Warden.dll

From StealthBot Wiki Backup
Jump to: navigation, search

This DLL was developed by Hdx for Battle.net bots to respond correctly to Warden.

Implementation

Option Explicit

Private Declare Function warden_init Lib "Warden.dll" (ByVal SocketHandle As Long) As Long
Private Declare Function warden_data Lib "Warden.dll" (ByVal Instance As Long, ByVal Direction As Long, ByVal PacketID As Long, ByVal Data As String, ByVal length As Long) As Long
Private Declare Function warden_cleanup Lib "Warden.dll" (ByVal Instance As Long) As Long
Private Declare Function warden_set_data_file Lib "Warden.dll" (ByVal Instance As Long, ByVal File As String, ByVal length As Long) As Long
Private Declare Function warden_config Lib "Warden.dll" (ByVal Instance As Long, ByVal ConfigBit As Long, ByVal enabled As Byte) As Long

Public Const WARDEN_CONFIG_SAVE_CHECKS    As Long = 1  '//Save Information about cheat checks (Opcode 0x02) to Data File
Public Const WARDEN_CONFIG_SAVE_UNKNOWN   As Long = 2  '//Save Unknown information (use in conjunction with Debug mode to get new Warden offsets)
Public Const WARDEN_CONFIG_LOG_CHECKS     As Long = 4  '//Log ALL information about checks that happen, in real time
Public Const WARDEN_CONFIG_LOG_PACKETS    As Long = 8  '//Log ALL decoded Warden packet data
Public Const WARDEN_CONFIG_DEBUG_MODE     As Long = 16 '//Debug mode, does a lot of shit u.u
Public Const WARDEN_CONFIG_USE_GAME_FILES As Long = 32 '//Will attempt to grab unknown Mem Check offsets from the game file specified
                                                       '//  Will try to load library the file, using the path specified in the INI EXA:
                                                       '//[Files_WAR3]
                                                       '//Default=C:\Program Files\Warcraft III\WAR3.exe
                                                       '//Game.dll=C:\Program Files\Warcraft III\Game.dll
Private Const WARDEN_SEND              As Long = &H0
Private Const WARDEN_RECV              As Long = &H1
Private Const WARDEN_BNCS              As Long = &H2

Private Const WARDEN_IGNORE                  As Long = &H0  '//Not a warden packet, Handle internally
Private Const WARDEN_SUCCESS                 As Long = &H1  '//All Went Well, Don't handle the packet Internally
Private Const WARDEN_UNKNOWN_PROTOCOL        As Long = &H2  '//Not used, will be when adding support for MCP/UDP
Private Const WARDEN_UNKNOWN_SUBID           As Long = &H3  '//Unknown Sub-ID [Not 0x00, 0x01, 0x02, or 0x05]
Private Const WARDEN_RAW_FAILURE             As Long = &H4  '//The module was not able to handle the packet itself
Private Const WARDEN_PACKET_FAILURE          As Long = &H5  '//Something went HORRIBLY wrong in warden_packet, should NEVER happen.
Private Const WARDEN_INIT_FAILURE            As Long = &H6  '//Calling Init() in the module failed
Private Const WARDEN_LOAD_FILE_FAILURE       As Long = &H7  '//Could not load module from file [Not to bad, prolly just dosen't exist]
Private Const WARDEN_LOAD_MD5_FAILURE        As Long = &H8  '//Failed MD5 checksum when loading module [Either Bad tranfer or HD file corrupt]
Private Const WARDEN_LOAD_INVALID_SIGNATURE  As Long = &H9  '//Module failed RSA verification
Private Const WARDEN_LOAD_DECOMPRESS_FAILURE As Long = &HA  '//Module failed to decompress properly
Private Const WARDEN_LOAD_PREP_FAILURE       As Long = &HB  '//Module prepare failed, Usually if module is corrupt
Private Const WARDEN_CHECK_UNKNOWN_COMMAND   As Long = &HC  '//Unknown sub-command in CHEAT_CHECKS
Private Const WARDEN_CHECK_TO_MANY_LIBS      As Long = &HD  '//There were more then 4 libraries in a single 0x02 packet [this is eww yes, but I'll figure out a beter way later]
Private Const WARDEN_MEM_UNKNOWN_PRODUCT     As Long = &HE  '//The product from 0x50 != WC3, SC, or D2
Private Const WARDEN_MEM_UNKNOWN_SEGMENT     As Long = &HF  '//Could not read segment from ini file
Private Const WARDEN_INVALID_INSTANCE        As Long = &H10 '//Instance passed to this function was invalid

Public WardenInstance As Long

Public Sub WardenCleanup(Instance As Long)
  If (Not Instance = 0) Then Call warden_cleanup(Instance)
End Sub

Public Function WardenInitilize(ByVal SocketHandle As Long) As Long
  Dim Instance As Long

  Instance = warden_init(SocketHandle)
  
  If (Instance > 0) Then
    'Set the path to Warde.ini here:
    warden_set_data_file Instance, PATH, Len(PATH)
    'Set any debugging flags for warden here:
    warden_config Instance, DebugFlags, 2
    
    WardenInitilize = Instance
  End If
End Function

Public Function WardenData(Instance As Long, sData As String, Send As Boolean) As Boolean
  Dim ID As Long
  Dim Result As Long
  Dim Data As String

  ID = Asc(Mid(sData, 2, 1))
  Data = Mid$(sData, 5)
  
  If (Instance = 0) Then
    WardenData = False
    Exit Function
  End If
  
  Result = warden_data(Instance, WARDEN_BNCS Or IIf(Send, WARDEN_SEND, WARDEN_RECV), ID, Data, Len(Data))
  
  Select Case Result
    Case WARDEN_SUCCESS: '//All Went Well, Don't handle the packet Internally
        Select Case Asc(Left$(Data, 1))
            Case 0:    '"[Warden] Handled Module Information"
            Case 1:    '"[Warden] Handled Module Transfer"
            Case 2:    '"[Warden] Handled Cheat Check"
            Case 5:    '"[Warden] Handled New Crypt Keys"
            Case Else: '"[Warden] Handled Unknown opcode" 
        End Select
    Case WARDEN_UNKNOWN_PROTOCOL '//Not used, will be when adding support for MCP/UDP
    Case WARDEN_UNKNOWN_SUBID: '//Unknown Sub-ID [Not 0x00, 0x01, 0x02, or 0x05]
        '"[Warden] Unknown sub-command, you will be disconnected soon"
    
    Case WARDEN_RAW_FAILURE: '//The module was not able to handle the packet itself (most likely 0x05)
        '"[Warden] Module was unable to handle a packet, you will be disconnected soon"
        
    Case WARDEN_PACKET_FAILURE: '//Something went HORRIBLY wrong in warden_packet, should NEVER happen.
        '"[Warden] Something wen't horribly wrong in Warden_Packet(), you will be disconnected soon"
        
    Case WARDEN_INIT_FAILURE: '//Calling Init() in the module failed
        '"[Warden] Unable to init() the module, you will be disconnected soon"
    
    Case WARDEN_LOAD_FILE_FAILURE '//Could not load module from file [Not to bad, prolly just doesn't exist] This should never come up
    
    Case WARDEN_LOAD_MD5_FAILURE: '//Failed MD5 checksum when loading module [Either Bad tranfer or HD file corrupt]
        '"[Warden] Transfer failed, MD5 checksum incorrect, you will be disconnected soon"
        
    Case WARDEN_LOAD_INVALID_SIGNATURE: '//Module failed RSA verification
        '"[Warden] Transfer failed, Invalid RSA signature, you will be disconnected soon"
        
