Posts 1–1 of 1 · Page 1 of 1
Warden Scan Info 1.3.6
Offset Scans (Absolute address and the offset are the same, SC2 base is however 0x00800000)
Code:
; Offset - Length (provided by longx)
83DE41 - length: 0x5 (30)
85798A - length: 0x8 (22)
8962F2 - length: 0x9 (13)
89A9CF - length: 0x6 (44)
89FF59 - length: 0x4 (25)
8A05B2 - length: 0x7 (0)
8A05DF - length: 0x7 (9)
8A05E6 - length: 0x9 (51)
8A05FA - length: 0x4 (42)
8ACE0F - length: 0x4 (26)
8B5D9C - length: 0x4 (71)
8B5DE0 - length: 0x4 (49)
B18CA4 - length: 0x7 (57)
B3B140 - length: 0x7 (20)
B3B5DE - length: 0x7 (7)
B41805 - length: 0x6 (29)
B8AF46 - length: 0x6 (67)
B9877E - length: 0x7 (43)
B988FD - length: 0xC (35)
BD1B02 - length: 0xA (12)
DBF4DC - length: 0x7 (54)
E16D80 - length: 0x7 (50)
E2A7C9 - length: 0xA (10)
E79050 - length: 0x7 (1)
E80446 - length: 0x7 (11)
E8044B - length: 0xD (2)
E80457 - length: 0xB (70)
E901A6 - length: 0x7 (15)
E901B6 - length: 0x7 (60)
E901D5 - length: 0x7 (32)
E901FA - length: 0x7 (24)
E94B1D - length: 0x9 (5)
E98F57 - length: 0x6 (14)
EAC1BD - length: 0x6 (68)
EAE0BB - length: 0x5 (69)
EAE0C0 - length: 0x5 (6)
EAE0DA - length: 0x5 (58)
EAF7E0 - length: 0x7 (63)
EAFBE0 - length: 0x6 (64)
EAFBE6 - length: 0x7 (65)
EAFBED - length: 0x8 (59)
EAFBFD - length: 0x7 (17)
EAFC06 - length: 0x6 (56)
EAFC16 - length: 0x7 (27)
EAFC1B - length: 0xB (34)
EAFC29 - length: 0x6 (61)
EAFC2F - length: 0xA (33)
EB0580 - length: 0xB (41)
EBDCCF - length: 0x9 (55)
EC0F0D - length: 0x7 (19)
EFA71E - length: 0xC (3)
F13A4F - length: 0x5 (16)
F2E0E0 - length: 0x6 (31)
F2E4C7 - length: 0xB (36)
F329D8 - length: 0x9 (4)
F3F1AF - length: 0x7 (37)
F3F2F5 - length: 0x6 (23)
F3F5F4 - length: 0x5 (8)
F3F907 - length: 0x7 (28)
F40116 - length: 0x3 (48)
F4014F - length: 0x6 (47)
F4085D - length: 0x6 (18)
F40866 - length: 0x5 (53)
F6B180 - length: 0x7 (21)
F72028 - length: 0x6 (62)
132DC04 - length: 0x8 (52)
132DD41 - length: 0x8 (66)
Signature Scans (Type 1 checks for IMAGE_DOS_SIGNATURE and IMAGE_NT_SIGNATURE before scanning)
Code:
; Offset - Length - Type - Hash - Seed
0x00000000 0x09 0 97EB34FA80B707885FF1D87359C33AD51BB15C89 AB6382B4
0x00000010 0x12 0 5A5360C60CEB150605F763A11203AE3FB0AF0482 9C06DE7E
0x000000FA 0x0B 0 CDF7A2D9C46FD531EF6D4B6F946358CCFC2FE32D 42D610C7
0x00001000 0x21 0 D15554E764AD3E265393238144167E2D6C2D7007 B1AA0F35
0x000013B6 0x31 0 2AA65FDA24BA295694DBD17EFDDEE114D1204EEB 2A718A4F
0x000013E6 0x31 0 AC1DC992EAF9426EC6F3F0A2577BDF62041A0BCA 7787BADC
0x00002128 0x14 1 484A7AF5CCE46BA97560C467E7294777DC780463 404BB4D9
0x000026F9 0x20 1 63FADD9244EC23CE0AE4452673B2176CD8859CAE 949EBAB0
0x00003024 0x0D 1 57F45C16A03C6724DCE24F4357D25DEB66D6D18F EDD6CD94
0x0000302E 0x1F 0 617ED3ABEFAC53E9A36016FE7DE09EFE48F1B880 8485A5E8
0x00003073 0x37 0 62E2ADE0531B41E64F6950ACD00360C92255D11B 0130FD81
0x00003113 0x10 1 B4D882F35A85714A60FA3E6D8CFEA138348E7370 8312AC58
0x000031B8 0x19 0 7A274AA8484EB4598A94FF3F8A123956A4EA083E D02ECC38
0x000032D0 0x36 0 3F1C5048B511F428349C4F4E3F8E8B57A8302744 F6ED4B2D
0x000034E2 0x0B 1 2E209B0555FA6987E4849B93EED85A6982AF15B8 E8DEED9C
0x00004074 0x0C 1 29C17A845C524DBA292403D5197226875129B439 0530FF50
0x000042F2 0x0B 1 1E99CA52E71958858CEA53E4367E268BF713619D E6502F0B
0x00004302 0x0B 1 FF5D2836C4D0D5DD7892B24C0C9F8ACB6866C5D8 BE99F0A1
0x00004312 0x0B 1 EFFE304BB01C864963AE95E677B77ACEDA9DEFA0 18B1FE2B
0x00004322 0x0B 1 4A5CB230901F59C04126C3AF6C17691FAB5B22C1 99EBD34F
0x00004342 0x0B 1 75C1643CB784C43157E5545D988A387185E280EC AA23E606
0x00004352 0x0B 1 59A35FEB511CA813A245727339E6EBD7DCEE72EA 669EF501
0x00004392 0x0B 1 944BBA1583D32A63A5705E991D38F72ACE5DC295 273CBB97
0x000043B2 0x0B 1 E4805E0163A6BF16C6D2D4D6EA5CA9C89FE1F33E 8B007BB1
0x000043E2 0x0B 1 0B5AA187D68B0DFB151B273B501E78E09C911C3E 5E6F6BAE
0x00004422 0x0B 1 7F2D8532152C5DA2116657899798956052E726B3 F7BDFE4A
0x00004492 0x0B 1 AA9FD2884B0E1D04FCA2B6983F25C6E1B244744F E1A89837
0x000044C2 0x0B 1 B77BA4F01417B5EC2B219F14EBBFFA2A60D0228A 3D8D6375
0x000044E2 0x0B 1 2778DE8509FA2A4E6712EB38E8AB4DB8E5E8445B 041CF2A1
0x000044F2 0x0B 1 8EE1BF8AAC943C98CC41C33B3FD99493F1C9BC73 B1FAB40A
0x00004502 0x0B 1 ADF2229F384B39D75F2210C065144B9B2261EC4D 40E8A58D
0x00004512 0x0B 1 31750FE459CC642E1BC4BE61A5ED19BDE948240D 3F72FC00
0x00004522 0x0B 1 917ED0E920B0AB9FD13B950B8E83467CF31109F2 D8AD665F
0x00004532 0x0B 1 2EBEF4A9FEB93DBECDE0534BC265BC5A92369492 A101147C
0x00004562 0x0B 1 800AD928471C3AEAAC399103EDCC59C949762E01 FF5E3396
0x000045E2 0x0B 1 B000FB4E94115AEC62FB781726C91FCAA2F7762A 81113E4C
0x000045F2 0x0B 1 66AE73AD6ADBE4AB4B35C52E78FC7A4EDFFF2E65 C4AB5EE7
0x00005452 0x0D 1 0D4AB99ABC553336457FD6F0BDEFD22E38D59A8B B77E39FE
0x00005462 0x0D 1 19A68A526657481E2422167689B7A75382FBFA01 5FC6AE72
0x000054B2 0x0B 1 407CF3DD7E21259F0812880F8439F7881C88CE4F 24DA1550
0x00005882 0x0B 1 B0331DBA8C8CDCC3533C09AAD05E982B3BF08E4C 9D48CB61
0x00006422 0x0D 1 30C7FE40005D7D6BBAA9A07380A0E06FA15F2932 17A45124
0x000064A2 0x0D 1 2EC53A06EE60B61C28B7421B772D7522D367C8BD 599B51AA
