So I ran across this post over on RandomRMTSite_01 and I am more than a little concerned about this. While there is no evidence presented, it does beg the question of precisely how the mod staff catches MQers and RMT peddlers so efficiently.

If any of this turns out to be true it would an very serious breach of privacy and borderline criminal. I've never engaged in cheating or RMT but I know I have checked my bank account, mortgage information, medical records, and many other sensitive websites while Project 1999 was open.

Quote and source:
We are 99% certain that the P99 staff are lying to players about their RMT detection methods. Last month, it was "Your seller is ratting you out!" as seen here:
[Removed link]

This month the GM's are claiming, "we have a moderator on RandomRMTSite_01 who can see your ip!!"

After extensive research, I can see why they'd want to create new lies each month.

Only two people on RandomRMTSite_01 are given access to your IP information. Maskoi and myself. Neither of us play on P99, but we appreciate the community you guys have built here and are going to support you 100%. Also, moderators cannot see IP's, and beyond that, the bazaar has no moderators! Hard for "moderators to see ur ip!!!!!!" when they don't exist.

But because I'm a paranoid nutter and I respect the talent behind P99, I made everyone take their accusation seriously. Even though moderators don't have access to IP information, we immediately worried that our server was compromised, so we scoured our logs for any signs of IP access and found nothing. We double checked for server exploits, shells, rootkits, etc. and found nothing. I personally spent two days going over a 3GB mysql log BY HAND for any signs of anomolies. There has been no outside access.

Here's what we've discovered from reverse engineering: P99's dsetup.dll actively scans your PC. For exactly what, we can't say, but we have cracked a couple mysteries:

1) It includes some NSA-level intrusive scans on your PC.
2) P99 GM's have full access to every window title and URL you have open.

I've updated our safety thread in accordance with these discoveries. Please log off p99 before visiting Redguides, or use a different PC or your phone.

We barely cover costs from giving P99 players a home here, but you guys have done a great job building a community and we want to protect your hard work from these psychos. If there's anything we can do to make you safer from scammers, GM's and other scum, please let us know.
[Removed link]

Lol


First

So glad everyone believes what they read on the internet.

For an official comment, please see https://www.reddit.com/r/project1999/comments/3pcrbi/project_1999_dsetupdll_scans_your_open_programs/cw5bqjv

in before close

So glad everyone believes what they read on the internet.

For an official comment, please see https://www.reddit.com/r/project1999/comments/3pcrbi/project_1999_dsetupdll_scans_your_open_programs/cw5bqjv

do you not see the irony in your comment

Gotta love when people think they know what they are seeing in the code but are just plain bad/lying.

subscribed

do you not see the irony in your comment

Hahah touche.

Though this isn't new, this comes up often, the answer is the same every time.

So glad everyone believes what they read on the internet.

For an official comment, please see https://www.reddit.com/r/project1999/comments/3pcrbi/project_1999_dsetupdll_scans_your_open_programs/cw5bqjv

Do you not see why folks would be especially cautious of a modified aging game client that can be used to see private information? It isn't like it is something that is out of the question. It is a very real possibility and most players here do not know any of the P1999 staff, so what assurance would we have that they are acting in good faith?

I understand the tediousness of explaining it as Rogean did, but suspending my post until damage control was put up and then coming at this with snark is an awful way to go about things wouldn't you say?

Rogean is telling the truth.
You guys are morons.

Dump the DLL and reverse it yourself if you're so concerned. I know what it does and I am not concerned.

The only reason fearmongering happened was when I threw a tantrum a few years back - similar to what this ex-Guide is doing - and then I realized it was more important to just be honest and none of this is an issue and I am posting here once again in topics.

Rogean made a post years ago - confronting me on my false accusations - which sums this up:

What's funny is Secrets continues to claim he knows what the dsetup.dll does and how it works, when he never saw the code for it. People think that he helped me write it.. the only thing he helped with was coming up with the implementation of getting it into the process. As far as what it does.. I can tell you for a fact it does not collect information about processes unless they directly access Everquest memory space.

Redguides is following the same fearmongering steps I did and it appears as though it's working.

And which one of you fucks on Facebook is named "Clayton" and why do you think you're important?

PS; dsetup.dll is clean contrary to what ANYONE else tells you. It doesn't do 'nsa spying shit' - unless you're trying to watch porn in your EverQuest client, then it can see your browsing history and you deserve to be spyed on because you're fucking weird anyways.

Do you not see why folks would be especially cautious of a modified aging game client that can be used to see private information? It isn't like it is something that is out of the question. It is a very real possibility and most players here do not know any of the P1999 staff, so what assurance would we have that they are acting in good faith?

I understand the tediousness of explaining it as Rogean did, but suspending my post until damage control was put up and then coming at this with snark is an awful way to go about things wouldn't you say?

You're making an awful lot of assumptions here.

The post was initially blanket deleted as it contained links to RedGuides. On second review, as you can see, I removed the RG links and restored it into it's proper section (Rants n Flames).

What is that RG poster's goal?

He or she claims to want to "protect player's hard work," but provides only vague statements with no support (even though it was "reverse engineered"), yet RG actively encourages people to hack and RMT, which they know results in people getting banned.

And which one of you fucks on Facebook is named "Clayton" and why do you think you're important?

How about you use that dsetup.dll to find out!

http://motherboard-images.vice.com/content-images/article/19689/1425666867375167.jpg

I thought you couldn't dump it because wrapper <words I don't understand> and etc. Was that even about this?

