• Welcome to Valhalla Legends Archive.
 

ix86BlueDrake.dll

Started by Maddox, July 20, 2006, 06:24 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

Maddox

July 20, 2006, 06:24 PM
ModLoad: 07ed0000 07ed5000   C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?
asdf.

Hero

#1
July 20, 2006, 08:02 PM
Does it have anything to do with this post:
http://forum.valhallalegends.com/index.php?topic=15326.0

Maddox

#2
July 20, 2006, 08:11 PM
asdf.

UserLoser

#3
July 21, 2006, 12:54 AM Last Edit: July 21, 2006, 12:58 AM by UserLoser
Quote from: HeRo on July 20, 2006, 08:02 PM
Does it have anything to do with this post:
http://forum.valhallalegends.com/index.php?topic=15326.0

Yes, it does.

Quote from: Maddox on July 20, 2006, 06:24 PM
ModLoad: 07ed0000 07ed5000   C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?

It's their new ExtraWork library.  I found this several days ago but failed to mention anything.  Basically this is the required one (message 0x4c), not the optional one (message 0x4a).  It uses WriteProcessMemory to patch various memory addresses inside Game.dll to stop certain hacks

If you're interested in the DLL it's self, I had a friend upload it here for me.

Maddox

#4
July 21, 2006, 11:44 AM
Quote from: UserLoser on July 21, 2006, 12:54 AM
Quote from: HeRo on July 20, 2006, 08:02 PM
Does it have anything to do with this post:
http://forum.valhallalegends.com/index.php?topic=15326.0

Yes, it does.

Quote from: Maddox on July 20, 2006, 06:24 PM
ModLoad: 07ed0000 07ed5000   C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?

It's their new ExtraWork library.  I found this several days ago but failed to mention anything.  Basically this is the required one (message 0x4c), not the optional one (message 0x4a).  It uses WriteProcessMemory to patch various memory addresses inside Game.dll to stop certain hacks

If you're interested in the DLL it's self, I had a friend upload it here for me.

No, I don't care about it.  I just thought the name was interesting.
asdf.

l)ragon

#5
July 21, 2006, 05:59 PM
Quote from: Maddox on July 21, 2006, 11:44 AM
Quote from: UserLoser on July 21, 2006, 12:54 AM
Quote from: HeRo on July 20, 2006, 08:02 PM
Does it have anything to do with this post:
http://forum.valhallalegends.com/index.php?topic=15326.0

Yes, it does.

Quote from: Maddox on July 20, 2006, 06:24 PM
ModLoad: 07ed0000 07ed5000   C:\Program Files\Warcraft III\ix86BlueDrake.dll

I just noticed this while debugging Warcraft III... I've never seen this before.  It gets loaded after the IX86ver?.dll during the logon process.

Anyone know what it does?

It's their new ExtraWork library.  I found this several days ago but failed to mention anything.  Basically this is the required one (message 0x4c), not the optional one (message 0x4a).  It uses WriteProcessMemory to patch various memory addresses inside Game.dll to stop certain hacks

If you're interested in the DLL it's self, I had a friend upload it here for me.

No, I don't care about it.  I just thought the name was interesting.
Yeah leave it to those silly blizzard employees.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

Excel

#6
August 05, 2006, 11:47 AM
Although it was mentioned in a post up above, their has been some additional "fixes" that this dll makes ( to fix latest exploits ).

Code Select

Call WriteProcessMemory( -1, Game.6F5A5403, ix86Blue.082D2044, 0x0D, NULL );
// Writing     : 85 C0 0F 84 1F 01 00 00 8B 48 50 EB 22
// TEST EAX,EAX
// JE Game.6F5A552A
// MOV ECX,DWORD PTR DS:[EAX+50]
// JMP SHORT Game.6F5A5432

// Previously : 90 90 90 90 90 90 90 90 90 90 90 90 90

----

Call WriteProcessMemory( -1, Game.6F5A542F, ix86Blue.082D2040, 0x02, NULL );
// Writing     : EB D2
// JMP SHORT Game.6F5A5403

// Previously : 8B 48
// MOV ECX,DWORD PTR DS:[EAX+50]

----

Call WriteProcessMemory( -1, Game.6F704C00, ix86Blue.082D2018, 0x26, NULL );
// Writing     : E8 DB FE AE FF 8B D8 85 C0 74 16 8B 08 FF 51 1C 91 BA 75 33 77 2B E8 75 C9 97 FF 85 C0 75 02 33 DB E9 F3 91 DA FF
// CALL Game.6F1F4AE0
// MOV EBX,EAX
// TEST EAX,EAX
// JE SHORT Game.6F704C21
// MOV ECX,DWORD PTR DS:[EAX]
// CALL DWORD PTR DS:[ECX+1C]
// XCHG EAX,ECX
// MOV EDX,2B773375
// CALL Game.6F081590
// TEST EAX,EAX
// JNZ SHORT Game.6F704C21
// XOR EBX,EBX
// JMP Game.6F4ADE19

// Previously : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----

Call WriteProcessMemory( -1, Game.6F4ADE12, ix86Blue.082D2010, 0x05, NULL );
// Writing     : E9 E9 6D 25 00
// JMP Game.6F704C00

// Previously : E8 C9 6C D4 FF
// Call Game.6F1F4AE0
Print
|
Go Up Pages1
User actions