-
Thanks for the help, did a little more reversing
Code:
class CSpellRange
{
public:
char m_RangeIndex; //0x0000
float m_MinRange; //0x0004
float m_MaxRange; //0x0008
char m_0x000C[76];
};//Size=0x0058
class CSpellCastingTime
{
public:
__int32 m_CastingTimeIndex; //0x0000
__int32 m_CastTime; //0x0004
char m_0x0008[4]; //0x0008
__int32 m_CastTime2; //0x000C
};//Size=0x0010
class CDuration
{
public:
char m_DurationIndex; //0x0000
__int32 m_Duration; //0x0004
char m_0x0008[4]; //0x0008
__int32 m_Duration2; //0x000C
__int32 GetDuration()
{
return ((m_Duration / 1000) / 60);
}
};//Size=0x0010
class CIcon
{
public:
__int32 m_SpellIconID; //0x0000
char* m_Icon; //0x0004
};//Size=0x0008
enum PowerType_e //m_powerType
{
HEALTH = -2,
MANA = 0,
RAGE,
FOCUS,
ENERGY,
HAPPINESS,
};
enum SpellAttributesEx_s //m_AttributesEx (soruce mangos)
{
SPELL_ATTR_EX_DRAIN_ALL_POWER = 0x2, //use all power (Only paladin Lay of Hands and Bunyanize)
SPELL_ATTR_EX_CHANNELED_1 = 0x4, //channeled 1
SPELL_ATTR_EX_NOT_BREAK_STEALTH = 0x20, //Not break stealth
SPELL_ATTR_EX_CHANNELED_2 = 0x40, //channeled 2
SPELL_ATTR_EX_NEGATIVE = 0x80, //negative spell?
SPELL_ATTR_EX_NOT_IN_COMBAT_TARGET = 0x100, //Spell req target not to be in combat state
SPELL_ATTR_EX_NOT_PASSIVE = 0x400, //not passive?
SPELL_ATTR_EX_DISPEL_AURAS_ON_IMMUNITY = 0x8000, //remove auras on immunity
SPELL_ATTR_EX_UNAFFECTED_BY_SCHOOL_IMMUNE = 0x10000, //unaffected by school immunity
SPELL_ATTR_EX_REQ_COMBO_POINTS1 = 0x100000, //Req combo points on target
SPELL_ATTR_EX_REQ_COMBO_POINTS2 = 0x400000, //Req combo points on target
};
enum SpellAttributesEx2_s //m_AttributesEx2 (soruce mangos)
{
SPELL_ATTR_EX2_AUTO_SHOOT = 0x20, //Auto Shoot?
SPELL_ATTR_EX2_HEALTH_FUNNEL = 0x800, //Health funnel pets?
SPELL_ATTR_EX2_NOT_NEED_SHAPESHIFT = 0x80000, //does not necessarly need shapeshift
SPELL_ATTR_EX2_CANT_CRIT = 0x20000000, //Spell can't crit
};
class CSpellRecord
{
public:
__int32 m_SpellID; //0x0000
__int32 m_School; //0x0004
__int32 m_Category; //0x0008
__int32 m_CastUI; //0x000C
__int32 m_Dispel; //0x0010 (list 00C0D83C)
__int32 m_Mechanic; //0x0014
__int32 m_Attributes; //0x0018
__int32 m_AttributesEx; //0x001C
__int32 m_AttributesEx2; //0x0020
__int32 m_AttributesEx3; //0x0024
__int32 m_AttributesEx4; //0x0028
__int32 m_Stances; //0x002C
__int32 m_StancesNot; //0x0030
__int32 m_Targets; //0x0034
__int32 m_TargetCreatureType; //0x0038
__int32 m_RequiresSpellFocus; //0x003C
__int32 m_CasterAuraState; //0x0040
__int32 m_TargetAuraState; //0x0044
__int32 m_CastingTimeIndex; //0x0048
__int32 m_CategoryRecoveryTime; //0x004C
__int32 m_RecoveryTime; //0x0050
__int32 m_InterruptFlags; //0x0054
__int32 m_AuraInterruptFlags; //0x0058
__int32 m_ChannelInterruptFlags; //0x005C
__int32 m_procFlags; //0x0060
__int32 m_procChance; //0x0064
__int32 m_procCharges; //0x0068
__int32 m_maxLevel; //0x006C
__int32 m_baseLevel; //0x0070
__int32 m_spellLevel; //0x0074
__int32 m_DurationIndex; //0x0078
__int32 m_powerType; //0x007C
__int32 m_Cost; //0x0080
__int32 m_CostPerlevel; //0x0084
__int32 m_PerSecond; //0x0088
__int32 m_PerSecondPerLevel; //0x008C
__int32 m_rangeIndex; //0x0090
float m_speed; //0x0094