    Case WARDEN_LOAD_DECOMPRESS_FAILURE: '//Module failed to decompress properly
        '"[Warden] Failed to decompress module, you will be disconnected soon"
        
    Case WARDEN_LOAD_PREP_FAILURE: '//Module prepare failed, Usually if module is corrupt
        '"[Warden] Failed to prep module, you will be disconnected soon"
        
    Case WARDEN_CHECK_UNKNOWN_COMMAND: '//Unknown sub-command in CHEAT_CHECKS
        '"[Warden] Unknown Sub-Command in Cheat Checks, you will be disconnected soon"
        
    Case WARDEN_CHECK_TO_MANY_LIBS: '//There were more then 4 libraries in a single 0x02 packet 
        '"[Warden] To many libraries in Cheat Check, you will be disconnected soon"
    
    Case WARDEN_MEM_UNKNOWN_PRODUCT: '//The product from 0x50 != WC3, SC, or D2
        '"[Warden] Unknown product code form SID_AUTH_INFO, you will be diconnected soon"
        
    Case WARDEN_MEM_UNKNOWN_SEGMENT: '//Could not read segment from ini file
        '"[Warden] Could not read segment from Warden.ini, you will be disconnected soon"
        
    Case WARDEN_INVALID_INSTANCE: '//The instance passed to this function was invalid
        '"[Warden] An Invalid instance was passed to Data, Did Init() fail?"
        
  End Select
    
  WardenData = (not Result = WARDEN_IGNORE)
End Function

Fairly straight-forward. When you connect your socket, call WardenInitialize() with your WinSock handle.

WardenInstance = WardenInitilize(sckBNet.SocketHandle)

When you disconnect from Battle.net, call cleanup:

Call modWarden.WardenCleanup(WardenInstance)

When you send or receive any data from Battle.net call WardenData, If WardenData returns true, it means it dealt with, and responded to that packet, and your bot does not need to do any more with it. Receiving:

If (WardenData(WardenInstance, PacketData, False)) Then
    Exit Sub
End If

Sending:

Call WardenData(WardenInstance, PacketData, True)

Debug features

Hdx has allowed users to gather new Warden offsets themselves, and do various other debugging functionality in Warden.

To access this in StealthBot, you have to place a config override in your Config.ini file. Look for the [Override] section, If it is not there, you have to create it. Use the WardenDebug property to set what Warden.dll should do.

In other bots, the developer may have exposed the WardenDebug as a setting you can change. In any case, the property takes the same values.

Configuration flags

The following flags are currently defined:

  • CONFIG_SAVE_CHECKS (0x01)
  • This flag currently doesn't do anything.

  • CONFIG_SAVE_UNKNOWN (0x02)
  • This flag currently doesn't do anything.

  • CONFIG_LOG_CHECKS (0x04)
  • This will create a WardenLog.txt file in your working directory, and log information about Warden's MEM_CHECK opcode.

    Example:

    Mem Check: WAR3_game.dll 07_00283504 - 8B C8 BA 01 00 00 00
    
  • CONFIG_LOG_PACKETS (0x08)
  • This flag currently doesn't do anything. If enabled it will eventually log all packet traffic through your bot to WardenLog.txt. This is the same as StealthBot and other bots' packet logging features, except for the fact that it will display Warden's packets unencrypted.

  • CONFIG_DEBUG_MODE (0x10)
  • This is the magic flag, it will force the DLL into debug mode which allows for the other flags to function.

  • CONFIG_USE_GAME_FILES (0x20)
  • If the library does not find an offset value in the Warden.ini file, this flag will tell the DLL to search the INI for the file path of the file Warden is attempting to scan, and attempt to read the value from that game file on the fly.

    Your Warden.ini needs to have the paths specified in order for this flag to function.

