[General] Warden basics/history

  1. #1
    Utente Esperto L'avatar di repoblantga
    Data Registrazione
    Jun 2014
    Messaggi
    116
    I've been asked a lot by people the past three weeks around wardin basics. Just kind of compiled a list of replys all in one I've stated to folks in a readin a position format. tools relating to old warden discussions are discovered at the end of the thread, can be removed if not allowed. Thanks.

    Disclaimer: Some or much of this details may be wrong. I'm no expert or even close. Just my general understanding of how the warden tasks and some misconceptions/history on it I recall. Credits for data go on forever. Darawk, herzog_zwei , LordTerror, netter, mousepad, Antirush, lord2800, Gary13579, Shepherd, Vampirewolve, Rhin, the list goes forever..


    The warden is just a method to download and execute code. it's common idea positions appreciate this :

    1. Blizzard sfinishs a warden module to your client by means of server, which includes code which can pretty much do what ever they really feel love.
    2. The only hard-coded part of warden on the clients end will handle/execute these modules sent to your client from the server.

    A couple of things to know more than above that are crucial imo:
    1. The server request a solution from your warden module currently loaded each 30-60 seconds, if you respond incorrectly or not at all you will be kicked off eachthing correct away.

    2. When going following a hack, they will always spam you with large sets of modules. So far simply because 20ten on OwnedCore - world of Warcraft Exploits, Hacks, Bots and Guides. - OwnedCore news (tons of information in general hidden here )
    Blizzhackers ? watch subject - Warden discussion and FAQ
    Blizzhackers ? watch subject - warden thread
    Mousepad's Doom II Forums :: Search [ search warden terms, or previously menti1d names]



  2. #2
    Utente Esperto L'avatar di ibabayadd8
    Data Registrazione
    Apr 2015
    Messaggi
    117
    Warden is irrelevant.

    The last special scan in a warden module was a glider scan in 2008. The glider module was swapped ten minutes following login for one single scan and then the server swapped again to the standard modules. afterwards the warden project was aband1d. The final "update" to warden was the ASLR compatibility patch 6? years ago.

    every targeted detection simply because then was hidden directly in the client.

  3. #3
    Banned
    Data Registrazione
    Dec 2014
    Messaggi
    330
    Warden is irrelevant.

    The last special scan in a warden module was a glider scan in 2008. The glider module was swapped ten minutes following login for 1 single scan and then the server swapped again to the standard modules. followingwards the warden project was aband1d. The last "update" to warden was the ASLR compatibility patch 6? years ago.

    every targeted detection because then was hidden directly in the client.
    high-quality reminder - not sure why everyone is so concerned about Warden all of a sudden..

  4. #4
    Banned
    Data Registrazione
    Dec 2014
    Messaggi
    330
    high-quality reminder - not sure why everyone is so concerned about Warden all of a sudden..
    I personally have no concerns. Just posted a general history and basic workings that I recall out of personal curiosity in the topic I've had and the questions I've been asked the past couple of weeks - I thought others might discover it type of interesting to, especially the certain battles between blizzard and hack makers in the previous and how they've evolved their detection methods and tactics and instruments over the years.

    Although, I find it highly unlikely the warden is a forever dead project and still of no thrconsume in globe of warcraft. Just simply because it is not used correct now and has not been used for clean detection on WoW in some time, it has been used and updated countless times due to the fact the 200eight said previously mentioned in diverse titles of blizzard(starcraft 2 , diablo 3). it is still a thrconsume if used to it's complete potential and I'm not really aware of any guaranteed solutions to avoid it for specially for popular public hacks which use powerful resources and not just general critical emulations and such.

  5. #5
    Banned
    Data Registrazione
    Dec 2014
    Messaggi
    330
    last edited by lolp1; 22 Hours Ago at 12:10 PM.

  6. #6
    Utente Esperto L'avatar di ibabayadd8
    Data Registrazione
    Apr 2015
    Messaggi
    117
    Harko is right, Warden is irrelevant now, all the bot makers are monitoring Warden and what it's doing.

    As a simplistic watch of Warden, it is just a bunch of DLLs with the PE headers removed, the client maps them in and calls them with the arguments sent by the server.

    This can be monitored, and this is why the detections are being added to the client, as it's much more effective.

    Edit: Removed encryption part, I can't even bear in mind if they're encrypted, I haven't looked at a module for many years.

  7. #7
    Banned
    Data Registrazione
    Dec 2014
    Messaggi
    330
    I'm a small confused by the meaning implied by "Warden is irrelevant now". Do you(andy01234five), or the other two posters harko and Jadd care to further elaborate?

    When you guys say that, are you saying that warden is irrelevant due to the fact the present implementation/usage of it has been 'countered' for years now yet might be relevant if used better by blizzard, or are you saying that warden is irrelevant all together regardless if they used it to its complete potential or not and is permanently null regardmuch less?

    To directly address you andy01234five, I had a couple of questions I was wondering if you could solution then, or any1 who feels totally free to educate.

    Harko is right, Warden is irrelevant now, all the bot makers are monitoring Warden and what it is doing.

    As a simplistic watch of Warden, it is just a bunch of DLLs with the PE headers removed, the client maps them in and calls them with the arguments sent by the server.

    This can be monitored, and this is why the detections are being added to the client, as it's much a lot more effective.

    Edit: Removed encryption part, I can't even bear in mind if they're encrypted, I haven't looked at a module for many years.
    They're encrypted.If some ones hack has code that is monitoring warden at all, I'm going to assume they don't think their hack is completely not invisible to any potential warden stuff, otherwise why bother monitoring it?

    With that said, in what way might well warden be monitored to make it totally irrelevant and exclude the possibly of it detection's? Simply tracking the modules doesn't solve anything, conaspectring they can update them at any time, with anything they wish to do. Even if you managed to grab every single module to date in existence and unload if a new one is noticed, it does you no wonderful confacetring if they cared they might simply spam you with recent 1s.. making your hack permanently disabled.

    Assuming you've manage to reverse the client-facet warden module handling and have the luxury to know how response the modules request on the fly each time or what it's checking for and knowing n1 of it is targeted to you on the fly, you nonetheless don't solve anything really, right? If they cared to bother, they might well decide to force an update on the fly at any time with anything love Extracareer and you won't know the clean answer it request for. So simply pushing a new module into the stream, and Extrawork at the same time would cause you to incorrectly respond and get kicked.

    So is it that warden has simply been ignored in WoW for 5 years(odd conaspectring it's been used in recentish times on other titles of theirs) and is just doing nothing but ancient stuff which as-is is countered as of now if they do not use it far better, or that warden is simply near down you think forever and completely as a threat for some methods not shared in the public for obvious reasons?

  8. #8
    Utente Esperto L'avatar di Breedoexete9s
    Data Registrazione
    Oct 2014
    Messaggi
    100
    Although, I discover it highly unlikely the warden is a forever dead project and still of no thrconsume in globe of warcraft. Just due to the fact it is not used right now and has not been used for fresh detection on WoW in some time, it has been used and updated a quantity of times simply because the 2008 mentioned previously menti1d in different titles of blizzard(starcraft 2 , diablo 3). it's still a threat if used to it is full potential and I'm not really aware of any guaranteed solutions to avoid it for specially for popular public hacks which use powerful tools and not just general critical emulations and such.
    during release Diablo3 used a single contemporary DLL as a "warden module". I guess the original warden source code was lost or produced situations and so 1 developer recoded anything actually simply in 1 evening. Never checked Diablo3 following the expansion release maybe it changed. Heroes of the Storm and so I guess SC2, both games are using the same modules as globe of Warcraft.

  9. #9
    Utente Esperto L'avatar di ibabayadd8
    Data Registrazione
    Apr 2015
    Messaggi
    117
    With that said, in what way might warden be monitored to make it totally irrelevant and exclude the possibly of it detection's? Simply tracking the modules does not solve anything, considering they can update them at any time, with something they wish to do. Even if you managed to grab ereally single module to date in existence and unload if a contemporary one is noticed, it does you no fantastic considering if they cared they may possibly simply spam you with contemporary ones.. making your hack permanently disabled.
    If you post anything adore "I do this and this and this" Blizzard can simply fix the loopholes and in the worelaxation case exploit it to counter the anti-detection.

    In your very first post you wrote "a entire batch of new modules requires 30+ days"

    final year Honorbuddy had 3? Tripwire events mainly because they detected contemporary warden modules, the second tripwire event was after 7? days. It was impossible that they had all clean modules but how did they know it were fresh new 1s? Did they received all modules somehow instantly? Or how did they do it? I am certain the developer who recompiled the modules would love to know the reply to this question yet the Honorbuddy guys would be stupid to post it.

  10. #10
    Membro L'avatar di vinacciak1
    Data Registrazione
    Jul 2014
    Messaggi
    91
    last edited by Harko; 14 Hours Ago at 08:02 PM.

Termini piu ricercati:

Nessuno Ŕ atterrato su questa pagina da un motore di ricerca. Almeno, non per ora...