__int32 m_modalNextSpell; //0x0098
__int32 m_StackAmount; //0x009C
__int32 m_Totem[2]; //0x00A0
__int32 m_Reagent[8]; //0x00A8
__int32 m_ReagentCount[8]; //0x00C8
__int32 m_EquippedItemClass; //0x00E8
__int32 m_EquippedItemSubClassMask; //0x00EC
__int32 m_EquippedItemInventoryTypeMask; //0x00F0
__int32 m_Effect[3]; //0x00F4
__int32 m_EffectDieSides[3]; //0x0100
__int32 m_EffectBaceDice[3]; //0x010C
float m_EffectDicePerLevel[3]; //0x0118
float m_EffectRealPointsPerLevel[3]; //0x0124
__int32 m_EffectBasePoints[3]; //0x0130
__int32 m_EffectMechanic[3]; //0x013C
__int32 m_EffectImplicitTargetA[3]; //0x0148
__int32 m_EffectImplicitTargetB[3]; //0x0154
__int32 m_EffectRadiusIndex[3]; //0x0160
__int32 m_EffectApplyAuraName[3]; //0x016C
__int32 m_EffectAmplitude[3]; //0x0178
float m_EffectMultipleValue[3]; //0x0184
__int32 m_EffectChainTarget[3]; //0x0190
__int32 m_EffectItemType[3]; //0x019C
__int32 m_EffectMiscValue[3]; //0x01A8
__int32 m_EffectTriggerSpell[3]; //0x01B4
float m_EffectPointsPerComboPoint[3]; //0x01C0
__int32 m_SpellVisual; //0x01CC
__int32 m_SpellVisual2; //0x01D0
__int32 m_SpellIconID; //0x01D4
__int32 m_activeIconID; //0x01D8
__int32 m_spellPriority; //0x01DC
char* m_SpellName; //0x01E0
__int32 m_SpellNameTrash[7]; //0x01E4
__int32 m_SpellNameFlag; //0x0200
char* m_Rank; //0x0204
__int32 m_RankTrash[7]; //0x0208
__int32 RankFlags; //0x0224
char* m_Description; //0x0228
__int32 m_DescriptionTrash[7]; //0x022C
__int32 m_DescriptionFlags; //0x0248
char* m_ToolTip; //0x024C
__int32 m_ToolTipTrash[7]; //0x0250
__int32 m_ToolTipFlags; //0x026C
__int32 m_CostPercentage; //0x0270
__int32 m_StartRecoveryCategory; //0x0274
__int32 m_StartRecoveryTime; //0x0278
__int32 m_MaxTargetLevel; //0x027C
__int32 m_SpellFamilyName; //0x0280
__int64 m_SpellFamilyFlags; //0x0284
__int32 m_MaxAffectedTargets; //0x028C
__int32 m_DmgClass; //0x0290
__int32 m_PreventionType; //0x0294
__int32 m_StanceBarOrder; //0x0298
float m_DmgMultiplier[3]; //0x029C
__int32 m_MinFactionId; //0x02A8
__int32 m_MinReputation; //0x02AC
__int32 m_RequiredAuraVision; //0x02B0
bool UsesComboPoints()
{
return (0x500000 & m_AttributesEx);
}
int GetCost(UnitField* unit = NULL)
{
int cost = m_Cost;
if (m_CostPercentage && unit)
{
if (m_powerType == HEALTH)
{
cost = (int)((float)unit->UNIT_FIELD_BASE_HEALTH * ((float)m_CostPercentage / (float)100.f));
}
else
{
cost = (int)((float)unit->UNIT_FIELD_BASE_MANA * ((float)m_CostPercentage / (float)100.f));
}
}
if (m_PerSecond)
{
cost = m_PerSecond;
}
if (m_AttributesEx == SPELL_ATTR_EX_DRAIN_ALL_POWER && unit)
{
if (m_powerType == HEALTH)
{
cost = unit->UNIT_FIELD_MAXHEALTH;
}
if (m_powerType == MANA)
{
cost = unit->UNIT_FIELD_MAXPOWER1;
}
else if (m_powerType == RAGE)
{
cost = unit->UNIT_FIELD_MAXPOWER2;
}
else if (m_powerType == FOCUS)
{
cost = unit->UNIT_FIELD_MAXPOWER3;
}
else if (m_powerType == ENERGY)
{
cost = unit->UNIT_FIELD_MAXPOWER4;
}
}
if (m_powerType == RAGE)
{
return cost / 10;
}
return cost;
}
bool NeedsAura()
{
return (m_CasterAuraState);
}
bool HasAura(UnitField* unit)
{
return (unit->UNIT_FIELD_AURASTATE & (1 << (m_CasterAuraState - 1)));
}
CSpellRange* GetRangeObject()
{
DWORD RangeList = *(DWORD*)(0x00C0D79C);
if (RangeList)
{
DWORD RangeObject = *(DWORD*)(RangeList + (m_rangeIndex * 4));
if (RangeObject)
{
return (CSpellRange*)RangeObject;
}
}
return NULL;
}
CSpellCastingTime* GetCastingTimeObject()
{
DWORD CastingTimeList = *(DWORD*)(0x00C0D878);
if (CastingTimeList)
{
DWORD RangeObject = *(DWORD*)(CastingTimeList + (m_CastingTimeIndex * 4));
if (RangeObject)
{
return (CSpellCastingTime*)RangeObject;
}
}
return NULL;
}
CDuration* GetDurationObject()
{
DWORD DurationList = *(DWORD*)(0x00C0D828);
if (DurationList)
{
DWORD DurationObject = *(DWORD*)(DurationList + (m_DurationIndex * 4));
if (DurationObject)
{
return (CDuration*)DurationObject;
}
}
return NULL;
}
CIcon* GetIconObject()
{
DWORD IconList = *(DWORD*)(0x00C0D7EC);
if (IconList)
{
DWORD IconObject = *(DWORD*)(IconList + (m_SpellIconID * 4));
if (IconObject)
{
return (CIcon*)IconObject;
}
}
return NULL;
}
};//Size=0x02B4
static CSpellRecord* GetSpellObjectByIndex(int index, bool isPet = false)
{
DWORD spellID = *(DWORD*)(isPet ? 0x0B6F098 : 0x00B700F0 + (index * 4));
if (spellID)
{
DWORD SpellList = *(DWORD*)(0x00C0D788);
if (SpellList)
{
DWORD SpellObject = *(DWORD*)(SpellList + (spellID * 4));
if (SpellObject)
{
return (CSpellRecord*)SpellObject;
}
}
}
return NULL;
}
--edit
I flipped m_RecoveryTime and m_CategoryRecoveryTime, I dont know if thats really m_CategoryRecoveryTime
Last edited by DarkLinux; 12-12-2016 at 03:32 AM.
-
Post Thanks / Like - 1 Thanks
QKdefus (1 members gave Thanks to DarkLinux for this useful post)
-
Was thinking I found something new... But I guess not
Code:
static bool IsSpellOnCooldown(int SpellID)
{
DWORD GetSpellCooldown = 0x006E13E0;
__asm
{
mov ecx, 0xCECAEC //Spell History
push 0 //int* ready
push 0 //int* start
push 0 //int* duration
push 0 //false
push SpellID
call GetSpellCooldown
}
}
..edit, removed a push 0, had 1 too many.
Originally Posted by
Corthezz
GetSpellCooldown at 0x006E13E0
Not seeing the global cool down in the Spell History
Code:
0x00 lastSpell
0x08 spellID
0x10 start time
0x1C start time
0x28 spellID
0x2C castTime
Last edited by DarkLinux; 12-07-2016 at 02:17 AM.
-
Post Thanks / Like - 1 Thanks
tutrakan (1 members gave Thanks to DarkLinux for this useful post)
-
Slowly moving away from lua calls. No need for such overhead.
Code:
static int GetCreatureTypeIndex(PVOID creature)
{
DWORD _GetCreatureTypeIndex = 0x00605570;
__asm
{
mov ecx, creature
call _GetCreatureTypeIndex
}
}
class CCreatureType
{
public:
__int32 m_CreatureTypeIndex; //0x0000
char* m_CreatureType; //0x0004
};//Size=0x0008
static char* GetCreatureType(PVOID creature)
{
int typeIndex = GetCreatureTypeIndex(creature);
DWORD CreatureTypeList = *(DWORD*)(0x00C0DE2C);
if (CreatureTypeList)
{
DWORD CreatureTypeObject = *(DWORD*)(CreatureTypeList + (typeIndex * 4));
if (CreatureTypeObject)
{
return ((CCreatureType*)CreatureTypeObject)->m_CreatureType;
}
}
return "";
}
static bool IsCritter(PVOID creature)
{
return (strcmp(GetCreatureType(creature), "Critter") == 0);
}
static bool UnitCanAttack(PVOID unit, PVOID otherUnit)
{
DWORD _UnitCanAttack = 0x00606980;
__asm
{
push otherUnit
mov ecx, unit
call _UnitCanAttack
}
}
enum UnitClassification_e
{
Normal = 0,
Elite,
RareElite,
WorldBoss,
Rare,
};
static int UnitClassification(PVOID unit)
{
DWORD _UnitClassification = 0x00605620;
__asm
{
mov ecx, unit
call _UnitClassification
}
}
Last edited by DarkLinux; 12-07-2016 at 12:09 AM.
-
Post Thanks / Like - 1 Thanks
tutrakan (1 members gave Thanks to DarkLinux for this useful post)
-
Contributor
Yes, UnitCanAttack is right and very usefull.
I'm really curious, how you manage to reveal such a class structures. Do you use some tool or you have a specific technique for?
Last edited by tutrakan; 12-07-2016 at 12:59 AM.
-
I use CE to debug / view structures, and then when coding I use a program called ReClass. Coded by DrUnKeN ChEeTaH but its open source so many people are updating it (GitHub - dude719/Reclass-2016: ReClass 2016)
Unless you are talking about args being sent when calling, thats just debugging with CE.
Last edited by DarkLinux; 12-07-2016 at 01:07 AM.
-
Post Thanks / Like - 1 Thanks
tutrakan (1 members gave Thanks to DarkLinux for this useful post)
-
Contributor
Referencing the warden scans on kronos figured i would share:
Code:
warden_dump ( Kronos )
Addr Size Desc
0x40362B 0x03 Warden::sub_403620
0x49F6F2 0x03 Script_SendChatMessage
0x538610 0x04 some jump table warden related?
0x5E642C 0x05 func referencing some dword player_c / spell related
0x680B81 0x05 unknown
0x6CEE4E 0x05 unknown
0x60BFA0 0x02 CGUnit_C::OnRightClick -> loot while mounted
0x482ED8 0x06 CGWorldFrame::OnWorldUpdate modify unit -> desc -> UNIT_FIELD_FLAGS
0x5ED2E3 0x06 CGPlayer_C::CanTrackObject
0x6334F0 0x01 unknown some float @ 80DFFC
0x636598 0x01 unknown some float @ 80DFFC 0.6427876353f
0x494A50 0x07 CGGameUI::CanPerformAction
0x7C63A8 0x04 Movement Related
0x518062 0x01 Script_UnitLevel UnitReaction related?
0x4711E0 0x02 CCharCreateInfo::CreateCharacter
0x67063E 0x01 unknown
0x6AB494 0x01 unknown
0x60BFBF 0x02 CGUnit_C::OnRightClick loot related
0x60FC30 0x04 sub_60FB60 auto follow related
0x7C4955 0x03 CMovementData::GetPosition
0x60FF65 0x02 CGUnit_C::sub_60FED0 tracking/follow related
0x6AB1BF 0x03 unknown
0x6CEE5B 0x06 unknown
0x7C625E 0x02 Infinite Jump
0x6341E3 0x02 unknown ( movement related? )
0x636ED4 0x01 unknown some float @ 80DFFC
0x7C705C 0x06 unknown
0x7C6206 0x0B unknown player move flags related
0x5ED28D 0x06 CGPlayer_C::CanTrackUnit
0x7C69A0 0x03 unknown
0x5EC720 0x08 CGPlayer_C::GetLanguageSkill
0x615BA7 0x04 unknown
0x4711EA 0x01 CCharCreateInfo::CreateCharacter
0x49F5DD 0x01 Script_SendChatMessage
0x63379C 0x01 unknown some float @ 80DFFC
0x60F7C9 0x06 unknown
0x635C3A 0x01 unknown some float @ 80DFFC
0x60FF71 0x01 CGUnit_C::sub_60FED0 tracking/follow related
0x60BFB1 0x02 CGUnit_C::OnRightClick
0x6163DB 0x03 Anti Root
0x7C33DA 0x03 unknown
0x7C63DD 0x03 movement related
0x618919 0x04 unknown
0x87D894 0x04 some float .data default value 60.148003f
0x7C6E83 0x07 Swimming related
0x618917 0x06 unknown
0x80DFFC 0x04 some float .data default value 0.64278764f
0x7C6269 0x04 Jump related
0x7C6272 0x04 Jump Gravity
0x615CF5 0x01 movement related jump table?
0x7C625F 0x01 Jump related
0x7C63DA 0x03 movement related?
0x6341BC 0x02 unknown
0x7C63D9 0x01 movement related?
0x7C63BD 0x03 movement related?
0x618918 0x04 movement related?
0x5ABD50 0x06 ClientServices_CharacterValidateName
0x7C620D 0x02 movement related?
0x5FE54F 0x01 CGUnit_C::UpdateBaseAnimation
0x616749 0x02 CMovement::MoveUnit
0x60F650 0x06 unknown
0x482BE3 0x01 CGWorldFrame::sub_482AD0
0x6163DE 0x0A Anti Root
0x6ABF13 0x01 unknown
0x6A467B 0x01 unknown
0x6CA1B5 0x01 WardenClient_Process
0x6D2743 0x06 unknown
0x636198 0x01 unknown
Does anyone know what function is at 0x7C6340 it looks movement related, and makes calles to CMovementData::GetPosition and CMovementData::GetFacing
and also the float at 0x80DFFC its usually 0.6427876353f
-
Post Thanks / Like - 4 Thanks
-
Originally Posted by
danwins
Does anyone know what function is at 0x7C6340 it looks movement related, and makes calles to CMovementData::GetPosition and CMovementData::GetFacing
It is InitMovementStatus() and initializes the local client's movement status structure.
-
Post Thanks / Like - 1 Thanks
DarkLinux (1 members gave Thanks to namreeb for this useful post)
-
Contributor
Originally Posted by
DarkLinux
I use CE to debug / view structures, and then when coding I use a program called ReClass. Coded by DrUnKeN ChEeTaH but its open source so many people are updating it (
GitHub - dude719/Reclass-2016: ReClass 2016)
Unless you are talking about args being sent when calling, thats just debugging with CE.
GitHub - KN4CK3R/ReClass.NET: A ReClass port to the .NET platform.
FYI.
-
Looked over some of the elysium warden scan and was a little lost on some of them,
Code:
LocalPlayer + 0 //VTable Scan?
LocalPlayer + A20 //fallStartTime (edit danwins)
LocalPlayer + A2C //Move Speed
LocalPlayer + A34 //Forward speed? (value = 7.f)
LocalPlayer + A60 //collision box Z (edit NotJuJuBoSc)
LocalPlayer + 9E8 //MovementFlags (Movement Struct)
localPayerDescriptor + 0x58 //Health
Why would they be scanning things like health? Why would they scan the vtable pointer, and then not scan any of the entries? I know someone could spoof the full table, but odd they dont check any other pointers.They scan some flags / states, cant the client be desynced and normal players get flagged?
They are also scanning a pointer to the LocalPlayer, must be for a clientless client check.
Last edited by DarkLinux; 12-20-2016 at 02:57 AM.
-
Corporal
Originally Posted by
DarkLinux
Looked over some of the elysium warden scan and was a little lost on some of them,
Code:
LocalPlayer + 0 //VTable Scan?
LocalPlayer + A20 //Move state
LocalPlayer + A2C //Move Speed
LocalPlayer + A34 //Forward speed? (value = 7.f)
LocalPlayer + A60 //No idea (value = 1.f)
LocalPlayer + 9E8 //MovementFlags (Movement Struct)
localPayerDescriptor + 0x58 //Health
Why would they be scanning things like health? Why would they scan the vtable pointer, and then not scan any of the entries? I know someone could spoof the full table, but odd they dont check any other pointers.They scan some flags / states, cant the client be desynced and normal players get flagged?
They are also scanning a pointer to the LocalPlayer, must be for a clientless client check.
