Undetected offsets

This is a discussion on Undetected offsets within the Warcraft 3 Hacks, bots and tools board part of the Warcraft 3 forum category; How do we find them? And how would we know if they're undetected? I've been reading tutorials but there's none ...

Results 1 to 6 of 6
  1. #1
    jazsinlaboi is offline Newbie
    Array
    Join Date
    Mar 2010
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0

    Undetected offsets

    How do we find them? And how would we know if they're undetected? I've been reading tutorials but there's none that talks about finding undetected offsets. Please help!!


  2. #2
    0x90 is offline Newbie
    Array
    Join Date
    Mar 2011
    Location
    Germany
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    7
    Reputation
    12
    Quote Originally Posted by jazsinlaboi View Post
    How do we find them? And how would we know if they're undetected? I've been reading tutorials but there's none that talks about finding undetected offsets. Please help!!
    i was thinking about that too for quite some time now.
    since im pretty new to wc3 i dont know how their anticheat (warden) really works and i didnt really find any detailed info about that.
    if they really scan for some offsets (of known hacks) you could always patch another code-offset which isnt known yet.
    but i guess checking the whole code-section of a module (like the game.dll) with some kind of hashing (md5 or better sha-256 for example) would be way better, so they could actually find ANY changes/patches of their code. perhaps it even works that way?! like i said, i never really looked into that.

    yourname is using a quite simple but i guess effective method to hide it form warden, by manually unlinking the game.dll and re-loading it via the loadlibraryex call. i didnt really check this also, but i guess the patches are made to the (now hidden) game.dll which is also used by the wc3 process, but warden only sees the unpatched (new) game.dll since i guess it just uses the getmodulehandle call to "find" it... since this one is unaltered warden should think that everything is ok.
    if this method still works, it would mean that selfhack is still undetected and safe?! perhaps yourname could say something to this one or about his approach at all?
    warden could of course begin to check the calls/pointer in the wc3 process to the game.dll it uses. it would then see that the memory region doesnt belong to the game.dll it sees via getmodulehandle.. or more important: it doesnt belong to any module, just some allocated memory region. this should be really obvious in terms of anticheat!

    but there are of course many other methods to obfuscate hacks or make them harder to detect. im talking about methods/approaches like HWBPs or VEH "detouring" etc, which many current hacks (mostly for FPS games) are using.
    many people are talking about zMap and how it is undetectable, which i doubt btw because everything is detectable if you know what youre looking for, but i would really be interested if its using a method like those mentioned above.

    perhaps another game"hacker" or coder would be interested in some kind of discussion about that or would tell us their opinion. im really looking forward to that

    0x90

  3. #3
    YourName's Avatar
    YourName is offline THE ONE AND ONLY DARK KNIGHTY


    Array
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    1,553
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    16
    Reputation
    1088
    Oh well, you can also hook functions like VirtualQuery or GetModuleHandle etc to return nothing when Warcraft (or Warden, more likely) tries to find a region which contains the changed game.dll.

    Also what you said, you can simply use offsets Warden doesn't scan for. It does a scan on different parts and checks if those are changed. That was only effective on private hacks though, but doesn't matter much nowadays since I guess they don't really update Warden anymore.
    Last edited by YourName; 03-28-2011 at 03:58 PM.
    Providing you with foolish stuff since 2007.

  4. #4
    hendthenoob is offline Wannabe Member
    Array
    Join Date
    Apr 2010
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    1
    Darimus (author of the famous TFTLocal) used to have a private generic Warden bypass did something like this. Cloned game.dll patched to make warden scan it instead of the actual game.dll read by the game.

  5. #5
    Programme is offline Newbie
    Array
    Join Date
    Mar 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    But is Tirano's SEH method detected ?

    AFAIK it was not.

  6. #6
    JoeBlack2060's Avatar
    JoeBlack2060 is offline Hacker
    Array
    Join Date
    Mar 2011
    Location
    California
    Posts
    207
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    7
    Reputation
    35
    Nice methods to screw Warden
    YourName's hook function usage is still the best way to own!

Similar Threads

  1. [PC] Offsets for 1.0.168
    By dumbkk in forum CoD 6 hacks
    Replies: 0
    Last Post: 11-23-2009, 02:29 PM
  2. A Few Offsets
    By Bacardi in forum WoW Private Server Hacks
    Replies: 1
    Last Post: 05-08-2009, 09:02 PM
  3. How Can i Find undetected offsets
    By DarkOwn in forum Warcraft 3 forum
    Replies: 12
    Last Post: 07-22-2008, 10:54 AM
  4. Offsets! [email protected]#!
    By Willn21 in forum Warcraft 3 forum
    Replies: 0
    Last Post: 07-05-2008, 06:32 PM
  5. About offsets
    By Range in forum Warcraft 3 forum
    Replies: 0
    Last Post: 05-27-2007, 03:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •