Forums WoW Modding Support Archives WoWModding Support Archives [DiscordArchive] I only have an acore build atm, would it be this ?

[DiscordArchive] I only have an acore build atm, would it be this ?

[DiscordArchive] I only have an acore build atm, would it be this ?

Pages (4): Previous 1 2 3 4 Next
rektbyfaith
Administrator
Find
0
03-11-2024, 08:07 PM
#11
Archived author: Nix • Posted: 2024-03-11T20:07:20.816000+00:00
Original source

Each entry in warden_check is specifically using one of the types of checks
Reply
Reply
rektbyfaith
03-11-2024, 08:07 PM #11

Archived author: Nix • Posted: 2024-03-11T20:07:20.816000+00:00
Original source

Each entry in warden_check is specifically using one of the types of checks

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:07 PM
#12
Archived author: Nix • Posted: 2024-03-11T20:07:24.789000+00:00
Original source

So you can have multiple MPQ checks
Reply
Reply
rektbyfaith
03-11-2024, 08:07 PM #12

Archived author: Nix • Posted: 2024-03-11T20:07:24.789000+00:00
Original source

So you can have multiple MPQ checks

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:07 PM
#13
Archived author: Nix • Posted: 2024-03-11T20:07:30.968000+00:00
Original source

MPQ Check just sends a request to get back a file hash
Reply
Reply
rektbyfaith
03-11-2024, 08:07 PM #13

Archived author: Nix • Posted: 2024-03-11T20:07:30.968000+00:00
Original source

MPQ Check just sends a request to get back a file hash

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:07 PM
#14
Archived author: Nix • Posted: 2024-03-11T20:07:45.072000+00:00
Original source

```
type
ID Name Comment
0 NONE_CHECK SKIP
87 TIMING_CHECK nyi
113 DRIVER_CHECK uint Seed + byte[20] SHA1 + byte driverNameIndex (check to ensure driver isn't loaded)
126 PROC_CHECK nyi
139 LUA_EVAL_CHECK evaluate arbitrary Lua check
152 MPQ_CHECK get hash of MPQ file (to check it is not modified)
178 PAGE_CHECK_A scans all pages for specified SHA1 hash
191 PAGE_CHECK_B scans only pages starts with MZ+PE headers for specified hash
217 MODULE_CHECK check to make sure module isn't injected
243 MEM_CHECK retrieve specific memory
```
Reply
Reply
rektbyfaith
03-11-2024, 08:07 PM #14

Archived author: Nix • Posted: 2024-03-11T20:07:45.072000+00:00
Original source

```
type
ID Name Comment
0 NONE_CHECK SKIP
87 TIMING_CHECK nyi
113 DRIVER_CHECK uint Seed + byte[20] SHA1 + byte driverNameIndex (check to ensure driver isn't loaded)
126 PROC_CHECK nyi
139 LUA_EVAL_CHECK evaluate arbitrary Lua check
152 MPQ_CHECK get hash of MPQ file (to check it is not modified)
178 PAGE_CHECK_A scans all pages for specified SHA1 hash
191 PAGE_CHECK_B scans only pages starts with MZ+PE headers for specified hash
217 MODULE_CHECK check to make sure module isn't injected
243 MEM_CHECK retrieve specific memory
```

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:07 PM
#15
Archived author: Nix • Posted: 2024-03-11T20:07:57.371000+00:00
Original source

These are the the different types of checks you have
Reply
Reply
rektbyfaith
03-11-2024, 08:07 PM #15

Archived author: Nix • Posted: 2024-03-11T20:07:57.371000+00:00
Original source

These are the the different types of checks you have

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:09 PM
#16
Archived author: Nix • Posted: 2024-03-11T20:09:35.616000+00:00
Original source

This is from mangos

```cpp
enum WardenCheckType
{
MEM_CHECK = 0xF3, // 243: byte moduleNameIndex + uint Offset + byte Len (check to ensure memory isn't modified)
PAGE_CHECK_A = 0xB2, // 178: uint Seed + byte[20] SHA1 + uint Addr + byte Len (scans all pages for specified hash)
PAGE_CHECK_B = 0xBF, // 191: uint Seed + byte[20] SHA1 + uint Addr + byte Len (scans only pages starts with MZ+PE headers for specified hash)
MPQ_CHECK = 0x98, // 152: byte fileNameIndex (check to ensure MPQ file isn't modified)
LUA_STR_CHECK = 0x8B, // 139: byte luaNameIndex (check to ensure LUA string isn't used)
DRIVER_CHECK = 0x71, // 113: uint Seed + byte[20] SHA1 + byte driverNameIndex (check to ensure driver isn't loaded)
TIMING_CHECK = 0x57, // 87: empty (check to ensure GetTickCount() isn't detoured)
PROC_CHECK = 0x7E, // 126: uint Seed + byte[20] SHA1 + byte moluleNameIndex + byte procNameIndex + uint Offset + byte Len (check to ensure proc isn't detoured)
MODULE_CHECK = 0xD9 // 217: uint Seed + byte[20] SHA1 (check to ensure module isn't injected)
};
```
Reply
Reply
rektbyfaith
03-11-2024, 08:09 PM #16