Their Warden is actually really interesting, they use memory scan warden's function as a "server side" memory reader.
They start reading 4 bytes @ 00C7BCD4 CWorldScene__camTargEntity in the first warden scan packet, then when the client answer with those 4 bytes, (which is actually a pointer), they add 0x88 to get another pointer and so on, so they can read player object info and compare them server side.
Really clever against clientless bot (not hard once you get it, but still, annoying to handle), great job @ Elysium
-
Post Thanks / Like - 3 Thanks
-
Elite User
Originally Posted by
DarkLinux
Why would they be scanning things like health?
On MangosZero there was an exploit to gather herbs and open chests while dead by setting the health > 0.
-
Post Thanks / Like - 1 Thanks
DarkLinux (1 members gave Thanks to culino2 for this useful post)
-
@culino2
Oh thats why, good to know
@NotJuJuBoSc
That is so cool, they really did think outside the box. I guess they could scan anything with that method. Hmm they could even upload modules or pages. I better add some type of check for a linear scan. Warden does not have a way to write to memory I hope?
Last edited by DarkLinux; 12-19-2016 at 02:41 PM.
-
With the currently available Warden modules from pre-cata, to my knowledge there is no way to write memory with it.
-
Post Thanks / Like - 1 Thanks
DarkLinux (1 members gave Thanks to namreeb for this useful post)
-
Contributor
warden module as dll (since the one posted in the other thread has messed up imports)
79c0768d657977d697e10bad956cced1.zip
-
Post Thanks / Like - 2 Thanks
-
Elite User
For the above Warden module:
Code:
0x4F90 Warden_AddTwoNumbers
0x1180 Warden_Return0
0x6230 Warden_Return1
0x1940 Warden_GetProcAddress
0x3520 Warden_GetModuleHandle
0x7988 Warden_TlsSetValue
0x1834 Warden_SHA1Init
0x2AA4 Warden_SHA1Update
0x5379 Warden_SHA1Final
0x5906 Warden_SHA1Hash
0x7494 Warden_SHA1Transform
0x63B8 Warden_Process (called from the client in WardenClient::Process at WoW client offset 0x006CA190)
0x2A7F Warden_CopyMem
0x1780 Warden_CallCopyMem (scanned by Nostalrius with PageCheck)
0x4099 Warden_OnPacket
0x4EB0 Warden_PacketFinialize (adds 4 byte checksum and 2 byte size iirc)
0x3DF4 Warden_RC4CryptPacket
0x2CCF Warden_WoWClientSendWardenData
0x7850 Warden_PacketPutInt8
0x7890 Warden_PacketPutInt32
0x1C80 Warden_PacketPutBytes
0x78D0 Warden_PacketGetInt8
0x7910 Warden_PacketGetInt32
0x3ED2 Warden_PacketGetString
0x62F0 Warden_PacketGetBytes
0x5BD0 Warden_StorePageScanInfo (first parameter is 1 if warden should also check pages with PE headers, second is hash, third seed, fourth offset, last size)
0x1000 Warden_PageCheckHashAndCompare
0x79A0 Warden_ComparePageCheckHash (compare calculated memory hash with server hash)
0x1190 Warden_CallProcCheckHashAndCompare (only gets called if both dll + exported function have been found (Warden_GetModuleHandle/Warden_GetProcAddress)
0x1E00 Warden_ProcCheckHashAndCompare (same as above...)
0x2713 Warden_CheckMPQFile (called in Warden_ScanCase) Nostalrius is using it, if you want to test this.
0x2CFD Warden_ScanCase (calls all checks)
Scan functions:
0x11E4 Warden_PageCheckA_B (check 0xB2, 0xBF)
0x3700 Warden_CopyRelativeAddress (check 0xF3, name stolen from Jadd)
0x14D0 Warden_ModuleCheck (check 0xD9)
vftable calls:
0x2D77 leads to Warden_PageCheckA_B
0x332C leads to Warden_CopyRelativeAddress
0x33C9 leads to Warden_ModuleScan
0x3021 leads to Warden_GetModuleHandle
0x3062 leads to Warden_GetProcAddress
0x308E leads to Warden_CallProcCheckHashAndCompare
Last edited by culino2; 12-24-2016 at 07:43 PM.
Reason: more
-
Post Thanks / Like - 4 Thanks