[StarCraft] Public Warden Discussion

[kwarad]

Quote:

Originally Posted by ZoiD

I'd say you are right about that. The entire thread contains about 1% of truth. I'm sure if you appended your knowledge it would be much higher then 1%, but like you say... who wants to give away free knowledge about this subject?

Only those who have an incomplete solution to the problem or a profit motive would fear dissemination of knowledge ;).

Quote:

It's from the debug version of Warden, when the gold build was compiled for the public it got left in. The ptr for IsDebuggerPresent goes on the stack, then it gets called.. If a debugger 'is' present then null function is called. Blizzard didn't make any mistakes, the design is fine.. When they bundled the runtime exception handling code into warden, the gold build doesn't omit every single trace of the clean up handler for a reason related to compiler linkage & code syntax. Really does work in their favor as it can be activated for practical use against cheaters at any moment in a future Warden.

I haven't examined any of the warden's actual code, but i'd put good money on this just being an artifact of the memory management subsystem of C which initializes empty memory differently under a debugger.

[ZoiD]

Quote:

Originally Posted by kwarad

Only those who have an incomplete solution to the problem or a profit motive would fear dissemination of knowledge ;).

haha yes.. of course :P

Quote:

I haven't examined any of the warden's actual code, but i'd put good money on this just being an artifact of the memory management subsystem of C which initializes empty memory differently under a debugger.

It saves all registers then, exception handler set to default SetUnhandledExceptionFilter( NULL ); Then it checks for debugger presence, if debugger is attached then we handle exception internally with UnhandledExceptionFilter( &ExceptionInfo ); before finally terminating the process.

It has a magic number for ECX 0x0BB40E64E which is only used with buffer overflows/security cookies. So I still stand by my first claim that it is a unhandled exception handler :P In my mind originally I was thinking CRT but I forgot to mention it sorry, so I can understand why you may have thought it being something else like MemMan. Blizzard could omit this compiling with /GS- if they're certain non of the code will buffer over-run. I'm not really sure what Blizzard's internal practices are for coding, so it maybe a standard over all their projects to use buffer security checks.

I see you are online now so I'll send you the code, you can check if I made any erorrs in this judgment.

[kwarad]

Quote:

Originally Posted by ZoiD

It saves all registers then, exception handler set to default SetUnhandledExceptionFilter( NULL ); Then it checks for debugger presence, if debugger is attached then we handle exception internally with UnhandledExceptionFilter( &ExceptionInfo ); before finally terminating the process.

It has a magic number for ECX 0x0BB40E64E which is only used with buffer overflows/security cookies. So I still stand by my first claim that it is a unhandled exception handler :P In my mind originally I was thinking CRT but I forgot to mention it sorry, so I can understand why you may have thought it being something else like MemMan. Blizzard could omit this compiling with /GS- if they're certain non of the code will buffer over-run. I'm not really sure what Blizzard's internal practices are for coding, so it maybe a standard over all their projects to use buffer security checks.

I see you are online now so I'll send you the code, you can check if I made any erorrs in this judgment.

Ah, yes, ok then. That's correct.

[SC_Modder]

I'm glad some people here aren't in on warden for the fame/publicity and want want to share knowledge, thanks for the info ZoiD.

The more people know about warden the better we are armed against it.

[AgentGOD]

Quote:

Originally Posted by SC_Modder

I'm glad some people here aren't in on warden for the fame/publicity and want want to share knowledge, thanks for the info ZoiD.

The more people know about warden the better we are armed against it.

Agreed.

[ZoiD]

Quote:

Originally Posted by SC_Modder

I'm glad some people here aren't in on warden for the fame/publicity and want want to share knowledge, thanks for the info ZoiD.

The more people know about warden the better we are armed against it.

lol np, well kwarad is still a good guy, his constructive criticism isn't that bad. His roll as the devils advocate has helped me see things in a different light in the past.

[kwarad]

Quote:

Originally Posted by ZoiD

lol np, well kwarad is still a good guy, his constructive criticism isn't that bad. His roll as the devils advocate has helped me see things in a different light in the past.

Thanks zoid, but I don't think he's accusing me of not sharing information...or if he is...he's sorely misinformed.

[Hell-Lord]

Sorry for the bump but, for those of you who don't know the warden packet has been removed for now, possibly because they are working on implementing something a lot worse.

[Zynastor]

Blizzard will only be giving us something to do, I look forward to seeing 'Return of the Warden'.

[Mastodon]

Quote:

Originally Posted by Zynastor

Blizzard will only be giving us something to do, I look forward to seeing 'Return of the Warden'.

This sort of arrogant, blaise determination and confidence is what makes me love this site.

In case that came off as being sarcastic, it wasn't.