michymichy
New Member
- Joined
- Feb 26, 2015
- Messages
- 1
- Reaction score
- 0
Hi all,
I am just wondering, whenever u open DB, even if you rename the file, you still saw the name "demonbuddy" in the description column of the task manager. (you can try rename the DB file, and run it, u will still saw demonbuddy in task manager under description column )
Does this means the Warden.mod only have to scan whats running at the background except Diablo3.exe, and if there is a description named demonbuddy, then they could just ban that account ??
I saw a post regarding someone captured some packs from Warden.mod
seg000:7AF6211A aKernel32_dll db 'KERNEL32.dll',0
seg000:7AF6212A aProcess32first db 'Process32First',0
seg000:7AF6214C aIsbadreadptr db 'IsBadReadPtr',0
seg000:7AF6216D aModule32first db 'Module32First',0
seg000:7AF621A4 aProcess32next db 'Process32Next',0
seg000:7AF621A6 aGetmodulehandl db 'GetModuleHandleA',0
seg000:7AF621F1 aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
seg000:7AF6223A aModule32next db 'Module32Next',0
seg000:7AF6224B aClosehandle db 'CloseHandle',0
seg000:7AF6225C aLstrcmpia db 'lstrcmpiA',0
seg000:7AF6225D aUser32_dll db 'USER32.dll',0
seg000:7AF6226F aGetwindowtexta db 'GetWindowTextA',0
seg000:7AF622AA aEnumwindows db 'EnumWindows',0
seg000:7AF622AB aCharupperbuffa db 'CharUpperBuffA',0
seg000:7AF622AF aFindwindowa db 'FindWindowA',0
He said Process32First、Process32Next aiming to find any doubtful task while D3 is running, and EnumWindows、FindWindowA aiming to find doubtful windows.
If he is correct, could I assuming this is how warden identify who is running DB or not ?
Also, after I saw these post, I tried to modify the file descriptions, I found it wont work, coz i am not authorized to do so, even if I tried to give the highest authorization to the file to all the accounts, including administrator, users, etc.
Any 1 has a solution to this ?
Many thanks
I am just wondering, whenever u open DB, even if you rename the file, you still saw the name "demonbuddy" in the description column of the task manager. (you can try rename the DB file, and run it, u will still saw demonbuddy in task manager under description column )
Does this means the Warden.mod only have to scan whats running at the background except Diablo3.exe, and if there is a description named demonbuddy, then they could just ban that account ??
I saw a post regarding someone captured some packs from Warden.mod
seg000:7AF6211A aKernel32_dll db 'KERNEL32.dll',0
seg000:7AF6212A aProcess32first db 'Process32First',0
seg000:7AF6214C aIsbadreadptr db 'IsBadReadPtr',0
seg000:7AF6216D aModule32first db 'Module32First',0
seg000:7AF621A4 aProcess32next db 'Process32Next',0
seg000:7AF621A6 aGetmodulehandl db 'GetModuleHandleA',0
seg000:7AF621F1 aCreatetoolhelp db 'CreateToolhelp32Snapshot',0
seg000:7AF6223A aModule32next db 'Module32Next',0
seg000:7AF6224B aClosehandle db 'CloseHandle',0
seg000:7AF6225C aLstrcmpia db 'lstrcmpiA',0
seg000:7AF6225D aUser32_dll db 'USER32.dll',0
seg000:7AF6226F aGetwindowtexta db 'GetWindowTextA',0
seg000:7AF622AA aEnumwindows db 'EnumWindows',0
seg000:7AF622AB aCharupperbuffa db 'CharUpperBuffA',0
seg000:7AF622AF aFindwindowa db 'FindWindowA',0
He said Process32First、Process32Next aiming to find any doubtful task while D3 is running, and EnumWindows、FindWindowA aiming to find doubtful windows.
If he is correct, could I assuming this is how warden identify who is running DB or not ?
Also, after I saw these post, I tried to modify the file descriptions, I found it wont work, coz i am not authorized to do so, even if I tried to give the highest authorization to the file to all the accounts, including administrator, users, etc.
Any 1 has a solution to this ?
Many thanks
