Warden changes
Hey everyone.
Just a quick update on the status of Warden; For the entire weekend, the warden server was actually offline, which i found rather odd, but i guess even WardenGuy doesn’t work on the weekends.
Now, onto the 11 changes. Regarding DLL detection, two new dlls have been added to the hit list and based on the scan size, it’s safe to assume they’re the same module, just different variants.
That leaves us with 9 memory scans, specifically targeting allocated memory (I’m looking at you, “passive” botters who find yourselves injecting large code stubs). These all seem to be different offenders, based on the diversity in the offsets and sizes.
Don’t say i didn’t warn you!
Clarification
It seems a lot of people haven’t understood what i was trying to convey. (Fair enough. It was late, and i was tired)
This update isn’t looking for memory changes in WoW’s .text/.data sections. These are targeting injected DLL files and the memory those DLL(or VirtualAllocEx’d memory from a third party process) allocate.
Update #2
Well, that was quick. Hawker asked me if there were any worrying updates to Warden, so i gave him the following picture from my tool. Hawker posted it on his forum before asking me, but promptly removed it when asked. Someone snagged it before it was taken down, so i guess its public domain now.
![new_warden_scans_3.11.09[1]](http://kynox.files.wordpress.com/2009/11/new_warden_scans_3-11-091.jpg "new_warden_scans_3.11.09[1]")
Do we LuaNinja users need to fear something ? Lord Kynox ?
Thanks for the heads up Kynox. Any clues as to what bots it’s going after?
And us prixo boters?
To find out what its going after, i would need an archive of all the public bots which use injection.
So, no i don’t know who it is going after, nor do i realy care.
Awesum cum kynox, now gief your ways of time bending and we will all be safe from warden! :D
Was there anything put in to detect direct memory writes to the click to move structure?
hey do you think this will effect MrFishit or Gbot ?
hey do you think this will effect MrFishit or Gbot ?
double post mybad ><
Lets see who crys at the end of the week 9 new Scans dont sound good.
but here we are again : Information about Warden changes.
Status: You are safe to use Buddy products!
Last change of this message: 04.09.2009 09:31:23 CET
true or not true?
is there a warden Monitoring tool that is avalible to the public that checks when warden updated?
I hope mimic and all clones will be hit hard!
So, any word weather this is targetting MrFishit or MrTrackit?
kynox could you please take a min and teach us how to see if these offsets are targeting our software :)
You’re a real hood nigga for posting this fuck blizzard’s bullshit ways
Does warden do check only when client login ? It was before if I remember correctly
any known Banns happening so far?
shame I was hoping for mimic and gremlin
Do we “MrFishIt” botters need to worry?
http://www.mmowned.com/forums/bots-programs/226664-release-mrfishit-fishbot.html
Thanks!
Is WoWInfinity safe?
No, none of the scans target memory in WoW’s code/data. I’ll edit the post to clarify.
Thanks for the clarification kynox, after rereading your original post it wasn’t your fault for the confusion. You did make it clear that it was targeting injected code.
@TigerX
Lol, no.
You seem to be under the impression that because warden changes, every bot is the target and should not operate. It’s only a 5-10 minute job to see if these offsets are targetting your software.