| |||||||
| |
| Register | Blogs | Live view | Downloads | Marketplace | FAQ | Members List | Social Groups | Calendar | Search | Today's Posts | Mark Forums Read |
Warcraft 3 and Stealthbot : Warden wins
This is a discussion on Warcraft 3 and Stealthbot : Warden wins within the Stealthbot forum part of the Warcraft 3 Tools category; If you use warcraft 3 cdkeys for Stealthbot, you will get kicked out of Battle.net after 2 minutes. This is ...
Welcome on D3scene.com! Make sure to register - it's free and very quick! You have to register before you can post and participate in our discussions with 70000 other registered members. Downloads, user profiles and some forums can only be seen by registered members. After you create your free account you will be able to customize many options, you will have the full access to new hacks, latest cheats and last but not least will see no advertisements at all. We would love to see you around in our community! |
| | LinkBack | Thread Tools | Display Modes |
|
#1
04-15-2009, 09:19 AM
| |||
| |||
| Warcraft 3 and Stealthbot : Warden wins If you use warcraft 3 cdkeys for Stealthbot, you will get kicked out of Battle.net after 2 minutes. This is normal, due to the Warden that has been activated in Battle.net for Warcraft III. I'm sure this affects only Northrend for the moment. edit : affects all servers, I just tested with a ROC account in all servers and got disconnected after 1:55min - 2:05min. In order to reconnect automaticly, you will have to download the following plugin : http://www.stealthbot.net/p/plugs/ge...=AutoReconnect Last edited by S-Sheep; 04-15-2009 at 09:45 AM.  |
| D3scene |
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
#2
04-15-2009, 11:11 AM
| |||
| |||
| This plugin is useless because you will always log off and log in again automatically. Simply don't use a bot when Warden is activated. |
|
#5
04-18-2009, 07:39 PM
| |||
| |||
| Its probably permo... Btw doing this probably get your keys banned for using 3rd party tools.. |
| The Following User Says Thank You to risker For This Useful Post: | ||
|
#6
04-18-2009, 07:55 PM
| |||
| |||
| -- Anyone who makes bots.. here's the warden bypass Code: Attribute VB_Name = "modWARDEN"
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal numbytes As Long)
Private Declare Sub ZeroMemory Lib "kernel32" Alias "RtlZeroMemory" (ByRef Destination As Any, ByVal numbytes As Long)
Private Declare Function GetPrivateProfileStringA Lib "kernel32" (ByVal lpApplicationName As String, ByVal lpKeyName As String, ByVal lpDefault As String, ByVal lpReturnedString As String, ByVal nSize As Long, ByVal lpFileName As String) As Long
Private Declare Function WritePrivateProfileStringA Lib "kernel32" (ByVal lpApplicationName As String, ByVal lpKeyName As String, ByVal lpString As Any, ByVal lpFileName As String) As Long
Private Declare Function LoadLibraryA Lib "kernel32" (ByVal strFilePath As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GlobalAlloc Lib "kernel32" (ByVal wFlags As Long, ByVal dwBytes As Long) As Long
Private Declare Function GlobalFree Lib "kernel32" (ByVal hMem As Long) As Long
Private Declare Function GlobalLock Lib "kernel32" (ByVal hMem As Long) As Long
Private Declare Function GlobalUnlock Lib "kernel32" (ByVal hMem As Long) As Long
Private Declare Function CallWindowProcA Lib "user32" (ByVal lpPrevWndFunc As Long, ByVal hWnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function uncompress Lib "zlib" (ByRef dest As Any, ByRef destLen As Long, ByRef src As Any, ByRef srcLen As Long) As Long
Private Declare Function htonl Lib "ws2_32" (ByVal hostlong As Long) As Long
Private Declare Function send Lib "ws2_32" (ByVal sckHandle As Long, ByRef InBuf As Any, ByVal buflen As Long, ByVal Flags As Long) As Long
'//Does the job of Maiev.mod
Private Type RANDOMDATA
Pos As Long
Data As String * 20
Sorc1 As String * 20
Sorc2 As String * 20
End Type
Private m_Parse(5) As Long
Private m_CallBack(7) As Long 'callback function list, for warden
Private m_Func(2) As Long 'wardens exports
Private m_KeyOut(257) As Byte
Private m_KeyIn(257) As Byte
Private m_Seed As Long
Private m_Mod As Long 'pointer to the module
Private m_ModMem As Long 'pointer to wardens memory block
