[DiscordArchive] But ye, that's the ntdll so by rights couldn't people just do that for the warden module as well ?
[DiscordArchive] But ye, that's the ntdll so by rights couldn't people just do that for the warden module as well ?
Original source
But ye, that's the ntdll so by rights couldn't people just do that for the warden module as well ?
rektbyfaith
06-30-2024, 07:01 PM #1Archived author: _mrfade_ • Posted: 2024-06-30T19:01:07.695000+00:00
Original source
But ye, that's the ntdll so by rights couldn't people just do that for the warden module as well ?
Original source
writing user code that calls int 2e or syscall is just asking for trouble and also massively complexifies module delivery even with a fingerprinted system
rektbyfaith
06-30-2024, 07:02 PM #2Archived author: Warpten • Posted: 2024-06-30T19:02:29.046000+00:00
Original source
writing user code that calls int 2e or syscall is just asking for trouble and also massively complexifies module delivery even with a fingerprinted system
Original source
not sure what you're trying to say
rektbyfaith
06-30-2024, 07:02 PM #3Archived author: Warpten • Posted: 2024-06-30T19:02:35.713000+00:00
Original source
not sure what you're trying to say
Original source
Sorry I should be more clear, Can you not just dump the warden module at run time that presumably has RX perms as well ? exactly like I did the ntdll ?
rektbyfaith
06-30-2024, 07:03 PM #4Archived author: _mrfade_ • Posted: 2024-06-30T19:03:32.689000+00:00
Original source
Sorry I should be more clear, Can you not just dump the warden module at run time that presumably has RX perms as well ? exactly like I did the ntdll ?
Original source
Their modules actually use own syscalls too<:zuckster:770403425115963392>
rektbyfaith
06-30-2024, 07:03 PM #5Archived author: Fabian • Posted: 2024-06-30T19:03:46.977000+00:00
Original source
Their modules actually use own syscalls too<:zuckster:770403425115963392>
Original source
sure you can, just be wary of trap pages and the game scanning your open windows periodically
rektbyfaith
06-30-2024, 07:04 PM #6Archived author: Warpten • Posted: 2024-06-30T19:04:23.939000+00:00
Original source
sure you can, just be wary of trap pages and the game scanning your open windows periodically
Original source
and whatever else detection/countermeasure they have
rektbyfaith
06-30-2024, 07:04 PM #7Archived author: Warpten • Posted: 2024-06-30T19:04:33.632000+00:00
Original source
and whatever else detection/countermeasure they have
Original source
Another note: modules are encrypted. On call parts get decrypted and reencrypted
rektbyfaith
06-30-2024, 07:05 PM #8Archived author: Fabian • Posted: 2024-06-30T19:05:15.981000+00:00
Original source
Another note: modules are encrypted. On call parts get decrypted and reencrypted
Original source
I mean I really don't care about being banned lol just curious on how it works and what exactly they are collecting.
rektbyfaith
06-30-2024, 07:05 PM #9Archived author: _mrfade_ • Posted: 2024-06-30T19:05:40.051000+00:00
Original source
I mean I really don't care about being banned lol just curious on how it works and what exactly they are collecting.
Original source
mm so dumping it from memory would be pretty useless then ?
rektbyfaith
06-30-2024, 07:05 PM #10Archived author: _mrfade_ • Posted: 2024-06-30T19:05:58.360000+00:00
Original source
mm so dumping it from memory would be pretty useless then ?
1 Guest(s)
1 Guest(s)