Archived author: Nix • Posted: 2024-03-11T20:09:35.616000+00:00
Original source

This is from mangos

```cpp
enum WardenCheckType
{
MEM_CHECK = 0xF3, // 243: byte moduleNameIndex + uint Offset + byte Len (check to ensure memory isn't modified)
PAGE_CHECK_A = 0xB2, // 178: uint Seed + byte[20] SHA1 + uint Addr + byte Len (scans all pages for specified hash)
PAGE_CHECK_B = 0xBF, // 191: uint Seed + byte[20] SHA1 + uint Addr + byte Len (scans only pages starts with MZ+PE headers for specified hash)
MPQ_CHECK = 0x98, // 152: byte fileNameIndex (check to ensure MPQ file isn't modified)
LUA_STR_CHECK = 0x8B, // 139: byte luaNameIndex (check to ensure LUA string isn't used)
DRIVER_CHECK = 0x71, // 113: uint Seed + byte[20] SHA1 + byte driverNameIndex (check to ensure driver isn't loaded)
TIMING_CHECK = 0x57, // 87: empty (check to ensure GetTickCount() isn't detoured)
PROC_CHECK = 0x7E, // 126: uint Seed + byte[20] SHA1 + byte moluleNameIndex + byte procNameIndex + uint Offset + byte Len (check to ensure proc isn't detoured)
MODULE_CHECK = 0xD9 // 217: uint Seed + byte[20] SHA1 (check to ensure module isn't injected)
};
```

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:13 PM
#17
Archived author: Nix • Posted: 2024-03-11T20:13:14.579000+00:00
Original source

```cpp
struct WardenCheck
{
uint16 CheckId = 0;
WardenCheckType Type = NONE_CHECK;
std::vector<uint8> Data;
uint32 Address = 0; // PROC_CHECK, MEM_CHECK, PAGE_CHECK
uint8 Length = 0; // PROC_CHECK, MEM_CHECK, PAGE_CHECK
std:Confusedtring Str; // LUA, MPQ, DRIVER
std:Confusedtring Comment;
std::array<char, 4> IdStr = {}; // LUA
WardenActions Action = WARDEN_ACTION_LOG;
};
```
Reply
Reply
rektbyfaith
03-11-2024, 08:13 PM #17

Archived author: Nix • Posted: 2024-03-11T20:13:14.579000+00:00
Original source

```cpp
struct WardenCheck
{
uint16 CheckId = 0;
WardenCheckType Type = NONE_CHECK;
std::vector<uint8> Data;
uint32 Address = 0; // PROC_CHECK, MEM_CHECK, PAGE_CHECK
uint8 Length = 0; // PROC_CHECK, MEM_CHECK, PAGE_CHECK
std:Confusedtring Str; // LUA, MPQ, DRIVER
std:Confusedtring Comment;
std::array<char, 4> IdStr = {}; // LUA
WardenActions Action = WARDEN_ACTION_LOG;
};
```

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:13 PM
#18
Archived author: Nix • Posted: 2024-03-11T20:13:31.136000+00:00
Original source

So yeah you set the "str" to your file I guess, and it'll send back the sha1
Reply
Reply
rektbyfaith
03-11-2024, 08:13 PM #18

Archived author: Nix • Posted: 2024-03-11T20:13:31.136000+00:00
Original source

So yeah you set the "str" to your file I guess, and it'll send back the sha1

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:13 PM
#19
Archived author: Nix • Posted: 2024-03-11T20:13:49.869000+00:00
Original source

So in the database that would be the "str" field I guess + type set to 152
Reply
Reply
rektbyfaith
03-11-2024, 08:13 PM #19

Archived author: Nix • Posted: 2024-03-11T20:13:49.869000+00:00
Original source

So in the database that would be the "str" field I guess + type set to 152

Reply
Reply
rektbyfaith
Administrator
Find
0
03-11-2024, 08:14 PM
#20
Archived author: Nix • Posted: 2024-03-11T20:14:24.857000+00:00
Original source

and then I guess in the result field, you can set what you expect it to be
Reply
Reply
rektbyfaith
03-11-2024, 08:14 PM #20

Archived author: Nix • Posted: 2024-03-11T20:14:24.857000+00:00
Original source

and then I guess in the result field, you can set what you expect it to be

Reply
Reply
Pages (4): Previous 1 2 3 4 Next
Recently Browsing
 1 Guest(s)
Recently Browsing
 1 Guest(s)