    Example:

    [Files_STAR]
    Default=C:\Games\Starcraft\StarCraft.exe
    Storm.dll=C:\Games\StarCraft\Storm.dll
    
    [Files_WAR3]
    Default=War3.exe
    Game.dll=Game.dll
    

Gathering new offsets

Template:Disclaimer This tutorial provides a step-by-step explanation on how to gather Warden offsets if all of the following are true:

  • A new patch has occurred recently, or it is otherwise well known that the Warden offsets have changed.
  • You know at least very generally how Warden works.
  • You are using StealthBot. This tutorial is specifically for the StealthBot implementation of the DLL, however if you know what you're doing and you know enough about another bot's implimentation of this DLL, then you can use a similar method to have Warden.dll gather offsets.


  1. File:SB-Norm-Error.jpg
    "Warden could not read segment from Warden.ini, you will be disconnected soon"
  2. Alright, So you're using StealthBot and you receive the message above. This means the DLL could not gather the information it needed from the Warden.ini file. In most cases this means you did something wrong and the bot can't find Warden.ini, but let's assume you didn't and move on. Next you need to run StealthBot in Debug/Warden mode. Simply run the bot with the command line -debug -warden -all. If you don't know how to run a program with command line arguments, wait for someone else to gather the information for you.

  3. File:SB-Debug-Error.jpg
    Debug mode: Warden 0x02 packet.
  4. Now that you are in debug mode, connect your bot, you should receive the above, more informative error. The green square is the important information we need. This is which file Warden is looking for. If you do not see a file name, then Warden is looking for your default game executable file: War3.exe, StarCraft.exe, etc. It is possible that future Warden requests could contain multiple file names, as well. Copy that file into your StealthBot's folder. Edit Warden.ini to direct it to the proper file, See CONFIG_USE_GAME_FILES above. Now, go to [1] and download Dependency Walker. This is a program that allows you to see what files, a certain file requires in order to load. This is important because Warden.dll will attempt to load the file Warden is looking for, and if it's missing a dependency, it will error.

  5. File:Depends-Game.jpg
    Viewing GAME.DLL in Dependancy Walker. The dependencies of GAME.DLL that you need are highlighted in green: STORM.DLL, IJL15.DLL, MSS32.DLL.
  6. Load Dependancy Walker, and open the file you just placed in your StealthBot folder. You should see something like the above.

  7. If you do not receive an error, then you can skip this step, as this file does not have any more files you need to copy over. If you did receive an error, look for files in the list with a yellow exclamation point. Those are files that are in your game's folder that you need to copy over to your StealthBot folder. Obviously, copy those files over to your StealthBot folder as shown below.
    File:Warcraft3-Folder.jpg
    Viewing your WarCraft III folder. The dependencies identified from before are highlighted again: STORM.DLL, IJL15.DLL, MSS32.DLL.
    File:SB-Folder.jpg
    Viewing your StealthBot folder. The dependencies highlighted are those Warden needs or what Warden is loading needs: GAME.DLL, STORM.DLL, IJL15.DLL, MSS32.DLL.

  8. Once that's done, set the debug mode in Config.ini. It is easiest to set WardenDebug=55 so that it logs everything. If you want to set multiple configuration bits, Binary OR them together. If you don't know how to do that, just use 55.
  9. File:SB-Gathering.jpg
    StealthBot gathering Warden offsets as WarCraft III.
  10. Now run the bot once more, using -debug -warden -all. StealthBot should now start gathering the offsets, and pumping out information into WardenLog.txt. If your bot passes more then 2 minutes worth of Warden requests, it is working fine. If your bot errors again, it probably means you need to copy more files from your install folder over. Repeat the previous step.

  11. Once that's done, keep an eye on Warden.ini's modified time. If you see that it hasn't been modified in about 20 minutes, it's pretty safe to say you have all of the new offsets. Remove the WardenDebug setting or set it to 0, you cstop running StealthBot in debug mode, delete all the game files you copied over from your StealthBot folder, and run StealthBot normally. You should be updated!
  12. Important: If this is too complicated for you just wait for someone else to do it!