a way to bypass bnet/garena detection

This is a discussion on a way to bypass bnet/garena detection within the Warcraft 3 Hacks, bots and tools board part of the Warcraft 3 forum category; where does warden exist? in war3 .exe? or game.dll itself?? what method does warden use to check the memory? ReadProcessMemory?...

Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31
  1. #21
    cqccyh is offline Premium Member
    Array
    Join Date
    Oct 2008
    Posts
    912
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    453
    where does warden exist? in war3.exe? or game.dll itself??



    what method does warden use to check the memory? ReadProcessMemory?

  2. #22
    Yurnero is offline Member
    Array
    Join Date
    Mar 2009
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    What program did you use for this?

  3. #23
    Omnie is offline Newbie
    Array
    Join Date
    Mar 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Quote Originally Posted by cqccyh View Post
    where does warden exist? in war3.exe? or game.dll itself??

    what method does warden use to check the memory? ReadProcessMemory?
    Warden exists in game.dll and no, it uses pointers.

  4. #24
    thewisp is offline Advanced Hacker
    Array
    Join Date
    Jun 2008
    Posts
    390
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    256
    warden does not exist in game.dll
    otherwise how could bnet update warden without changing your game.dll

    bnet actually sends you a small dll and u must run it .

  5. #25
    Darimus's Avatar
    Darimus is offline Hacker
    Array
    Join Date
    Jul 2008
    Posts
    185
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    300
    Quote Originally Posted by Omnie View Post
    Warden exists in game.dll and no, it uses pointers.
    It's called from game.dll, but exists in dynamically allocated memory. Checking memory is performed with a rep movs instruction, moving DWORDs at a time, and optionally bytes afterwards, if necessary.

  6. #26
    Omnie is offline Newbie
    Array
    Join Date
    Mar 2009
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Quote Originally Posted by darimus
    Checking memory is performed with a rep movs instruction, moving DWORDs at a time, and optionally bytes afterwards, if necessary.
    Yesterday 09:05 PM
    That utilises pointers though..?

    Quote Originally Posted by thewisp View Post
    warden does not exist in game.dll
    otherwise how could bnet update warden without changing your game.dll

    bnet actually sends you a small dll and u must run it .
    If I'm not mistaken, there is a base warden client that physically exists in game.dll, which then serves as a platform for extracting, decrypting and executing the downloaded modules.

    Afaik, Warden itself isn't actually modified.
    Last edited by Omnie; 06-11-2009 at 10:37 AM.

  7. #27
    acel is offline Member
    Array
    Join Date
    Dec 2008
    Posts
    43
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    24
    OK if I have understood everything this simply creates a "fake road", which missleads WC3 to read another DLL instead of game.dll

    Then we can change all maphacks to edit the other DLL and get the same result as the normal way...

    I have allready made a copy of game.dll and renamed it. Then I changed the source of SD33221's maphack so it would grab my other DLL instead and compiled it. My problem is that I don't know how to insert the new strings into war3.exe... The only things that I have done with OllyDBG are some CrackMe's and some really basic stuff. If anyone could help or link to a good tutorial/guide it would be really appriciated.

    Hope someone can help, Acel

  8. #28
    yellowsnow is offline Member
    Array
    Join Date
    Jun 2009
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    26
    So umm, this is basically code-injection, all warden then has to do is scan for dll's that shouldn't be in memory. I'm pretty sure what most of these hacks suffer from is from loading dll's into war3.exe, its very easy for bnet to catch this. The hacks that are really hard for bnet to catch are ones that use code caving techinique for code-injection. You can read about the differen't methods of code-injection here:

    edit- I can't post links. fucking stupid

  9. #29
    yellowsnow is offline Member
    Array
    Join Date
    Jun 2009
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    26
    Quote Originally Posted by Darimus View Post
    It's called from game.dll, but exists in dynamically allocated memory. Checking memory is performed with a rep movs instruction, moving DWORDs at a time, and optionally bytes afterwards, if necessary.
    I very much doubt they move DWORDs at a time, unless they only check a select few DWORDs. If they want to do a thorough check there are much better techniques such as hashing.

  10. #30
    yellowsnow is offline Member
    Array
    Join Date
    Jun 2009
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    26
    Quote Originally Posted by thewisp View Post
    warden does not exist in game.dll
    otherwise how could bnet update warden without changing your game.dll

    bnet actually sends you a small dll and u must run it .
    Warden just needs some code somewhere on the client that will let it call all the functions that it needs. These calls can be sufficiently general enough such that updating Warden server-side does not require an update client-side. They do this in a lot of their games, take forexample WoW hotfixes.

Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Memoirs of World of Warcraft
    By Hallowsend in forum WoW forum
    Replies: 21
    Last Post: 08-28-2013, 10:34 AM
  2. Dota Client Bypass
    By Shad0wKn1ght in forum Warcraft 3 Hacks, bots and tools
    Replies: 35
    Last Post: 10-07-2009, 02:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •