a way to bypass bnet/garena detection

This is a discussion on a way to bypass bnet/garena detection within the Warcraft 3 Hacks, bots and tools board part of the Warcraft 3 forum category; you can check yourself with ollydbg...

Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31
  1. #11
    max123456 is offline Member
    Array
    Join Date
    Dec 2007
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    10
    Reputation
    3
    you can check yourself with ollydbg


  2. #12
    ricco96 is offline Newbie
    Array
    Join Date
    Nov 2008
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    All these languages are confusing. Anyone know an exact way to do this, perhaps a tutorial or something? I want to try it out!

  3. #13
    Yurnero is offline Member
    Array
    Join Date
    Mar 2009
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    What ricco said

  4. #14
    conspiracytheory is offline Member
    Array
    Join Date
    Apr 2008
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    good work. Ty =)

  5. #15
    MageBGD is offline Banned User Array
    Join Date
    May 2009
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Well done.

  6. #16
    Omnie is offline Newbie
    Array
    Join Date
    Mar 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    If in your hacked dll you rewrites the bytes (for LoadLibrary()) this will be quite effective until Blizz come up with new methods of scanning (probably to reading Warcraft 3's entire memory and looking for known signatures), which they don't seem keen to do, given cEngine's success.

    To those of you that don't understand the first post, this will be useless to you, as it is a method for hacks to hide from Warden, which means you need to develop them yourself for this to be of value and if you could, you'd understand the first post .
    Last edited by Omnie; 06-08-2009 at 11:37 PM.

  7. #17
    allanho is offline Guru
    Array
    Join Date
    Mar 2009
    Posts
    89
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    6
    The computer gangster underworld, this is where it all happen baby

  8. #18
    Darimus's Avatar
    Darimus is offline Hacker
    Array
    Join Date
    Jul 2008
    Posts
    185
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    300
    Quote Originally Posted by thewisp View Post
    How does bnet warden detect your maphack ?

    since it knows about "common" maphacks, it scans several addresses in game.dll module (the loaded game.dll in RAM, not the file) , these are the address where maphack would change.

    now the question is : WHY does warden know it is "game.dll" ?

    is there anywhere the base address of game.dll being saved?

    i have traced war3.exe, it loads game.dll with LoadLibraryA, then call gamemain with arg base address of game.dll (6F000000), this gamemain would only return when the game quits. During the whole thing, war3.exe knows nothing about game.dll, and doesnt use any function from game.dll.

    I guess bnet just uses "game.dll" as name to get address and scans in it.

    So actually you can modify war3.exe, so that it loads "another" game.dll after the normal one. lets say "gamehack.dll". see the pic

    push game.dll
    call edi ; here edi = LoadLibraryA

    before next step (mov esi , eax) where saves the result (6F000000)
    u gotta insert another load

    push game.dll
    call edi
    push gamehack.dll
    call edi
    mov esi , eax
    ...

    now it returns the base address of gamehack.dll, not game.dll, which means the game uses gamehack.dll as main code, but game.dll is also loaded (taking address 6F000000)

    now you can do any change to gamehack.dll, because warden never knows about it. warden only knows "game.dll " so it will have game.dll and its code , but there is no changes at all .
    Did you actually test your idea online? You could do so without a program to expressly implement this by breakpointing at war3.exe + 0x0000130A, changing EIP to war3.exe + 0x00001303, modifying the pushed string to a 4-letter filename (like asdf.dll) in place of game and changing it back to game.dll after the LoadLibrary call returns. You could then take practically any hack program on this site and search with a hex editor for "game.dll" or "game" and modify it to "asdf.dll" or "asdf" and it should allow you to test your theory. This will make the program modify the new DLL without having to make a new program for this purpose either.

    Execution does indeed occur in the newly loaded module, but the newly loaded module is not bytewise identical; any direct reference to a game address (such as a pushed game address, or a static memory address) will be different than the originally loaded game module. Also, the warden module might be made to refer to relative offsets to the module it's executing in, instead of expressly using the base from "game.dll".

    This is not to say it will or will not work, but I would suggest testing it (with the above-mentioned implementation) to see if it would work before spending any more time on anything related to it.

  9. #19
    thewisp is offline Advanced Hacker
    Array
    Join Date
    Jun 2008
    Posts
    390
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    256
    thx for your advice
    well, at least this would disable garena
    actually i made a testversion , but it's hard to see if bnet really detects it (unless i use a detected maphack) for now i only have jAPI which is not detected yet.

    use jAPI to collide the core jass and write all things in jass

  10. #20
    Omnie is offline Newbie
    Array
    Join Date
    Mar 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Quote Originally Posted by darimus
    but the newly loaded module is not bytewise identical; any direct reference to a game address (such as a pushed game address, or a static memory address) will be different than the originally loaded game module. Also, the warden module might be made to refer to relative offsets to the module it's executing in, instead of expressly using the base from "game.dll".
    If you're only patching, it won't matter, it's if you're inserting bytes where you will come unstuck.

    And that's a good point, I can't say either way what it does, and I guess blizz can just make new modules that use relative offsets rather than by finding the dll's base....

Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Memoirs of World of Warcraft
    By Hallowsend in forum WoW forum
    Replies: 21
    Last Post: 08-28-2013, 10:34 AM
  2. Dota Client Bypass
    By Shad0wKn1ght in forum Warcraft 3 Hacks, bots and tools
    Replies: 35
    Last Post: 10-07-2009, 02:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •