Does wow classic still have warden monitoring? menu

User Tag List

Results 1 to 8 of 8
  1. #1
    sanyle's Avatar Member
    Reputation
    1
    Join Date
    Dec 2019
    Posts
    22
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Does wow classic still have warden monitoring?

    Hello, guys
    I changed the .text content from kernel mode to make calling framescriptexecutebuffer normal.
    At the same time try to fix the CRC check, but still intermittent game crash.
    I found that the game intermittently uses VirtualAlloc to allocate a piece of memory to perform something.
    Is this the warden module?
    I also read the forum after a large number of threads guess.
    I haven't figured out what caused the crash yet. I hope experienced friends can help me. thanks.
    If it's not convenient for public discussion, I hope the private letter can get your advice.

    These ads disappear when you log in.

  2. #2
    namreeb's Avatar Legendary

    Reputation
    613
    Join Date
    Sep 2008
    Posts
    1,003
    Thanks G/R
    6/191
    Trade Feedback
    0 (0%)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    My understanding is that it is not running in China, but it is everywhere else.

  3. #3
    sanyle's Avatar Member
    Reputation
    1
    Join Date
    Dec 2019
    Posts
    22
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by namreeb View Post
    My understanding is that it is not running in China, but it is everywhere else.
    Thanks for the guidance, I will continue to analyze it. Now it seems that several methods of executing Lua all have byte detection. Headache

  4. #4
    Jadd's Avatar 🐸
    Reputation
    1475
    Join Date
    May 2008
    Posts
    2,401
    Thanks G/R
    77/302
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Warden is running in China but for the longest time they were not acting on any detection data. I think they are now, though.

  5. #5
    Yawnstar's Avatar Contributor Devil's Advocate
    CoreCoins Purchaser
    Reputation
    143
    Join Date
    Jun 2012
    Posts
    359
    Thanks G/R
    60/77
    Trade Feedback
    2 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Jadd View Post
    Warden is running in China but for the longest time they were not acting on any detection data. I think they are now, though.
    How did you find this out?

  6. #6
    zys924's Avatar Active Member
    Reputation
    19
    Join Date
    Nov 2009
    Posts
    110
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    At the same time try to fix the CRC check, but still intermittent game crash.
    This is not because of Warden, but the client obfuscation instead. You should never tamper with .text section's CRC.

    I found that the game intermittently uses VirtualAlloc to allocate a piece of memory to perform something.
    Is this the warden module?
    Yes, it is. Warden always gets downloaded and executed from each BLZ server once you login to the game, in terms of shell code. There is no difference between Retail and Classic. In general, the following is how Warden works at the moment.

    1. A warden launcher shell code will be loaded after 2-5 minutes of login, and will stay in memory in long term. It is responsible for loading actual warden modules later across the current login session.
    2. The warden launcher will start loading different detection modules from server in about 10 minutes, once every 1-2 minutes. This is why Warden can get updated at any minute without restarting the game client.
    3. Each detection Warden module runs on a different thread for a few seconds, uploads its scan result data to the server, and then gets released by launcher. This is how your account gets "flagged". But whether you will get banned because of this is still subject to BLZ server's discretion.

    To counteract Warden, EWT's tripwire system can intercept these modules, recognize them by some kind approach and disconnect you if an unknown one is found. It is hard since you need to collect all of them and sig them well, but effective. Other commercial products may have other approaches that I don't know. Anyway, nothing is easy.
    Last edited by zys924; 01-17-2021 at 02:23 AM.

  7. #7
    charles420's Avatar Contributor
    Reputation
    237
    Join Date
    Jun 2009
    Posts
    231
    Thanks G/R
    12/67
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    was banned by warden in us dicking around on a throwaway trialing so def running us

  8. #8
    sanyle's Avatar Member
    Reputation
    1
    Join Date
    Dec 2019
    Posts
    22
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by zys924 View Post
    This is not because of Warden, but the client obfuscation instead. You should never tamper with .text section's CRC.


    Yes, it is. Warden always gets downloaded and executed from each BLZ server once you login to the game, in terms of shell code. There is no difference between Retail and Classic. In general, the following is how Warden works at the moment.

    1. A warden launcher shell code will be loaded after 2-5 minutes of login, and will stay in memory in long term. It is responsible for loading actual warden modules later across the current login session.
    2. The warden launcher will start loading different detection modules from server in about 10 minutes, once every 1-2 minutes. This is why Warden can get updated at any minute without restarting the game client.
    3. Each detection Warden module runs on a different thread for a few seconds, uploads its scan result data to the server, and then gets released by launcher. This is how your account gets "flagged". But whether you will get banned because of this is still subject to BLZ server's discretion.

    To counteract Warden, EWT's tripwire system can intercept these modules, recognize them by some kind approach and disconnect you if an unknown one is found. It is hard since you need to collect all of them and sig them well, but effective. Other commercial products may have other approaches that I don't know. Anyway, nothing is easy.
    Thank you for your detailed answers. It seems that a lot of work is needed. Let me try to learn slowly.

Similar Threads

  1. [Trading] 3 LEVEL 110's 4 LEVEL 100's ALSO HAVE LEVEL 33 UNDEAD ROGUE WOW CLASSIC
    By Tricky47 in forum World of Warcraft Buy Sell Trade
    Replies: 1
    Last Post: 10-05-2019, 05:13 PM
  2. Does Wow Anti Cheat (warden or whatever) Use Kernel Mode module
    By SailorMars in forum WoW Memory Editing
    Replies: 8
    Last Post: 08-08-2018, 02:41 AM
  3. Does the character undelete function still have a 30 day cooldown?
    By Bmtppk in forum World of Warcraft General
    Replies: 2
    Last Post: 02-02-2017, 08:18 PM
  4. Did wow 4.2 still have AdditionalCheck and BOTDETECTION etc.?
    By 25641463 in forum WoW Memory Editing
    Replies: 2
    Last Post: 09-03-2011, 01:38 PM
  5. WoW on Mac doesn't have Warden?
    By Kubiatsu in forum World of Warcraft General
    Replies: 4
    Last Post: 05-28-2009, 01:26 PM
All times are GMT -5. The time now is 11:28 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search