What's new
By:
  • Visit Rebornbuddy
  • Visit Resources
  • Visit API Documentation
  • Visit Downloads
  • Visit Portal
  • Visit Panda Profiles
  • Visit LLamamMagic

The Warden!!!

Status
Not open for further replies.
aionskyg

aionskyg

Member
Joined
Sep 3, 2012
Messages
132
Reaction score
0
You have been locked up . This is definitely the thing.:(:(



Take the following facts speak :
The Warden works: the game client to connect to the server when entering the game ( when logged in ) , the client and server side first negotiate a new session key (128位RC4) for subsequent Warden communications. negotiate encryption process . The focus here is to understand , warden of the data exchanged between the client and the server is encrypted , the key is dynamically generated.


Fraud detection module (Warden.mod) on the server side ( the content is not already fixed size ) . After the establishment of the local Warden Service server using packet AE Warden.mod sent to the game client , this can be done randomness detection mechanism .


Here is part of my content Warden.mod intercepted Today:
seg000: 7AF6211A aKernel32_dll db 'KERNEL32.dll', 0
seg000: 7AF6212A aProcess32first db 'Process32First', 0
seg000: 7AF6214C aIsbadreadptr db 'IsBadReadPtr', 0
seg000: 7AF6216D aModule32first db 'Module32First', 0
seg000: 7AF621A4 aProcess32next db 'Process32Next', 0
seg000: 7AF621A6 aGetmodulehandl db 'GetModuleHandleA', 0
seg000: 7AF621F1 aCreatetoolhelp db 'CreateToolhelp32Snapshot', 0
seg000: 7AF6223A aModule32next db 'Module32Next', 0
seg000: 7AF6224B aClosehandle db 'CloseHandle', 0
seg000: 7AF6225C aLstrcmpia db 'lstrcmpiA', 0
seg000: 7AF6225D aUser32_dll db 'USER32.dll', 0
seg000: 7AF6226F aGetwindowtexta db 'GetWindowTextA', 0
seg000: 7AF622AA aEnumwindows db 'EnumWindows', 0
seg000: 7AF622AB aCharupperbuffa db 'CharUpperBuffA', 0
seg000: 7AF622AF aFindwindowa db 'FindWindowA', 0


Somewhat experienced programmer , Process32First, Process32Next is to analyze the suspicious process , Module32First, Module32Next is to analyze suspicious Dll, EnumWindows, FindWindowA is to analyze suspicious window.


Do not take on Diablo 3 other programs can not check the computer to stall , The Warden since the invention is not so Day parade . Otherwise, the year is not a stick and killed so many people .


Then I hang up the afternoon we went down the program . Briefly analyzed . Process is not hidden , the file header is obvious. Very suitable for testing.


So , if you opened the hook program , in fact, Blizzard has been well aware. As for why not seal , personal task is waiting period.
 
dafuq did i just read.

The power of google translate is strong in this one.
 
aionskyg said:
The Warden since the invention is not so Day parade . Otherwise, the year is not a stick and killed so many people .
Click to expand...

chinglish_1468537c.jpg
 
aionskyg said:
Otherwise, the year is not a stick and killed so many people.
Then I hang up the afternoon we went down the program.
Click to expand...

typical google translate though, don't worry aion :p

Remember everyone, the year is not a stick and it kills people.
 
well! we should conduct a referendum and let ppl choose will they rather live in stick and let it sometims kill em or or turn it into a glass or chair where the things might not go that bad
 
Why is this a joke? I'm assuming that Warden.mod is an issue for Demonbuddy users and this post is divulging useful info.

Is DB immune to warden or something and I just don't understand?
 
ANy devs give insight?

I think he stating that there was changes with warden.
 
Makes since considering D3 warden uses VirtualQueryEx

Does DB use Windows API Hooks ?

does D3 load NTDLL forcefully for API mem mapping?
 
何ですかこれ?

edit
もし重要なことだったら僕が通訳してましょうか?
 
Last edited:
XmidiXx said:
:confused:
Click to expand...

Why would they even ban you on a game without an economy?

Seems illogical to put tonnes of work into updating D3 warden to catch people that are not even ruining a game... because well. ye. that's why they removed RMAH anyway.
 
zezima said:
Why would they even ban you on a game without an economy?

Seems illogical to put tonnes of work into updating D3 warden to catch people that are not even ruining a game... because well. ye. that's why they removed RMAH anyway.
Click to expand...

because it's against the TOA
 
Besides the fact that the translation was a bit off... this is meant to help fellas. He mentions that the DemonBuddy process isn't hidden at all, and the header (the title bar) is obvious to what it is. Blizzard's Warden (the service that detects hacks/cheats/bots) can easily read the process information about the software we all use.

It's easy to make jokes about this but I think there are some things to think about :P
 
deadmeat1 said:
Besides the fact that the translation was a bit off... this is meant to help fellas. He mentions that the DemonBuddy process isn't hidden at all, and the header (the title bar) is obvious to what it is. Blizzard's Warden (the service that detects hacks/cheats/bots) can easily read the process information about the software we all use.

It's easy to make jokes about this but I think there are some things to think about :P
Click to expand...

EVERY single header is viewable... even honorbuddy... so that means HB is detected too, i suppose?

wrong.

seg000: 7AF6226F aGetwindowtexta db 'GetWindowTextA', 0
seg000: 7AF622AA aEnumwindows db 'EnumWindows', 0

the only way to stop it knowing names of window's is well.. change the name of the window...
 
Xenrail said:
because it's against the TOA
Click to expand...

So is modding, i still haven't been banned for my HuD.

extremevil said:
fuck it. i'm just going to continue botting. if bliz ban me so be it.
Click to expand...

good choice, bans come either way.

i really doubt you would get banned for having a window called Demonbuddy open anyway...
i could make my notepad have the header demonbuddy, doesn't really warrant a ban
 
Last edited:
Status
Not open for further replies.
Back
Top