Private m_ModState As Byte '0=idle,1=downloading,2=hackyhacky
Private m_RC4 As Long
Private m_PKT As String
Private m_WardenIniPath As String 'the warden folder
Private m_SocketHandle As Long
'//Warden download stuff
Private m_ModName As String * 16 'the modules name
Private m_ModFolder As String 'the warden folder
Private m_ModKey(15) As Byte 'key to crypt module with
Private m_ModLen As Long 'lengh of downloading module
Private m_ModPos As Long 'position in write data for downloading
Private m_ModData() As Byte 'module download buffer
Public Sub WardenInit(ByVal lngSeed As Long, ByVal lngSocketHandle As Long, ByVal strINIPath As String)
Dim bOut(15) As Byte
Dim bIn(15) As Byte
Dim uRan As RANDOMDATA
Call WardenCleanUp
'//Create new RC4 Keys
m_Seed = lngSeed
Call Data_Init(uRan, lngSeed)
Call Data_Get_Bytes(uRan, bOut(), 16)
Call Data_Get_Bytes(uRan, bIn(), 16)
Call RC4Key(bOut(), m_KeyOut(), 16)
Call RC4Key(bIn(), m_KeyIn(), 16)
m_Parse(0) = Addr2Ptr(AddressOf HW0x00)
m_Parse(1) = Addr2Ptr(AddressOf HW0x01)
m_Parse(2) = Addr2Ptr(AddressOf HW0x02)
m_Parse(3) = Addr2Ptr(AddressOf HW0x03)
m_Parse(4) = Addr2Ptr(AddressOf HW0x04)
m_Parse(5) = Addr2Ptr(AddressOf HW0x05)
m_SocketHandle = lngSocketHandle
m_ModFolder = App.Path & "\Warden\"
m_WardenIniPath = strINIPath
End Sub
Public Sub WardenCleanUp()
'//Unload any existing module
If m_Mod Then
Call UnloadModule
Call free(m_Mod)
Call ZeroMemory(m_Func(0), 12)
m_Mod = 0
m_ModMem = 0
End If
m_ModState = 0
'//Clear download variables
Call ZeroMemory(ByVal m_ModName, 16)
Call ZeroMemory(m_ModKey(0), 16)
m_ModLen = 0
m_ModPos = 0
Erase m_ModData()
End Sub
Private Function LoadModule(ByVal lngMod As Long, ByRef strPath As String) As Long
Dim bData() As Byte
Dim i As Long
If (lngMod = 0) Then
i = FreeFile
Open strPath For Binary Lock Read As #i
If (LOF(i) < 1) Then
Close #i
Exit Function
End If
ReDim bData(LOF(i))
Get #i, 1, bData()
Close #i
lngMod = VarPtr(bData(0))
End If
If m_Mod Then
Call UnloadModule
Call free(m_Mod)
Call ZeroMemory(m_Func(0), 12)
End If
m_ModMem = 0
m_Mod = PrepareModule(lngMod)
If (m_Mod = 0) Then Exit Function
Call InitModule
If (m_ModMem = 0) Then
Call free(m_Mod)
Exit Function
End If
Call CopyMemory(i, ByVal m_ModMem, 4)
Call CopyMemory(m_Func(0), ByVal i, 12)
LoadModule = 1
End Function
Public Sub WardenOnData(ByRef S As String)
Dim lngData As Long
Dim lngLengh As Long
Dim lngID As Long
lngLengh = (Len(S) - 4)
If (lngLengh < 1) Then Exit Sub
lngData = malloc(lngLengh)
Call RC4CryptStr(S, m_KeyIn(), 5)
lngID = Asc(Mid$(S, 5, 1))
If (lngID < 6) Then
Call CopyMemory(ByVal lngData, ByVal Mid$(S, 5, lngLengh), lngLengh)
Call CallWindowProcA(m_Parse(lngID), lngData, lngID, lngLengh, 0)
Else
Debug.Print "BAD PACKET ID: 0x" & Hex(lngID)
End If
Call free(lngData)
End Sub
Private Function HW0x00(ByVal hData As Long, ByVal uMsg As Long, ByVal wLen As Long, ByVal lParam As Long) As Long
Dim S As String
Call WardenCleanUp
If (wLen < 37) Then Exit Function
Call CopyMemory(ByVal m_ModName, ByVal hData + 1, 16)
Call CopyMemory(m_ModKey(0), ByVal hData + 17, 16)
Call CopyMemory(m_ModLen, ByVal hData + 33, 4)
S = m_ModFolder & StrToHex(m_ModName, vbNullString) & ".bin"
If (Len(Dir$(S)) = 0) Then
If (m_ModLen < 50) Or (m_ModLen > 5000000) Then
m_ModLen = 0
Exit Function
End If
S = vbNullChar
ReDim m_ModData(m_ModLen - 1)
m_ModState = 1
Else
If (LoadModule(0, S) = 0) Then Exit Function
S = Chr$(&H1)
m_ModLen = 0
m_ModState = 2
End If
m_ModPos = 0
Call RC4CryptStr(S, m_KeyOut(), 1)
Call OnSendPacket(S)
HW0x00 = 1
End Function
Private Function HW0x01(ByVal hData As Long, ByVal uMsg As Long, ByVal wLen As Long, ByVal lParam As Long) As Long
If (Not m_ModState = 1) Then Exit Function
If (m_ModLen = 0) Then Exit Function
If (wLen < 4) Then Exit Function
Call CopyMemory(m_ModData(m_ModPos), ByVal hData + 3, wLen - 3)
m_ModPos = m_ModPos + (wLen - 3)
'Debug.Print m_ModPos & " Of " & m_ModLen
If (m_ModPos >= m_ModLen) Then
m_ModState = 2
HW0x01 = HW0x01Ex()
Else
HW0x01 = 1
End If
End Function
Private Function HW0x01Ex() As Long
On Error GoTo HW0x01ExErr
Dim bData() As Byte
Dim i As Long
Dim S As String
ReDim bData(257)
Call RC4Key(m_ModKey(), bData(), 16)
Call RC4Crypt(m_ModData(), bData(), m_ModLen)
Call CopyMemory(i, m_ModData(0), 4)
If (i < &H120) Or (i > 5000000) Then GoTo HW0x01ExErr
ReDim bData(i - 1)
If (Not uncompress(bData(0), i, m_ModData(4), CLng(m_ModLen - &H108)) = 0) Then GoTo HW0x01ExErr
m_ModLen = 0
m_ModPos = 0
Erase m_ModData()
S = m_ModFolder & StrToHex(m_ModName, vbNullString) & ".bin"
i = FreeFile
Open S For Binary Lock Write As #i
Put #i, 1, bData()
Close #i
If (LoadModule(VarPtr(bData(0)), S) = 0) Then GoTo HW0x01ExErr
m_ModState = 2
bData(0) = 1
Call RC4Crypt(bData(), m_KeyOut(), 1)
Call OnSendPacket(Chr$(bData(0)))
Erase bData()
HW0x01Ex = 1
Exit Function
HW0x01ExErr:
Erase m_ModData()
m_ModLen = 0
m_ModPos = 0
m_ModState = 0
Debug.Print "HW0x01Ex() Error: " & Err.Description
End Function
Private Function HW0x02(ByVal hData As Long, ByVal uMsg As Long, ByVal wLen As Long, ByVal lParam As Long) As Long
On Error GoTo HW0x02Err
'eww, yep
Dim S As String
Dim strData As String
Dim P As Long
Dim strOut As String
Dim PosOut As Long
Dim bHeader(6) As Byte
'string table
Dim B As Long 'lengh of string
Dim sCount As Byte
Dim sTable(20) As String
If (Not m_ModState = 2) Then GoTo HW0x02Err
If (wLen < 2) Then GoTo HW0x02Err
S = Space(wLen)
Call CopyMemory(ByVal S, ByVal hData, wLen)
P = 2
Do Until (P >= wLen)
B = Asc(Mid$(S, P, 1)): P = P + 1
If (B = 0) Then Exit Do
sCount = sCount + 1
sTable(sCount) = Mid$(S, P, B): P = P + B
Loop
PosOut = 8
strOut = Space(512) 'max size are are send buffer
Do Until (P >= wLen)
strData = Get0x02Data(S, P, sTable(), sCount)
If (Len(strData) = 0) Then GoTo HW0x02Err
Mid$(strOut, PosOut, Len(strData)) = strData
PosOut = PosOut + Len(strData)
Loop
strOut = Left$(strOut, (PosOut - 1))
bHeader(0) = &H2
Call CopyMemory(bHeader(1), CInt(PosOut - 8), 2)
Call CopyMemory(bHeader(3), WardenChecksum(Mid$(strOut, 8)), 4)
Call CopyMemory(ByVal strOut, bHeader(0), 7)
Call RC4CryptStr(strOut, m_KeyOut(), 1)
Call OnSendPacket(strOut)
HW0x02 = 1
Exit Function
HW0x02Err:
Debug.Print "HW0x02() Error: " & Err.Description
End Function
Private Function HW0x03(ByVal hData As Long, ByVal uMsg As Long, ByVal wLen As Long, ByVal lParam As Long) As Long
'//Ignore this
End Function
Private Function HW0x04(ByVal hData As Long, ByVal uMsg As Long, ByVal wLen As Long, ByVal lParam As Long) As Long
'//Ignore this
End Function
Private Function HW0x05(ByVal hData As Long, ByVal uMsg As Long, ByVal wLen As Long, ByVal lParam As Long) As Long
Dim bKey(257) As Byte
Dim bData() As Byte
Dim lngRecv As Long
Dim bCode(39) As Byte
If (Not m_ModState = 2) Then Exit Function
m_RC4 = 0
m_ModState = 0
'PUSH Size
'PUSH &Seed
'MOV ECX, Param
'XOR EDX, EDX
'MOV EAX, Address
'CALL EAX
'RETN 16
Call ExecuteCode(bCode(), &H68, &H4&, _
&H68, VarPtr(m_Seed), _
&HB9, m_ModMem, _
&HD233, _
&HB8, m_Func(0), _
&HD0FF, _
&HC2, 16, 0)
If (m_RC4 = 0) Then Exit Function
ReDim bData(wLen - 1)
Call CopyMemory(bData(0), ByVal hData, wLen)
Call CopyMemory(bKey(0), ByVal m_RC4 + 258, 258)
Call RC4Crypt(bData(), bKey(), wLen)
Call CopyMemory(bKey(0), ByVal m_RC4, 258)
m_PKT = vbNullString
'PUSH &BytesRead
'PUSH Lengh
'PUSH &bData
'MOV ECX, Mem
'XOR EDX, EDX
'MOV EAX, Address
'CALL EAX
'RETN 16
Call ExecuteCode(bCode(), &H68, VarPtr(lngRecv), _
&H68, wLen, _
&H68, VarPtr(bData(0)), _
&HB9, m_ModMem, _
&HD233, _
&HB8, m_Func(2), _
&HD0FF, _
&HC2, 16, 0)
If (Len(m_PKT) = 0) Then Exit Function
Call RC4CryptStr(m_PKT, bKey(), 1)
Call RC4CryptStr(m_PKT, m_KeyOut(), 1)
Call CopyMemory(m_KeyOut(0), ByVal m_RC4, 258)
Call CopyMemory(m_KeyIn(0), ByVal m_RC4 + 258, 258)
m_ModState = 2
Call OnSendPacket(m_PKT)
m_RC4 = 0
m_PKT = vbNullString
End Function
Private Function PrepareModule(ByRef pModule As Long) As Long
'//carbon copy port from iagos code
Debug.Print "PrepareModule()"
Dim dwModuleSize As Long
Dim pNewModule As Long
dwModuleSize = getInteger(pModule, &H0)
pNewModule = malloc(dwModuleSize)
Call ZeroMemory(ByVal pNewModule, dwModuleSize)
Debug.Print " Allocated " & dwModuleSize & " (0x" & Hex(dwModuleSize) & ") bytes for new module"
Call CopyMemory(ByVal pNewModule, ByVal pModule, 40)
Dim dwSrcLocation As Long
Dim dwDestLocation As Long
Dim dwLimit As Long
dwSrcLocation = &H28 + (getInteger(pNewModule, &H24) * 12)
dwDestLocation = getInteger(pModule, &H28)
dwLimit = getInteger(pModule, &H0)
Dim bSkip As Boolean
Debug.Print " Copying code sections to module."
While (dwDestLocation < dwLimit)
Dim dwCount As Long
Call CopyMemory(ByVal VarPtr(dwCount), ByVal pModule + dwSrcLocation, 1)
Call CopyMemory(ByVal VarPtr(dwCount) + 1, ByVal pModule + dwSrcLocation + 1, 1)
dwSrcLocation = dwSrcLocation + 2
If (bSkip = False) Then
Call CopyMemory(ByVal pNewModule + dwDestLocation, ByVal pModule + dwSrcLocation, dwCount)
dwSrcLocation = dwSrcLocation + dwCount
End If
bSkip = Not bSkip
dwDestLocation = dwDestLocation + dwCount
Wend
Debug.Print " Adjusting references to global variables..."
dwSrcLocation = getInteger(pModule, 8)
dwDestLocation = 0
Dim i As Long
Dim lng0x0C As Long
Dim lngTest As Long
Call CopyMemory(lng0x0C, ByVal pNewModule + &HC, 4)
While (i < lng0x0C)
Call CopyMemory(lngTest, ByVal pNewModule + dwSrcLocation, 1)
lngTest = lngTest And &HFF&
Call CopyMemory(ByVal VarPtr(lngTest) + 0, ByVal pNewModule + dwSrcLocation + 1, 1)
Call CopyMemory(ByVal VarPtr(lngTest) + 1, ByVal pNewModule + dwSrcLocation, 1)
dwDestLocation = dwDestLocation + lngTest
dwSrcLocation = dwSrcLocation + 2
Call insertInteger(pNewModule, dwDestLocation, getInteger(pNewModule, dwDestLocation) + pNewModule)
i = i + 1
Wend
Debug.Print " Updating API library references.."
dwLimit = getInteger(pNewModule, &H20)
Dim dwProcStart As Long
Dim szLib As String
Dim dwProcOffset As Long
Dim hModule As Long
Dim dwProc As Long
Dim szFunc As String
For i = 0 To dwLimit - 1
dwProcStart = getInteger(pNewModule, &H1C) + (i * 8)
szLib = GetSTR(pNewModule + getInteger(pNewModule, dwProcStart))
dwProcOffset = getInteger(pNewModule, dwProcStart + 4)
Debug.Print " Lib: " & szLib
hModule = LoadLibraryA(szLib)
dwProc = getInteger(pNewModule, dwProcOffset)
While dwProc
If (dwProc > 0) Then
szFunc = GetSTR(pNewModule + dwProc)
Debug.Print " Function: " & szFunc
Call insertInteger(pNewModule, dwProcOffset, GetProcAddress(hModule, szFunc))
Else
dwProc = dwProc And &H7FFFFFFF
Debug.Print " Ordinary: 0x" & Hex(dwProc)
End If
dwProcOffset = dwProcOffset + 4
dwProc = getInteger(pNewModule, dwProcOffset)
Wend
Next i
Debug.Print " Successfully mapped Warden Module to 0x" & Hex(pNewModule)
PrepareModule = pNewModule
End Function
Private Sub InitModule()
Debug.Print "InitModule()"
Dim A As Long
Dim B As Long
Dim C As Long
Dim bCode(15) As Byte
C = getInteger(m_Mod, &H18)
B = 1 - C
If (B > getInteger(m_Mod, &H14)) Then Exit Sub
A = getInteger(m_Mod, &H10)
A = getInteger(m_Mod, A + (B * 4)) + m_Mod
Debug.Print " Initialize Function is mapped at 0x" & Hex(A)
m_CallBack(0) = Addr2Ptr(AddressOf SendPacket)
m_CallBack(1) = Addr2Ptr(AddressOf CheckModule)
m_CallBack(2) = Addr2Ptr(AddressOf ModuleLoad)
m_CallBack(3) = Addr2Ptr(AddressOf AllocateMem)
m_CallBack(4) = Addr2Ptr(AddressOf FreeMemory)
m_CallBack(5) = Addr2Ptr(AddressOf SetRC4Data)
m_CallBack(6) = Addr2Ptr(AddressOf GetRC4Data)
m_CallBack(7) = VarPtr(m_CallBack(0))
'MOV ECX, &Param
'CALL Address
'RETN 16
m_ModMem = ExecuteCode(bCode(), &HB9, VarPtr(m_CallBack(7)), _
&H15FF, VarPtr(A), _
&HC2, 16, 0)
End Sub
Private Sub UnloadModule()
Dim bCode(15) As Byte
'MOV ECX, Param
'CALL Address
'RETN 16
Call ExecuteCode(bCode(), &HB9, m_ModMem, _
&H15FF, VarPtr(m_Func(1)), _
&HC2, 16, 0)
End Sub
Private Sub SendPacket(ByVal ptrPacket As Long, ByVal dwSize As Long)
If (dwSize < 1) Then Exit Sub
If (dwSize > 5000) Then Exit Sub
m_PKT = Space(dwSize)
Call CopyMemory(ByVal m_PKT, ByVal ptrPacket, dwSize)
'Debug.Print "Warden.SendPacket() pkt=0x" & Hex(ptrPacket) & ", size=" & dwSize & vbCrLf & GetLog(m_PKT)
End Sub
Private Function CheckModule(ByVal ptrMod As Long, ByVal ptrKey As Long) As Long
'Debug.Print "Warden.CheckModule() " & ptrMod & "/" & ptrKey
'CheckModule = 0 '//Need to download
'CheckModule = 1 '//Don't need to download
CheckModule = 1
End Function
