00003AB4, 1);
WardenOffset(0x00001DB0, 0x00001E27, 0x0000406B, 0x000035E1, 2);
WardenOffset(0x00004390, 0x00005A6F, 0x00006C7B, 0x0000319C, 1);
WardenOffset(0x000015D0, 0x0000618D, 0x000017AB, 0x000016CD, 1);
WardenOffset(0x00002240, 0x00002C57, 0x00002DBD, 0x00001721, 2);
WardenOffset(0x000053B9, 0x00001D76, 0x00007254, 0x00006006, 2);
WardenOffset(0x00002AF6, 0x00005BDD, 0x0000339B, 0x00001E61, 2);
WardenOffset(0x00005083, 0x00005499, 0x00004C1B, 0x00004981, 2);
DWORD CWarden::GetWardenBase()
{
DWORD ppWarden = read<DWORD>(0x0CE8978);
if (!ppWarden)
{
return NULL;
}
return read<DWORD>(ppWarden);
}
DWORD CWarden::GetWardenVersion()
{
DWORD ppWarden = read<DWORD>(0x00CE897C);
if (!ppWarden)
{
return NULL;
}
DWORD pWarden = read<DWORD>(ppWarden);
if (!pWarden)
{
return NULL;
}
DWORD WardenBase = GetWardenBase();
if (!WardenBase)
{
return NULL;
}
return read<DWORD>(pWarden + 0xC) - WardenBase;
}
/*Hook Type Info
Type 1:
SourcePointer, eax
Counter, edi
ObjectPointer, esi
Size, ebx
Type 2:
SourcePointer, ebx
Counter, esi
ObjectPointer, edi
Size, eax
Type 3:
SourcePointer, eax
Counter, ebx
ObjectPointer, edi
Size, [ebp + 0xC];
*/