Valhalla Legends Forums Archive | Battle.net Bot Development | ix86BlueDrake.dll

AuthorMessageTime
Maddox
ModLoad: 07ed0000 07ed5000  C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?
July 20, 2006, 11:24 PM
HeRo
Does it have anything to do with this post:
https://davnit.net/bnet/vL/index.php?topic=15326.0
July 21, 2006, 1:02 AM
Maddox
[quote author=HeRo link=topic=15423.msg155920#msg155920 date=1153443750]
Does it have anything to do with this post:
https://davnit.net/bnet/vL/index.php?topic=15326.0
[/quote]
no idea...
July 21, 2006, 1:11 AM
UserLoser
[quote author=HeRo link=topic=15423.msg155920#msg155920 date=1153443750]
Does it have anything to do with this post:
https://davnit.net/bnet/vL/index.php?topic=15326.0
[/quote]

Yes, it does.

[quote author=Maddox link=topic=15423.msg155919#msg155919 date=1153437862]
ModLoad: 07ed0000 07ed5000   C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?
[/quote]

It's their new ExtraWork library.  I found this several days ago but failed to mention anything.  Basically this is the required one (message 0x4c), not the optional one (message 0x4a).  It uses WriteProcessMemory to patch various memory addresses inside Game.dll to stop certain hacks

If you're interested in the DLL it's self, I had a friend upload it here for me.
July 21, 2006, 5:54 AM
Maddox
[quote author=UserLoser link=topic=15423.msg155929#msg155929 date=1153461293]
[quote author=HeRo link=topic=15423.msg155920#msg155920 date=1153443750]
Does it have anything to do with this post:
https://davnit.net/bnet/vL/index.php?topic=15326.0
[/quote]

Yes, it does.

[quote author=Maddox link=topic=15423.msg155919#msg155919 date=1153437862]
ModLoad: 07ed0000 07ed5000  C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?
[/quote]

It's their new ExtraWork library.  I found this several days ago but failed to mention anything.  Basically this is the required one (message 0x4c), not the optional one (message 0x4a).  It uses WriteProcessMemory to patch various memory addresses inside Game.dll to stop certain hacks

If you're interested in the DLL it's self, I had a friend upload it here for me.
[/quote]

No, I don't care about it.  I just thought the name was interesting.
July 21, 2006, 4:44 PM
dRAgoN
[quote author=Maddox link=topic=15423.msg155937#msg155937 date=1153500247]
[quote author=UserLoser link=topic=15423.msg155929#msg155929 date=1153461293]
[quote author=HeRo link=topic=15423.msg155920#msg155920 date=1153443750]
Does it have anything to do with this post:
https://davnit.net/bnet/vL/index.php?topic=15326.0
[/quote]

Yes, it does.

[quote author=Maddox link=topic=15423.msg155919#msg155919 date=1153437862]
ModLoad: 07ed0000 07ed5000   C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?
[/quote]

It's their new ExtraWork library.  I found this several days ago but failed to mention anything.  Basically this is the required one (message 0x4c), not the optional one (message 0x4a).  It uses WriteProcessMemory to patch various memory addresses inside Game.dll to stop certain hacks

If you're interested in the DLL it's self, I had a friend upload it here for me.
[/quote]

No, I don't care about it.  I just thought the name was interesting.
[/quote]
Yeah leave it to those silly blizzard employees.
July 21, 2006, 10:59 PM
Excel
Although it was mentioned in a post up above, their has been some additional "fixes" that this dll makes ( to fix latest exploits ).

[code]
Call WriteProcessMemory( -1, Game.6F5A5403, ix86Blue.082D2044, 0x0D, NULL );
// Writing    : 85 C0 0F 84 1F 01 00 00 8B 48 50 EB 22
// TEST EAX,EAX
// JE Game.6F5A552A
// MOV ECX,DWORD PTR DS:[EAX+50]
// JMP SHORT Game.6F5A5432

// Previously : 90 90 90 90 90 90 90 90 90 90 90 90 90

----

Call WriteProcessMemory( -1, Game.6F5A542F, ix86Blue.082D2040, 0x02, NULL );
// Writing    : EB D2
// JMP SHORT Game.6F5A5403

// Previously : 8B 48
// MOV ECX,DWORD PTR DS:[EAX+50]

----

Call WriteProcessMemory( -1, Game.6F704C00, ix86Blue.082D2018, 0x26, NULL );
// Writing    : E8 DB FE AE FF 8B D8 85 C0 74 16 8B 08 FF 51 1C 91 BA 75 33 77 2B E8 75 C9 97 FF 85 C0 75 02 33 DB E9 F3 91 DA FF
// CALL Game.6F1F4AE0
// MOV EBX,EAX
// TEST EAX,EAX
// JE SHORT Game.6F704C21
// MOV ECX,DWORD PTR DS:[EAX]
// CALL DWORD PTR DS:[ECX+1C]
// XCHG EAX,ECX
// MOV EDX,2B773375
// CALL Game.6F081590
// TEST EAX,EAX
// JNZ SHORT Game.6F704C21
// XOR EBX,EBX
// JMP Game.6F4ADE19

// Previously : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----

Call WriteProcessMemory( -1, Game.6F4ADE12, ix86Blue.082D2010, 0x05, NULL );
// Writing    : E9 E9 6D 25 00
// JMP Game.6F704C00

// Previously : E8 C9 6C D4 FF
// Call Game.6F1F4AE0
[/code]
August 5, 2006, 4:47 PM

Search