Private Function ModuleLoad(ByVal ptrRC4Key As Long, ByVal pModule As Long, ByVal dwModSize As Long) As Long
'Debug.Print "Warden.ModuleLoad() " & ptrMod & "/" & ptrKey
'ModuleLoad = 0 '//Need to download
'ModuleLoad = 1 '//Don't need to download
ModuleLoad = 1
End Function
Private Function AllocateMem(ByVal dwSize As Long) As Long
AllocateMem = malloc(dwSize)
End Function
Private Sub FreeMemory(ByVal dwMemory As Long)
Call free(dwMemory)
'Debug.Print "Warden.FreeMemory() 0x" & Hex(dwMemory)
End Sub
Private Function SetRC4Data(ByVal lpKeys As Long, ByVal dwSize As Long) As Long
'Debug.Print "Warden.SetRC4Data() 0x" & Hex(lpKeys) & "/0x" & Hex(dwSize)
End Function
Private Function GetRC4Data(ByVal lpBuffer As Long, ByRef dwSize As Long) As Long
'Debug.Print "Warden.GetRC4Data() 0x" & Hex(lpBuffer) & "/0x" & Hex(dwSize)
'GetRC4Data = 1 'got the keys already
'GetRC4Data = 0 'generate new keys
GetRC4Data = m_RC4
m_RC4 = lpBuffer
End Function
Private Function getInteger(ByRef bArray As Long, ByVal dwLocation As Long) As Long
Call CopyMemory(getInteger, ByVal bArray + dwLocation, 4)
End Function
Private Sub insertInteger(ByRef bArray As Long, ByVal dwLocation As Long, ByVal dwValue As Long)
Call CopyMemory(ByVal bArray + dwLocation, dwValue, 4)
End Sub
Private Function GetSTR(ByRef bArray As Long) As String
Dim bTest As Byte
Dim i As Long
Do
Call CopyMemory(bTest, ByVal bArray + i, 1)
If (bTest = 0) Then
If (i = 0) Then Exit Function
GetSTR = String(i, 0)
Call CopyMemory(ByVal GetSTR, ByVal bArray, i)
Exit Function
End If
i = i + 1
Loop
End Function
Private Function Addr2Ptr(ByVal lngAddr As Long) As Long
Addr2Ptr = lngAddr
End Function
Private Sub Data_Init(ByRef R As RANDOMDATA, ByVal lngSeed As Long)
Dim S As String * 4
Call CopyMemory(ByVal S, lngSeed, 4)
R.Sorc1 = BSHA1(Left$(S, 2), True, True)
R.Sorc2 = BSHA1(Right$(S, 2), True, True)
R.Data = String$(20, 0)
R.Data = BSHA1(R.Sorc1 & R.Data & R.Sorc2, True, True)
R.Pos = 1
End Sub
Private Sub Data_Get_Bytes(ByRef R As RANDOMDATA, ByRef bData() As Byte, ByVal lngBytes As Long)
Dim i As Long
For i = 0 To (lngBytes - 1)
bData(i) = Asc(Mid$(R.Data, R.Pos, 1))
R.Pos = R.Pos + 1
If (R.Pos > 20) Then
R.Pos = 1
R.Data = BSHA1(R.Sorc1 & R.Data & R.Sorc2, True, True)
End If
Next i
End Sub
Private Sub RC4Key(ByRef bData() As Byte, ByRef B() As Byte, ByVal lngLengh As Long)
Dim i As Long
Dim A As Long
Dim C As Byte
Dim bR(255) As Byte
B(256) = 0
B(257) = 0
For i = 0 To 255
bR(i) = bData(i Mod lngLengh)
B(i) = i
Next i
A = 0
For i = 0 To 255
A = (A + B(i) + bR(i)) Mod 256
C = B(i)
B(i) = B(A)
B(A) = C
Next i
End Sub
Private Sub RC4CryptStr(ByRef S As String, ByRef bK() As Byte, ByVal Pos As Long)
Dim A As Long
Dim B As Long
Dim C As Byte
Dim i As Long
A = bK(256)
B = bK(257)
For i = Pos To Len(S)
A = (A + 1) Mod 256
B = (B + bK(A)) Mod 256
C = bK(A)
bK(A) = bK(B)
bK(B) = C
Mid(S, i, 1) = Chr$(Asc(Mid$(S, i, 1)) Xor bK((CInt(bK(A)) + bK(B)) Mod 256))
Next i
bK(256) = A
bK(257) = B
End Sub
Private Sub RC4Crypt(ByRef bData() As Byte, ByRef bK() As Byte, ByVal lngLengh As Long)
Dim A As Long
Dim B As Long
Dim C As Byte
Dim i As Long
A = bK(256)
B = bK(257)
For i = 0 To (lngLengh - 1)
A = (A + 1) Mod 256
B = (B + bK(A)) Mod 256
C = bK(A)
bK(A) = bK(B)
bK(B) = C
bData(i) = bData(i) Xor bK((CInt(bK(A)) + bK(B)) Mod 256)
Next i
bK(256) = A
bK(257) = B
End Sub
Private Function WardenChecksum(ByRef S As String) As Long
Dim lngData(4) As Long
Call CopyMemory(lngData(0), ByVal BSHA1(S, True, True), 20)
WardenChecksum = lngData(0) Xor lngData(1) Xor lngData(2) Xor lngData(3) Xor lngData(4)
End Function
Private Function Get0x02Data(ByRef S As String, ByRef P As Long, ByRef sTable() As String, ByVal sCount As Byte) As String
Dim R As String
Dim bTest As Boolean
Dim A As Long
Dim L As Byte
If ((P + 6) >= Len(S)) Then Exit Function
bTest = (Asc(Mid(S, P + 1, 1)) <= sCount)
bTest = bTest And (Asc(Mid(S, P + 6, 1)) < &H40)
If bTest Then
Call CopyMemory(A, ByVal Mid$(S, P + 2, 4), 4)
L = Asc(Mid$(S, P + 6, 1))
R = GetINI("MEMORY", CStr(sTable(Asc(Mid(S, P + 1, 1))) & "&H" & Hex(A) & "_" & L), m_WardenIniPath, vbNullString)
If Len(R) Then
P = P + 7
Get0x02Data = vbNullChar & HexToStr(R)
Exit Function
End If
End If
If ((P + 29) >= Len(S)) Then Exit Function
bTest = (Asc(Mid$(S, P + 29, 1)) < &H80)
bTest = bTest And (Asc(Mid$(S, P + 28, 1)) = 0)
bTest = bTest And (Asc(Mid$(S, P + 27, 1)) < &H40)
If (bTest = False) Then Exit Function
Call CopyMemory(A, ByVal Mid$(S, P + 26, 4), 4)
If Len(GetINI("PAGEA", CStr("&H" & Hex(A)), m_WardenIniPath, vbNullString)) = 0 Then Exit Function
P = P + 30
Get0x02Data = vbNullChar
End Function
'###################################################################################
'###################################################################################
'############################## Other Functions ####################################
'###################################################################################
'###################################################################################
Private Function malloc(ByVal dwSize As Long) As Long
Dim lngHandle As Long
lngHandle = GlobalAlloc(0, dwSize + 4)
malloc = GlobalLock(lngHandle) + 4
Call CopyMemory(ByVal malloc - 4, lngHandle, 4)
End Function
Private Sub free(ByVal dwPtr As Long)
Dim lngHandle As Long
Call CopyMemory(lngHandle, ByVal dwPtr - 4, 4)
Call GlobalUnlock(lngHandle)
Call GlobalFree(lngHandle)
End Sub
Private Function GetINI(ByVal strHeader As String, ByVal strValueName As String, ByVal strFileName As String, Optional ByVal strDefalt As String = vbNullString) As String
Dim S As String
S = String(512, vbNullChar)
Call GetPrivateProfileStringA(strHeader, strValueName, strDefalt, S, Len(S), strFileName)
GetINI = GetSTRING(S)
End Function
Private Function SaveINI(ByVal strHeader As String, ByVal strValueName As String, ByVal strValue As String, ByVal strFileName As String)
On Error GoTo SaveINIErr
Call WritePrivateProfileStringA(strHeader, strValueName, strValue, strFileName)
SaveINIErr:
End Function
Private Function GetSTRING(ByVal S As String, Optional ByVal T As String = vbNullChar) As String
Dim i As Integer
i = InStr(1, S, T)
If (i = 0) Then
GetSTRING = S
Else
GetSTRING = Mid(S, 1, (i - 1))
End If
End Function
Private Function StrToHex(ByVal strData As String, Optional Splitter As String = " ") As String
Dim aLen As Long: aLen = Len(strData)
Dim eLen As Long: eLen = 2 + Len(Splitter)
Dim iPos As Long
StrToHex = Space((aLen * eLen))
For i = 1 To (aLen * eLen) Step eLen
iPos = iPos + 1
Mid(StrToHex, i, eLen) = Right("0" & Hex(Asc(Mid(strData, iPos, 1))), 2) & Splitter
Next i
StrToHex = Trim(StrToHex)
End Function
Private Function HexToStr(ByVal strData As String) As String
HexToStr = String(Len(strData) / 3, 0)
Dim iPos As Long
For i = 1 To Len(strData) Step 3
iPos = iPos + 1
Mid$(HexToStr, iPos, 1) = Chr("&H" & Mid$(strData, i, 2))
Next i
End Function
Private Function ExecuteCode(ByRef bBuf() As Byte, ParamArray Code() As Variant) As Long
Dim i As Long
Dim Pos As Long
For i = 0 To UBound(Code)
If (VarType(Code(i)) = vbLong) Then
Call CopyMemory(bBuf(Pos), CLng(Code(i)), 4): Pos = Pos + 4
ElseIf (Code(i) >= 0) And (Code(i) <= &HFF) Then
bBuf(Pos) = Code(i): Pos = Pos + 1
ElseIf (Code(i) >= &H8000) And (Code(i) <= &H7FFF) Then
Call CopyMemory(bBuf(Pos), CInt(Code(i)), 2): Pos = Pos + 2
Else
Call CopyMemory(bBuf(Pos), CLng(Code(i)), 4): Pos = Pos + 4
End If
Next i
ExecuteCode = CallWindowProcA(VarPtr(bBuf(0)), 0, 0, 0, 0)
End Function
Private Function BSHA1(ByVal S As String, _
Optional ByVal bRE As Boolean = False, _