0x000071E4 0x17 1 3C4F64194C88D3B67A90E3C6B869070350CA3CF9 4D9E9E72
0x0000749C 0x14 1 02B3D8D68B8530833C0AA29473BB2E948768FE52 D8D4DBEB
0x000074BC 0x14 1 88D70459904D089D00BEEA693589D627223B189E 777BE450
0x0000753C 0x10 1 11D2F0AC5E3EAEECC49E74C2FD3A37AEF43563E7 39F606C3
0x0000755C 0x10 1 F7F72BFAF84C44FBC30F5375A5AD69A109667ADF D15612F7
0x000076C4 0x0E 1 488B092A6034BE3D95585DE94CFEE519048D52D8 5BC1CC88
0x00007724 0x0E 1 A535143E16CD86272F8ED8D79BB31B18D10471F7 F85A6D42
0x0000772C 0x0E 1 A9C57DA0FCE614CE9F3731DFD0453CBFBA925872 17055408
0x000081E0 0x1B 1 AF56901A5A86AA8DEEBDAE7A5E802F05FC44461D FFADF2DD
0x0000B0D0 0x0C 1 72C8E8D163B6FA97058A1D30D60EE502C64F169E 255B202B
0x0000B10C 0x18 1 478495CD563F3AECF2D165F6B24BE511397D2737 319C7B45
0x0000C130 0x29 1 E16B812BE9DC758F24DBB7F711A42A522EDBAA2A B0DBFC27
0x0000C17C 0x22 1 19DCC8706E427662734D4C08AFC2C4DF24842D3B D2621AAA
0x000146E8 0x23 1 B932B2EE610EA318843BA1D679293DE6F5505A2D 8D077B12
0x00016740 0x23 1 80D9FE4743853351E56184677AD28F7B9EE97FAF 2901E995
0x000170F3 0x18 1 3C01C60F01E9B6EE4A78FE58802DCE1377633AB2 95D60172
0x00017798 0x23 1 FAE4799643B39EDA59C9ACC8B0711406301CABCA F692D78C
0x00017798 0x29 1 E69D8D672C771A27770FEEC8D8A00C4FDD098C0E 8118C76D
0x000177A8 0x27 1 34B01AB066473C0950B4D449D4B1DD9ADDA594E8 7ED278A7
0x00018708 0x2C 1 49D83325C5F824EF922FA071046E6F3846C1C1BA BD5A1522
0x0001FC3A 0x0C 0 918838D9F78C58E83F5BAF41F3B4E64092507746 C7FB6FD7
0x00020FB8 0x73 0 F003ABE5AB1C0485CDEBE64958D756C774B5B2CC AFB95C02
0x000255F6 0x34 0 3C9CB7447F01A8B5D800D65617ACCF51F6CEDD80 84EEB84F
0x000255FE 0x34 0 96AAE2A3537A3F798989AB8ADE967692EE49FC77 013355DE
0x0002660E 0x34 0 62A09E2D230113B420E31EA5629CC746AC16640B CAA16E59
0x0003DE3F 0x0C 1 FDFE873D5A9EE9378BDA6235D4BD83C4AC95795B 7DAA78AD
0x0005C14F 0x08 1 BD67C0F221DDF465656FD52676B3E20653E302F6 21ECA230
0x000A05F5 0x0C 1 7D3C769DDB209F8EE3EA8BF51FADA31C6D7B1FFE A6EBF1E6
0x000ACE0A 0x0B 1 39F1D479A976CD2FB097D06C8A49E35E40454ED6 3E9D450B
0x000B5DDB 0x0C 1 A38F0E96E817A93115B8EBBE84CA47B6FA02045A 162643AE
0x00245C7B 0x0D 1 CEF164AE6A86DB3C3B508F0671BE8707BA48ABCF 59AC2ED2
0x00835BE8 0x0C 1 CACA69EC69B7EC8C06B1AB420CE91459488BFF58 88606889
Code:
WinAPI Detour Scans (Traces hook to destination and does a signature scan; Only checks the first 6 bytes for a hook)
Code:
; Offset - Length - Hash - Seed - Function
0x00001F58 0x12 C771FFF44E01D36C5BB05EFC0961C3AAF94BBF02 67B96693 kernel32.VirtualQuery
CREDITS TO ValiantChaos, Posts 1–1 of 1 · Page 1 of 1