Optional ByVal bStandard As Boolean = False) As String
Dim B(21) As Long 'hash buffer
Dim i As Long
'//Init the seeds
B(0) = &H67452301
B(1) = &HEFCDAB89
B(2) = &H98BADCFE
B(3) = &H10325476
B(4) = &HC3D2E1F0
'//Update the string buffer (to be hashed)
Call SHA1Update(bRE, bStandard, B(), S)
'//Reverse endian if needed
If bRE Then
For i = 0 To 4
B(i) = htonl(B(i))
Next i
End If
'//Return the broken SHA1 hash
BSHA1 = String(20, 0)
Call CopyMemory(ByVal BSHA1, B(0), 20)
End Function
Private Sub SHA1Update(ByVal bRE As Boolean, _
ByVal bS As Boolean, _
ByRef B() As Long, _
ByVal S As String)
Dim i As Long
Dim A As String
If bS Then
'//Standard SHA1 padding
A = Chr$(128) & String$((128 - (Len(S) Mod 64) - 9) Mod 64, 0)
If bRE Then
S = S & A & String$(4, 0) & StrReverse(MakeDWORD((Len(S) * 8)))
Else
S = S & A & MakeDWORD((Len(S) * 8)) & String$(4, 0)
End If
Else
If ((Len(S) Mod 64) <> 0) Then
'//buffer the string so its divisible by 64 (0x40)
S = S & String(64 - (Len(S) Mod 64), 0)
End If
End If
For i = 1 To Len(S) Step 64
'//copy chunk of the string into the long array to be hashed
Call CopyMemory(B(5), ByVal Mid$(S, i, 64), 64)
'//transform
Call SHA1Transform(bRE, bS, B)
Next i
End Sub
Private Sub SHA1Transform(ByVal bRE As Boolean, ByVal bS As Boolean, ByRef P() As Long)
Dim hB(80) As Long
Dim A As Long
Dim B As Long
Dim C As Long
Dim D As Long
Dim E As Long
Dim G As Long
Dim i As Long
If bRE Then 'reverse endian
For i = 0 To 15: hB(i) = htonl(P(i + 5)): Next i
Else
For i = 0 To 15: hB(i) = P(i + 5): Next i
End If
If bS Then 'standard SHA1
For i = 16 To 79
hB(i) = LSC((hB(i - 16) Xor hB(i - 8) Xor hB(i - 14) Xor hB(i - 3)), 1)
Next i
Else
For i = 16 To 79
hB(i) = LSC(1, (hB(i - 16) Xor hB(i - 8) Xor hB(i - 14) Xor hB(i - 3)) And 31)
Next i
End If
A = P(0)
B = P(1)
C = P(2)
D = P(3)
E = P(4)
For i = 0 To 19
G = Add(Add(Add(Add(hB(i), E), LSC(A, 5)), ((B And C) Or ((Not B) And D))), &H5A827999)
E = D: D = C: C = LSC(B, 30): B = A: A = G
Next i
For i = 20 To 39
G = Add(Add(Add(Add(hB(i), E), LSC(A, 5)), (D Xor C Xor B)), &H6ED9EBA1)
E = D: D = C: C = LSC(B, 30): B = A: A = G
Next i
For i = 40 To 59
G = Add(Add(Add(Add(hB(i), E), LSC(A, 5)), (C And B) Or (D And C) Or (D And B)), &H8F1BBCDC)
E = D: D = C: C = LSC(B, 30): B = A: A = G
Next i
For i = 60 To 79
G = Add(Add(Add(Add(hB(i), E), LSC(A, 5)), (D Xor C Xor B)), &HCA62C1D6)
E = D: D = C: C = LSC(B, 30): B = A: A = G
Next i
P(0) = Add(P(0), A)
P(1) = Add(P(1), B)
P(2) = Add(P(2), C)
P(3) = Add(P(3), D)
P(4) = Add(P(4), E)
End Sub
'~~~~~~ Extra functions ~~~~~~~
Private Function LSC(ByVal N As Long, ByVal S As Long) As Long
'left shift circle
LSC = (LS(N, S) Or RS(N, (32 - S)))
End Function
Private Function RS(ByVal N As Long, ByVal S As Long) As Long
'right shift bits
If (S < 0) Or (S > 31) Then
RS = 0
ElseIf (S = 0) Then
RS = N
Else
If ((N And &H80000000) = &H80000000) Then
N = (N And &H7FFFFFFF)
If (S = 31) Then 'stop over flow when shifting 31bits
N = N / 2147483648#
Else
N = N \ (2 ^ S)
End If
RS = N Or (2 ^ (31 - S))
Else
RS = Int(CDbl(N) / CDbl(2 ^ S))
End If
End If
End Function
Private Function LS(ByVal N As Long, ByVal S As Long) As Long
'left shift bits
If (S < 0) Or (S > 31) Then
LS = 0
ElseIf S = 0 Then
LS = N
Else
N = N And (2 ^ (32 - S) - 1)
LS = WDbl(CDbl(N) * CDbl(WDbl(2 ^ S)))
End If
End Function
Private Function WDbl(ByVal N As Double) As Long
'wrap a double back to a long
If N > &H7FFFFFFF Then
N = N - 4294967296#
ElseIf N < &H80000000 Then
N = N + 4294967296#
End If
WDbl = N
End Function
Private Function Add(ByVal N1 As Long, ByVal N2 As Long, Optional ByVal D As Double) As Long
'add 2 longs to a double, then wrap round
D = N1
D = D + N2
Add = WDbl(D)
End Function
Private Function MakeDWORD(ByVal lngValue As Long) As String
MakeDWORD = String(4, vbNullChar)
Call CopyMemory(ByVal MakeDWORD, lngValue, 4)
End Function
Private Sub OnSendPacket(ByRef Data As String)
Dim bHeader(3) As Byte
bHeader(0) = &HFF
bHeader(1) = &H5E
Call CopyMemory(bHeader(2), CInt(Len(Data) + 4), 2)
Call send(m_SocketHandle, bHeader(3), 4, 0&)
Call send(m_SocketHandle, ByVal Data, Len(Data), 0&)
Debug.Print "SEND: " & StrToHex(Data)
End Sub
Code: SEXP WARDEN [MEMORY] &H41E237_4=74 38 A0 51 &H41E23E_16=0F BF 0D 54 EF 6C 00 0F BF 15 58 EF 6C 00 0C 01 &H41E24F_9=0F BF 35 56 EF 6C 00 A2 51 &H41E25B_10=0F BF 05 52 EF 6C 00 8D 74 06 &H4433E5_6=74 18 8B 46 0C E8 &H450236_12=8B 04 85 FC F4 68 00 83 F8 64 74 72 &H450240_6=74 72 85 C0 74 6E &H4512E8_5=74 07 8A 43 46 &H4565E9_5=56 8B C3 E8 9F &H4565EE_5=FE FF FF 85 C0 &H45816A_5=80 3D 3D 72 59 &H45816F_4=00 01 75 45 &H458E4A_5=80 F9 01 66 89 &H458E4F_6=15 C4 C1 68 00 5E &H46F428_9=84 C8 0F 84 05 01 00 00 8B &H46F42A_9=0F 84 05 01 00 00 8B 8E DC &H47FF61_11=8A 46 07 8A A8 A0 73 59 00 03 FA &H485BD0_9=55 8B EC 51 A1 A0 4A 65 00 &H486033_6=C3 CC CC CC CC CC &H48A452_11=E9 E9 71 FD FF E9 54 71 FD FF C3 &H48E502_2=74 73 &H4A3357_8=A3 80 CC 59 00 E8 3F 24 &H4A3ECD_12=68 B0 DD 6C 00 FF 15 7C E3 4F 00 C3 &H4BD60F_8=E8 CC 32 FC FF E8 47 F9 &H4CE6B7_6=C3 CC CC CC CC CC &H4D302D_16=68 B0 DD 6C 00 FF 15 7C E3 4F 00 A1 F8 68 59 00 [PAGEA] &H10000050=00 &H10000070=00 &H100000A1=00 &H1700007C=00 &H170001E9=00 &H19000059=00 &H1A0000C3=00 &H1F000219=00 &H1F000234=00 &H20000022=00 &H20000049=00 &H23000048=00 &H24000032=00 &H250001EE=00 &H250001FE=00 &H28000091=00 &H2A0000E1=00 &H2A0000F1=00 &H3000069C=00 &H300006D4=00 &H300006D7=00 &H300007A8=00 &H32000121=00 &H33000030=00 &H3700008E=00 &H40000081=00 &HD0000E8=00 &HD000160=00 &HE0001FD=00 &HE000622=00 Code: WAR3XP [MEMORY] game.dll&H3A1DCE_7=E8 5D D6 C6 FF 8B D0 game.dll&H285B3A_8=E8 81 FA 22 00 8B 40 10 game.dll&H743576_8=C1 E0 08 03 E8 8B 84 AE game.dll&H361DD3_7=E8 78 F4 1C 00 85 C0 game.dll&HF453_9=8B 41 14 8B 49 10 BA 02 00 game.dll&H3C1354_8=F6 D0 8A C8 8B 44 24 1C game.dll&H3F92CA_6=75 0A 83 7B 14 00 game.dll&H3A1E8E_7=8B 54 24 20 0F B7 32 game.dll&H285B33_7=B9 0D 00 00 00 8B E8 game.dll&H283444_7=8B C8 BA 01 00 00 00 game.dll&H39A39B_6=8B 97 98 01 00 00 game.dll&H39A458_6=74 27 39 6C 24 44 game.dll&HF490_6=74 08 8B 00 83 C4 game.dll&H73DFFC_7=E8 DF 3D FF FF 85 C0 game.dll&H361DF9_7=33 C9 B8 01 00 00 00 game.dll&H431569_6=85 C0 0F 84 AD 00 game.dll&H356F1C_8=3B 86 18 02 00 00 89 44 game.dll&H3A1DE3_4=75 04 A8 02 game.dll&H36040A_6=EB 08 C7 44 24 18 game.dll&H285BA2_5=75 29 53 8B CF game.dll&H3A1DE9_7=8B 44 24 24 66 09 18 game.dll&H39A3B1_10=55 50 56 E8 37 7B 00 00 23 D8 game.dll&H356C67_8=85 DB 8A 8E E8 07 00 00 game.dll&H361DFC_6=01 00 00 00 D3 E8 game.dll&H39A465_13=66 85 87 F4 01 00 00 74 1D 8B 8F 98 01 game.dll&H285B8C_6=74 2A 8B 44 24 20 game.dll&H28345C_4=C3 CC CC CC game.dll&H3A1E64_6=8B 0C 41 66 8B 04 game.dll&H356E7E_5=66 85 C0 76 04 game.dll&H73DEC9_6=8A 90 6C 68 AA 6F game.dll&H3C135C_10=3D FF 00 00 00 76 05 C1 F8 1F game.dll&H362211_10=85 C0 0F 84 30 04 00 00 8B 03 game.dll&H431556_6=85 C0 0F 84 C0 00 game.dll&H3A1E9B_4=23 CA 75 32 game.dll&H3C5C22_12=74 0B 81 88 7C 02 00 00 00 02 00 00 game.dll&H73DEB7_10=0F B7 0C 4A 81 C9 00 F0 00 00 [PAGEA] &HD0000E8=00 &HE000622=00 &H300006D4=00 &H19000059=00 &H300006D7=00 &H23000048=00 &H2A0000F1=00 &H24000032=00 &HE0001FD=00 &H20000049=00 &H300007A8=00 &H1700007C=00 &H1F000234=00 &H100000A1=00 &H10000050=00 &HD000160=00 &H10000070=00 &H1A0000C3=00 &H24000030=00 &H3700008E=00 &H3000069C=00 &H1F000219=00 &H2A0000E1=00 &H28000091=00 |
|
#8
04-18-2009, 11:44 PM
| |||
| |||
| Quote:
|
)) |
#10
04-19-2009, 01:34 PM
| |||
| |||
| |
| D3scene |
|
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
| All times are GMT +1. The time now is 09:57 AM. |