How'd ya do it

How about you use that dsetup.dll to find out!

http://motherboard-images.vice.com/content-images/article/19689/1425666867375167.jpg?crop=0.9394915861081274xw:1xh ;*,*&resize=1200:*&output-format=jpeg&output-quality=90

such fail...

I thought you couldn't dump it because wrapper <words I don't understand> and etc. Was that even about this?

How'd ya do it

Technology evolves. My copy of Ollydbg can dump most, if not all, applications from memory now compared to when I was learning about this stuff.

[QUOTE=Era'viss;2081349]How about you use that dsetup.dll to find out!/QUOTE]

i lol'd

well shit, I'm making the same novice mistakes. Keyboard conspiracy. dsetup.dll is making me type letters on my keyFFFFFFFFFFFFFFFFFFFFF

well shit, I'm making the same novice mistakes. Keyboard conspiracy. dsetup.dll is making me type letters on my keyFFFFFFFFFFFFFFFFFFFFF


50 DKP MINUS!

We double checked for ... rootkits

Yes, because it's entirely possible to install a rootkit on someone's computer by copying over a .dll file.

Here's what we've discovered from reverse engineering

Hear that? Reverse engineering. They stuck their hard drive under an electron microscope and China'd the fuck out of that dll. I already know I can trust what this guy is saying because he decides to say "reverse engineering" rather than decompiling, since the latter does not sound nearly as cool. Decompiling files without the source code can easily produce unreadable garbage, so they must really know what they're doing.

It includes some NSA-level intrusive scans on your PC

"NSA-level" sounds exactly like something a person would say when they don't know what they're talking about and trying to drum up panic.

I personally spent two days going over a 3GB mysql log BY HAND for any signs of anomolies.

Sure, this guy couldn't trust the DBMS so he went through the MySQL logs by hand, logs that were presumably compiled by the very same DBMS he decided to forego using. What the hell does "by hand" even mean in this case? Excessive use of Notepad++ and CTRL+F?

This reeks of bullshit.

The pedophiles are getting rustled again that Rogean is going to put the kibosh on their operation? /popcorn

Greengrocers link though....

50 DKP MINUS!

Secrets would have to actually log in and raid to get dkp for negative dkp to matter!

do you not see the irony in your comment
Irony >>>>> Tinfoil

Red guides: P99 has data stealing DLL.
P99: No we don't.
Stormfists: Your both full of shit.
Community: Yay storm yay.

/FIN.

Red guides: P99 has data stealing DLL.
P99: No we don't.
Stormfists: Your both full of shit.
Community: Yay storm yay.

/FIN.

https://media.giphy.com/media/IOCXHPvn3WErm/giphy.gif

rogean nsa spy confirmed.

Red guides: P99 has data stealing DLL.
P99: No we don't.
Stormfists: Your both full of shit.
Community: Yay storm yay.

/FIN.

You're

So how could the EQClient executable access information outside of the access privelages it is granted when it's installed on the system? Swapping out a .dll file won't change these, meaning that P1999 can only access data within the process's allotted memory, in the locations on secondary storage specified by said access privelages, and data that is shared with the process by other processes it interacts with.

So how would the addition of a .dll file allow the EQClient to grab data from the web browser, which is an entirely separate process that does not interact with it whatsoever? How does this executable suddenly get full access to the file management system simply through the addition of a dll? Can someone please let me know if this is possible? I knly just graduated from Comp Sci, but all of these claims seem to be full of shit to me. Am I missing something here?

So how could the EQClient executable access information outside of the access privelages it is granted when it's installed on the system? Swapping out a .dll file won't change these, meaning that P1999 can only access data within the process's allotted memory, in the locations on secondary storage specified by said access privelages, and data that is shared with the process by other processes it interacts with.

So how would the addition of a .dll file allow the EQClient to grab data from the web browser, which is an entirely separate process that does not interact with it whatsoever? How does this executable suddenly get full access to the file management system simply through the addition of a dll? Can someone please let me know if this is possible? I knly just graduated from Comp Sci, but all of these claims seem to be full of shit to me. Am I missing something here?

This sounds pretty legit

It doesn't, which is what Rogean and Secrets are saying. Unless the browser somehow interacted with the EQ executable.

So. If you try to read what's in your local mem space, it will start a logging process? Or is it modify only?

the best part of the thread was secrets arguing with clayton (last name here) on the FB page.

the best part of the thread was secrets arguing with clayton (last name here) on the FB page.

http://puu.sh/kQmv9/c43e7d9870.jpg

You're

You're.

Fucking lol. I was hoping this would end up on RnF.

"YOU WON'T BELIEVE WHAT ROGAIN IS UP TO NOW. PLAYERBASES HATE HIM. FIND OUT WHAT HE CAN DO WITH A SINGLE DYNAMIC LINK LIBRARY."

You ultra-libertarian tinfoils make me confident in life.

Hahah touche.

Though this isn't new, this comes up often, the answer is the same every time.

Isn't that what Bush did?

So. If you try to read what's in your local mem space, it will start a logging process? Or is it modify only?

Every process is allotted a portion of memory it can use at runtime. This process cannot access the memory space of any other process by virtue of the process control board unless specifically allowed to do so. When you ask can "you" read, do you mean you as a user accessing the memory? It's definitely possible to grab the data in memory, but from what I've seen, a number of games, usually MMOs, have code built in that detects if you access its process memory and will kick you. This is implemented to help combat botting and I know ArcheAge had something like this in place.

Sorry for the double post. To clarify, I'm pretty sure you can still write a program that accesses the process memory of another process. This is what MQ does from what I gather. However, the process whose memory is being access can see what other processes are interacting with it, which is how I think anti-cheat measures are created to combat things like client-side hacking and grabbing or altering the game's memory.

This is what I believe Rogean's code does: it detects whether or not another program is accessing EverQuest's memory space and sends information on that program to his server. This is how he can see the filepath that MQ was installed in. When a program runs, it does not run as "program.exe". It runs as "C:/Program Files/fuckyou/program.exe". Being able to see the filepath and the machine's name does not mean the program has access to other information in your system.

Furthermore, the Everquest client code is not altered whatsoever by Rogean. I believe this means that it will only be able to access primary and secondary memory that the actual EverQuest game could access. In other words, Rogean cannot somehow change the client such that it can grab web browser information or other system information outside of the information it normally has access to just by adding in a dll file.

So how could the EQClient executable access information outside of the access privelages it is granted when it's installed on the system? Swapping out a .dll file won't change these, meaning that P1999 can only access data within the process's allotted memory, in the locations on secondary storage specified by said access privelages, and data that is shared with the process by other processes it interacts with.

So how would the addition of a .dll file allow the EQClient to grab data from the web browser, which is an entirely separate process that does not interact with it whatsoever? How does this executable suddenly get full access to the file management system simply through the addition of a dll? Can someone please let me know if this is possible? I knly just graduated from Comp Sci, but all of these claims seem to be full of shit to me. Am I missing something here?

Here's where to start: https://en.wikipedia.org/wiki/DLL_injection

It usually involves more than just swapping out a DLL. It's easiest to have an executable that can do the injection (see bullet point #3 in the wiki for how-to).

Once you can get another process to load your DLL, then your DLL main function will be called. This is where the process that's being injected into loses all control, and this is precisely why a detection mechanism for cheating would target foreign DLLs. An attacker can have all kinds of fun in here since they are executing in the other process' address space.

So, rough sketch of how P1999 staff could theoretically make your EQClient grab data from your web browser:
1) Inject a DLL into EQClient through the launcher.
2) Now the DLL main function will get called by EQClient. They put the code for DLL injection into the DLL that's being injected though! So now this DLL main will make EQClient inject the very same DLL into your web browser. If you are feeling fancy (or kinky) you could do something like hooking the function for receiving tells and trigger this to happen only when "gay elf love" is contained in the text.
3) The same thing happens inside the web browser except it starts snapping screenshots. Hide yo kids, hide yo wife.

The claim that it's possible is not full of shit.. I wouldn't miss any sleep over worrying about it though.

PS: I see you've worked out more of this while I wrote this post. Cool. Gonna post it anyway in case you find something interesting.

PS: I see you've worked out more of this while I wrote this post. Cool. Gonna post it anyway in case you find something interesting.

No, this is good shit. Thanks for posting it!

They put the code for DLL injection into the DLL that's being injected though! So now this DLL main will make EQClient inject the very same DLL into your web browser.

So how exactly would the EQClient be able to inject this code into the web browser if it does not have access permission to touch the web browser?

I had a feeling that there was some way to include malicious code in the dll file but I thought that it would also require specific conditions with the executable loading it, as well. Is it possible to know whether or not the EQClient can be used this way? Does the swapped dll file alter the executable file to inject code in this way, and how could it access other programs if the access permissions to do so were not originally granted to the executable loading the dll file?

No, this is good shit. Thanks for posting it!



So how exactly would the EQClient be able to inject this code into the web browser if it does not have access permission to touch the web browser?

I had a feeling that there was some way to include malicious code in the dll file but I thought that it would also require specific conditions with the executable loading it, as well. Is it possible to know whether or not the EQClient can be used this way? Does the swapped dll file alter the executable file to inject code in this way, and how could it access other programs if the access permissions to do so were not originally granted to the executable loading the dll file?

Without setting off every red flag for your AV/Anti-Malware? It can't. That's why it's bullshit. That it's possible is irrelevant. Process hijacking is a heuristic that's like....dead giveaways 101 for malicious software.

Without setting off every red flag for your AV/Anti-Malware? It can't. That's why it's bullshit. That it's possible is irrelevant. Process hijacking is a heuristic that's like....dead giveaways 101 for malicious software.

Ok, yeah, I figured that this would be very easy to prevent or otherwise detect.

this explains why my bank account is low and i got that fixit ticket for expired registration the other week and i may have a drinking problem

illuminati everywhere

damnit rogean. glad to have someone reveal the TRUTH for all to see

Ok, yeah, I figured that this would be very easy to prevent or otherwise detect.

Without looking at the DLL myself, I'd put money on it working like:

If window says "MQ2" (or whatever), send "OH SHIT" to Rogean.

Else: do nothing

Without looking at the DLL myself, I'd put money on it working like:

If window says "MQ2" (or whatever), send "OH SHIT" to Rogean.

Else: do nothing

Naw, it probably goes something like

If: web browser says "cuckhold", send site login information to Rogean.

Else: send bank account info and install ransomware.

i heard the virgin detector they put in the client crashed the internet for 30 minuets.

Naw, it probably goes something like

If: web browser says "cuckhold", send site login information to Rogean.

Else: send bank account info and install ransomware.

lel

i heard the virgin detector they put in the client crashed the internet for 30 minuets.

EverQuest can't run on Linux, though.

Pretty much, a DLL can do all of that. But his doesn't that is the key.

It'd set off AVs and then some. And not just on runtime; it only sets off AVs on runtime because it's packed with Themida. If it was sending your bank information or recording keystrokes you figured someone would've picked that up by now.

Does the swapped dll file alter the executable file to inject code in this way, and how could it access other programs if the access permissions to do so were not originally granted to the executable loading the dll file?

IIRC it prompts for admin privileges -- it's been a while. :)

I didn't intend to claim it was practical!

I am literally gobsmacked at the amount of bullshit being shoveled around trying to cover over the basic fact. WHEN YOU CLICK THIS EMU TO RUN YOU ARE ALLOWING ****MULTIPLE REAL TIME***** programs to start running on your computer. You are basically enabling a program, that you have ***ZERO*** control over that it actually runs!

Internet 101 people. The guides and gm's here are blowing so much smoke they make Admiral Poindexter look like Gilligan.

I'm very concerned with the safety of my megabytes

I am literally gobsmacked at the amount of bullshit being shoveled around trying to cover over the basic fact.

Yeah, don't let facts or technical knowledge get in the way of your hyperbole and paranoia! The reason you're "gobsmacked" is because you know fuckall about software, but for some reason you've decided that knowledgeable people telling you

WHEN YOU CLICK THIS EMU TO RUN YOU ARE ALLOWING ****MULTIPLE REAL TIME***** programs to start running on your computer.

No, one program runs on your computer. Go start Everquest right now. Then go to your process list using Alt+Ctrl+Del. You see that single process called eqgame.exe? Yeah, that's the one program that runs. WinEQ2 may be running as a child process if you use it.

If you have Windows 8 or 10, you can also see what processes are accessing the network card and how much bandwidth they are using. When you only run EQ, do you see any other processes using bandwidth? No? Then that means that the only thing accessing the internet at the time (outside of your operating system) is the EQClient. No other programs are running.

You are basically enabling a program, that you have ***ZERO*** control over that it actually runs!

I don't even know how to approach this stupidity. What does this even mean? You have control over numerous aspects of the program, like if it runs or not. That's what the little red X in the top right corner of the screen is for.

Internet 101 people. The guides and gm's here are blowing so much smoke they make Admiral Poindexter look like Gilligan.

What is Internet 101? What the fuck are you even talking about? You haven't even touched on any actual network aspects of the issue. You've just spouted a bunch of nonsense then acted as if you said something coherent. Your ignorance is astounding.

Double post cuz mad.

The second sentence in the above post was supposed to read:

The reason you're "gobsmacked" is because you know fuckall about software, but for some reason you've decided that knowledgeable people telling you you're wrong only validates your unfounded fears.

There was a lot of stupidity to process in that reply, so please forgive me for the mistake.

Most of you guys care more about PP/lewts then your bank account info, so the points moot.

Guys shut up, I need necro spells. Pls sell to me in EC PSTSTSTSTST.

simp403, you fell for my troll. just sayin.

That was good stupid tho, eh?

simp403, you fell for my troll. just sayin.

that was epic. epic for the win!

fuck you

fuck you

Most of you guys care more about PP/lewts then your bank account info, so the points moot.

Best post on this whole thread.

Pretty much, a DLL can do all of that. But his doesn't that is the key.

It'd set off AVs and then some. And not just on runtime; it only sets off AVs on runtime because it's packed with Themida. If it was sending your bank information or recording keystrokes you figured someone would've picked that up by now.

To be fair, most of your replies in this thread as well as the official explanation are NSA-level in response to the Snowden revelations.

You and the staff have provided some good insight, and the people appreciate your engagement on it.

But you ultimately shrug responsibility for power a .dll like this can provide and demand blind faith and trust in who has access to the data and who can manipulate the data.

Without a 3rd party being allowed to examine the code and determine whether it can be used maliciously, or outlining who is given access and when aka more detail oversight assurance etc., all due respect, you are essentially just blowing smoke and sweet nothings like the NSA.

Just saying.

Pretty much, a DLL can do all of that. But his doesn't that is the key.

It'd set off AVs and then some. And not just on runtime; it only sets off AVs on runtime because it's packed with Themida. If it was sending your bank information or recording keystrokes you figured someone would've picked that up by now.

I believe you that it doesn't do anything malicious. However, it's completely reasonable to be suspicious of it. I don't see any supporting arguments for your case.


Dump the DLL and reverse it yourself if you're so concerned. I know what it does and I am not concerned.


There are not many people who can do this. This expectation is absurd and makes you look silly.

I don't understand why this shouldn't be open sourced. I mean it is trivial to reverse it anyway, right? :rolleyes:

I guess if you don't take them at their word and don't want to check the code yourself then your only option is to stop playing P99. They aren't changing the DLL.

I guess if you don't take them at their word and don't want to check the code yourself then your only option is to stop playing P99. They aren't changing the DLL.

^

"my house my rules"

I hope rogean doesn't find my taint pics!

To be fair, most of your replies in this thread as well as the official explanation are NSA-level in response to the Snowden revelations.

You and the staff have provided some good insight, and the people appreciate your engagement on it.

But you ultimately shrug responsibility for power a .dll like this can provide and demand blind faith and trust in who has access to the data and who can manipulate the data.

Without a 3rd party being allowed to examine the code and determine whether it can be used maliciously, or outlining who is given access and when aka more detail oversight assurance etc., all due respect, you are essentially just blowing smoke and sweet nothings like the NSA.

Just saying.

I hope you're just being stupid on purpose like the other guy.

I believe you that it doesn't do anything malicious. However, it's completely reasonable to be suspicious of it. I don't see any supporting arguments for your case.



There are not many people who can do this. This expectation is absurd and makes you look silly.

I don't understand why this shouldn't be open sourced. I mean it is trivial to reverse it anyway, right? :rolleyes:

"It's perfectly reasonable to be tinfoil over a .dll file, but asking me to investigate facts is just silly." Alaron01 - 2015

simp403, you fell for my troll. just sayin.

Hook, line, and sinker. That was convincing and pushed just the right buttons.

I guess if you don't take them at their word and don't want to check the code yourself then your only option is to stop playing P99. They aren't changing the DLL.

Well put. Also, comparing P99 staff to the NSA is absurd. P99 is not taxpayer funded and our interaction with them and their product is 100% consensual. If we don't like it we need not engage them for leisure. I don't particularly care ^^ I enjoy p99 and am hard pressed to believe the developers are angling to clean out or bank accounts, steal or identities or blackmail us for watching sailor moon.

I believe you that it doesn't do anything malicious. However, it's completely reasonable to be suspicious of it. I don't see any supporting arguments for your case.



There are not many people who can do this. This expectation is absurd and makes you look silly.

I don't understand why this shouldn't be open sourced. I mean it is trivial to reverse it anyway, right? :rolleyes:

If I had to guess, I'd guess that open sourcing the anti-cheat methods would make it easy to learn how to beat it.

To be fair, most of your replies in this thread as well as the official explanation are NSA-level in response to the Snowden revelations.

You and the staff have provided some good insight, and the people appreciate your engagement on it.

But you ultimately shrug responsibility for power a .dll like this can provide and demand blind faith and trust in who has access to the data and who can manipulate the data.

Without a 3rd party being allowed to examine the code and determine whether it can be used maliciously, or outlining who is given access and when aka more detail oversight assurance etc., all due respect, you are essentially just blowing smoke and sweet nothings like the NSA.

Just saying.

http://i.imgur.com/NFLPZpH.png

If I had to guess, I'd guess that open sourcing the anti-cheat methods would make it easy to learn how to beat it.

Bingo.

It's not important what the DLL does...

Well, that's an easy one. It's Microsoft's fault.

it's trivial to reverse for the advanced x86 asm-knowing programmer. nothing is stopping you from getting phant0m + ollydump and figuring out the same thing. unless you can't, then you can just stick with the tinfoil hat on.

"It's perfectly reasonable to be tinfoil over a .dll file, but asking me to investigate facts is just silly." Alaron01 - 2015

Downloading executable code off the internet is like sticking your dick into a glory hole. You would really rather like to know what's on the other side. Sometimes it just feels so good (P99) that you don't care.

Anyway, let's break it down into parts.

It's perfectly reasonable to be tinfoil over a .dll file,

Tinfoil, perhaps not. It does make me ask: what is this and what does it do?

but asking me to investigate facts is just silly

Let's assume that you are a young child who wants to verify that humanity has indeed traveled to the moon. When you ask your father he could do one of two things,

1) Offer some documentation of the journey to the moon. It could be a book with pictures or a TV documentary. Something like that.
2) He could tell you that you must make the journey yourself and find the footsteps left by the original astronauts.

Telling normal people to decompile DLLs is similar to option 2. I'm saying that although you may possess the technical chops to do so, you should be remain empathetic with those who don't. It's an asinine thing to say.

Anyway, I hadn't seen Rogean's description of what the DLL did in the reddit thread until now. I'm fine with that. That's more like option 1.

In summary, "I like to stick my cock in random glory holes" - Ostros

it's trivial to reverse for the advanced x86 asm-knowing programmer. nothing is stopping you from getting phant0m + ollydump and figuring out the same thing. unless you can't, then you can just stick with the tinfoil hat on.

Is this your method of masturbation?

Fact: Rogean's real name is Peter Attah and he resides in Lagos, Nigeria. DO NOT TRUST

Fact: Rogean's real name is Peter Attah and he resides in Lagos, Nigeria. DO NOT TRUST

Awwww shit T.T

In summary, "I like to stick my cock in random glory holes" - Ostros

Wait a minute, that was you? Your mouth is soft. :o

Downloading executable code off the internet is like sticking your dick into a glory hole. You would really rather like to know what's on the other side. Sometimes it just feels so good (P99) that you don't care.

Anyway, let's break it down into parts.

It's perfectly reasonable to be tinfoil over a .dll file,

Tinfoil, perhaps not. It does make me ask: what is this and what does it do?

but asking me to investigate facts is just silly

Let's assume that you are a young child who wants to verify that humanity has indeed traveled to the moon. When you ask your father he could do one of two things,

1) Offer some documentation of the journey to the moon. It could be a book with pictures or a TV documentary. Something like that.
2) He could tell you that you must make the journey yourself and find the footsteps left by the original astronauts.

Telling normal people to decompile DLLs is similar to option 2. I'm saying that although you may possess the technical chops to do so, you should be remain empathetic with those who don't. It's an asinine thing to say.

Anyway, I hadn't seen Rogean's description of what the DLL did in the reddit thread until now. I'm fine with that. That's more like option 1.


Do you even know what a .dll is? I mean I guess not, since you bold faced admitted it. Let me give you a hint: it's not an .exe

And no, fuck empathy here. You hopped RIGHT on that paranoid tardwagon instead of researching fully first. There's a difference between "hey what's this and what does it do?" and "here's an article on DLL injection and a barely coherent explanation of my understanding of it".

Come on, now. :rolleyes:

Wait a minute, that was you? Your mouth is soft. :o

;)

Do you even know what a .dll is? I mean I guess not, since you bold faced admitted it. Let me give you a hint: it's not an .exe

And no, fuck empathy here. You hopped RIGHT on that paranoid tardwagon instead of researching fully first. There's a difference between "hey what's this and what does it do?" and "here's an article on DLL injection and a barely coherent explanation of my understanding of it".

Come on, now. :rolleyes:

The only difference between an executable and a DLL is that an executable contains an entry point. If a DLL is having its DLL main executed then it is, for all practical purposes, an executable. Did you know you can load an executable as a DLL as well? How fun! (https://msdn.microsoft.com/en-us/library/ms684175(v=vs.85).aspx)

I don't really feel like having a long discussion about this though. I just can't live with myself if I spend too long arguing over something so ridiculous. I will give you a reference here (http://stackoverflow.com/questions/1210873/difference-between-dll-and-exe) to shut down this particular argument since I've participated so far, but after this I'm done.

Thanks for the dirty talk.

You guys are nuts. Clearly Rogean is tracking us. Haven't you found the phone bugs yet?

You guys are nuts. Clearly Rogean is tracking us. Haven't you found the phone bugs yet?

Dragons bootstrap malicious javascript into your SQL processor which performs a cross site scripting hijack combined with a focused zero day attack whenever you batphone.

Dragons bootstrap malicious javascript into your SQL processor which performs a cross site scripting hijack combined with a focused zero day attack whenever you batphone.

yes

The only difference between an executable and a DLL is that an executable contains an entry point. If a DLL is having its DLL main executed then it is, for all practical purposes, an executable. Did you know you can load an executable as a DLL as well? How fun! (https://msdn.microsoft.com/en-us/library/ms684175(v=vs.85).aspx)

I don't really feel like having a long discussion about this though. I just can't live with myself if I spend too long arguing over something so ridiculous. I will give you a reference here (http://stackoverflow.com/questions/1210873/difference-between-dll-and-exe) to shut down this particular argument since I've participated so far, but after this I'm done.

Thanks for the dirty talk.

I can't stop laughing. Do you even read the links you post?

I can't stop laughing. Do you even read the links you post?

I have decided I will entertain a reasoned objection to what I just posted. I just can't help myself. :D

I have decided I will entertain a reasoned objection to what I just posted. I just can't help myself. :D

And I've decided that I'm just going to point and laugh. Join in on the fun lads.

And I've decided that I'm just going to point and laugh. Join in on the fun lads.

I figured you'd have nothing. Ok, bye now :)

I figured you'd have nothing. Ok, bye now :)

You're right. I don't. You did it for me. You just can't fucking read. I can't respond to literally nothing new from your view point.

Get out.

lol

You're right. I don't. You did it for me. You just can't fucking read.

I posted reading materials that clearly back up what I was saying and you accuse me of not reading?


I can't respond to literally nothing new from your view point.


What does that even mean?


Get out.


I'm trying, but you're too cute.

it's trivial to reverse for the advanced x86 asm-knowing programmer. nothing is stopping you from getting phant0m + ollydump and figuring out the same thing. unless you can't, then you can just stick with the tinfoil hat on.

This is complete bullshit right here. He may look good in a wig, but time to put the brakes on the Secrets smokeshow I think. Too many people getting smoked up and choking in this thread.

Even someone familiar with ASM would be missing little intricacies and intended functions of the program and what its capabilities are. lol who the fuck is going to disassemble a .dll anyway? That's ridiculous. You won't find a single sperg who is willing to do this because there will still be incomplete guesses and theories to fill in the limitations of "decompiling" (lol) a .dll file. You would still end up theorizing even if you were decent at making sense of ASM. Its a fucking .dll, its not going to be decompiled..

A good faith offer would be to allow a 3rd party programmer in good standing, with his place of employment provided to Rogean, (for assurance and security clearance) to examine the source code and give a statement on its scope and power.



And of course I don't believe Rogean, nilbog, Sirken or any high level P99 staff would misuse any data, even if the .dll were sucking up everyones financials. Those are all stand-up guys.

It is the temp volunteers of P99 people should be most concerned about having access to any type of data collection device. It is the employees of the NSA people are concerned about. The contractors, the senior guides, the here-today-gone-tomorrow GM's, and yes, even your beloved Secrets. :P

Let's assume that you are a young child who wants to verify that humanity has indeed traveled to the moon. When you ask your father he could do one of two things,

1) Offer some documentation of the journey to the moon. It could be a book with pictures or a TV documentary. Something like that.
2) He could tell you that you must make the journey yourself and find the footsteps left by the original astronauts.

Telling normal people to decompile DLLs is similar to option 2. I'm saying that although you may possess the technical chops to do so, you should be remain empathetic with those who don't. It's an asinine thing to say.


Its a troll. You can't "decompile" a .dll file. Period.

Even your precious RedGuides is just speculating and making baseless accusations after "decompiling" (LOL) and attempting to make sense of a "decompiled" .dll.

Good smoke though, completely derailed constructive discussion.

Even someone familiar with ASM would be missing little intricacies and intended functions of the program and what its capabilities are. lol who the fuck is going to disassemble a .dll anyway? That's ridiculous. You won't find a single sperg who is willing to do this because there will still be incomplete guesses and theories to fill in the limitations of "decompiling" (lol) a .dll file. You would still end up theorizing even if you were decent at making sense of ASM.


There are plenty of people who live and breath assembly code. For example, anyone who does decent penetration testing will be able to read assembly. Furthermore, there are no "intricacies and intended functions" that would be missed if someone had their hands on the actual bytecode, which can be obtained using an x86 debugger like Secrets said. Anyone with a decent level of proficiency with asm can translate the bytecode directly to assemble. It's just a matter of translating the assembly into a specific high level language, but nothing would be missing from the actual assembly code.


Its a fucking .dll, its not going to be decompiled..


This took me less than two minute to find. (https://social.msdn.microsoft.com/forums/vstudio/en-US/05b3cf5d-ead3-4274-88f5-6e8cbda8e8d8/decompiling-a-dll-file-to-view-source-code)

Please just stop talking. It's obvious to anyone with actual technical knowledge that you're talking out of your ass.

There are plenty of people who live and breath assembly code.

Please just stop talking. It's obvious to anyone with actual technical knowledge that you're talking out of your ass.

ASM reverse-engineering won't be done to a .dll, and certainly not this one.

Why? Because no one can or will do it.

Provide actual evidence rmtsite reverse-engineered the .dll a single member of the P99 community can do anything with ASM or shut up.

It would have been done by no for something "serious" like this. Don't you think? Who is the ass now? How possible is it again? :)

There are plenty of people who live and breath assembly code. For example, anyone who does decent penetration testing will be able to read assembly. Furthermore, there are no "intricacies and intended functions" that would be missed if someone had their hands on the actual bytecode, which can be obtained using an x86 debugger like Secrets said. Anyone with a decent level of proficiency with asm can translate the bytecode directly to assemble. It's just a matter of translating the assembly into a specific high level language, but nothing would be missing from the actual assembly code.



This took me less than two minute to find. (https://social.msdn.microsoft.com/forums/vstudio/en-US/05b3cf5d-ead3-4274-88f5-6e8cbda8e8d8/decompiling-a-dll-file-to-view-source-code)

Please just stop talking. It's obvious to anyone with actual technical knowledge that you're talking out of your ass.

I agree with you. But I still think there is a good chance Secrets is talking out their ass.

Please just stop talking. It's obvious to anyone with actual technical knowledge that you're talking out of your ass.

Your posts are just like Secrets, not relevant to the discussion.

Put up or shut up if you know all these guys who do "ASM" in the P99 community (As if ASM is a programming language)

I had enough watching you "well its possible" smoke blowers. Not even your precious scummy rmtsite could make sense of it.

Want to try to make another post that's relevant again?

I agree with you. But I still think there is a good chance Secrets is talking out their ass.

Tell simp to put up or shut up. ASM isn't required for any programmer, its not a language.

You can't decompile a .dll. Suggesting so is a slur of the word decompile. You would still be speculating as to some of the functions of the .dll even if you could make sense of some of it.

rmtsite is incapable of it, simp is incapable of it, Secrets is incapable of it as well. Not relevant to the discussion. This isn't about "well anyone can decompile it" because you cannot.

Wrong. It can be done, as demonstrated by my previous link and the one provided below. Will it be done? No, because



That's some nice shifting of the goalposts. At what point did I ever say that I thought they actually decompiled it? I mentioned that they talked about "reverse engineering" in lieu of just saying they decompiled to try sounding knowledgeable, but I still said that I thought they're full of shit.

However, it's not even necessary to actually obtain code from the dll file to realize that this is all a load of shit. That's the conversation prior to your posts was concerning.



You're still the ass. (http://reverseengineering.stackexchange.com/questions/235/how-to-decompile-dll-files)

Let's get another thing straight: "decompiling" typically refers to the use of a decompiler to convert from bytecode to assembly, then from assembly to a higher level language. On the other hand, someone can use a debugger to get the actual bytecode of the program being run, and then directly translate that to the assembly language dictated by the processor's instruction set architecture. Once they have the assembly code, then they can translate it to a higher level langauge. These are two different concepts, though, and you keep conflating them because you really don't know what you're talking about.

I'm guessing that Secrets is referring to using OllyDump to get the bytecode and then translating that into assembly and then into C++. This would be a pretty big pain in the ass, but it's entirely possible for someone to use any number of programs to obtain the bytecode being executed and work from there. Someone who is used to reading x86 wouldn't have too much trouble with that.

To re-iterate, though, any code in the dll would have to hijack the Everquest process in order to do things like read web browser information, and this would be picked up very easily by any AV/anti-malware programs as Ostros mentioned.



I can smell the mad through my own computer.

It's funny that you say my posts are irrelevant when you've been adding nothing but uninformed bullshit to the conversation.

Also, "asm" typically refers to assembly, and assembly is most definitely a language. "asm" is a keyword in C that allows someone to implement a function using assembly, which is why it's used as shorthand for "assembly language". Good job on doubling down on your stupidity.

Go to IBM and tell them you want to "program" for them with ASM, and that is your only expertise with a "language". Watch the horrific cringe and no followup interview.

Thank you for reinforcing and agreeing with me that ASM is absolutely not a programming lanugage in any way shape or form.

And good job doubling down on your off-topic derail.

he thinks it's easier than it is (getting reasonable C++ code from byte code is just... not gonna happen buddy :)).


I didn't mean to give the impression that's it's easy. Translating assembly to a higher level language requires a good deal of creativity and interpretation, but it's not a skill that's limited to a handful of people. There are entire communities out there full of people who reverse engineer code, especially when it comes to videogames.

However, I agree with your earlier statement that expecting the P1999 community to do this is unreasonable. Secrets presents it as a trivial matter, even though someone with experience would still have to spend a non-trivial amount of time working out the actual code from the mass of assembly.

Go to IBM and tell them you want to "program" for them with ASM, and that is your only expertise with a "language". Watch the horrific cringe and no followup interview.

Thank you for reinforcing and agreeing with me that ASM is absolutely not a programming lanugage in any way shape or form.

lol (https://www.linkedin.com/job/ibm/embedded-software-developer-jobs/)

And good job doubling down on your off-topic derail.

The irony of this is that you're the one who drove the conversation on a tangent when you started spouting bullshit about the NSA. In fact, the conversation was effectively finished with Ostros' post regarding AV/Anti-maleware. Of course you had to butt in and start pontificating on matters you know virtually nothing about.

However, I agree with your earlier statement that expecting the P1999 community to do this is unreasonable. Secrets presents it as a trivial matter, even though someone with experience would still have to spend a non-trivial amount of time working out the actual code from the mass of assembly.

Here's some common ground between you and Azzar as well. Not sure why you're at each other's throats. The difference of opinion you have seems small to me. I guess because R&F? :D

Nevermind, kill each other! Fight!

To re-iterate, though, any code in the dll would have to hijack the Everquest process in order to do things like read web browser information, and this would be picked up very easily by any AV/anti-malware programs as Ostros mentioned.



Mmmmhmmmm. Most AV are detecting the .dll and prompting action for some years now. The advice from P99 and the community for the past 5 odd years or so has been to ignore the AV and add it to your AV ignore list.

So relevancy? You propose AV hasn't already been a problem in the past or present with regards to P99 custom files. So who's the ass again? How long have you been in the community, I wonder now? You don't seem aware of the fact AV has already been a problem with P99 custom files.

lol (https://www.linkedin.com/job/ibm/embedded-software-developer-jobs/)



The irony of this is that you're the one who drove the conversation on a tangent when you started spouting bullshit about the NSA. In fact, the conversation was effectively finished with Ostros' post regarding AV/Anti-maleware. Of course you had to butt in and start pontificating on matters you know virtually nothing about.

Mmhmm, ASM is still not a "programming language." You towed the line for Secrets, Ostros, and other smoke blowers. I centered the discussion on more transparency and you went with technicality and distraction to detract from the privacy issue.

How about the fact you demonstrated that you are completely oblivious to the AV problem? Seems you have just been posting out of your ass all this time in an effort to derail. Wondering who the ass is again?

Mmmmhmmmm. Most AV are detecting the .dll and prompting action for some years now. The advice from P99 and the community for the past 5 odd years or so has been to ignore the AV and add it to your AV ignore list.

So relevancy? You propose AV hasn't already been a problem in the past or present with regards to P99 custom files.

The detection of a foreign dll and an actual process hijacking are two separate events. Not only would the AV/anti-malware warn someone of a foreign dll, but it would also catch the process being hijacked if the dll was actually doing so. The issue you refer to lies in the former category, whereas Ostros was talking about the latter category.

I wonder what you're going to get wrong next.

Mmhmm, ASM is still not a "programming language." You towed the line for Secrets, Ostros, and other smoke blowers. I centered the discussion on more transparency and you went with technicality and distraction to detract from the privacy issue.


It is definitely a programming language. Most people even call it "assembly language" (see Wikipedia). In any case, this is not relevant other than to say "I know something you don't know."


How about the fact you demonstrated that you are completely oblivious to the AV problem? Seems you have just been posting out of your ass all this time in an effort to derail. Wondering who the ass is again?

Yes, this is a valid point and should be taken into account. It shows that having AV installed is not the end of the story here.

The detection of a foreign dll and an actual process hijacking are two separate events.

I'm not sure if I agree with you. In what sense are those two events separate?

The detection of a foreign dll and an actual process hijacking are two separate events. Not only would the AV/anti-malware warn someone of a foreign dll, but it would also catch the process being hijacked if the dll was actually doing so. The issue you refer to lies in the former category, whereas Ostros was talking about the latter category.

I wonder what you're going to get wrong next.

Mmmhmm. Who said anything about process hijacking? Who is concerned about process hijacking?

I am concerned about process scanning. The P99 community at large is mostly concerned about process scanning.

I wonder what made up fictional concerns and strawmen distraction you are going to create next?

Mmhmm, ASM is still not a "programming language."

An assembly language is a low-level programming language for a computer, or other programmable device, in which there is a very strong (generally one-to-one) correspondence between the language and the architecture's machine code instructions. (https://en.wikipedia.org/wiki/Assembly_language)

You towed the line for Secrets, Ostros, and other smoke blowers. I centered the discussion on more transparency and you went with technicality and distraction to detract from the privacy issue.

You didn't even do that. Alaron did, long before you started spouting nonsense. However, he could actually comment on the context of the situation because he has technical knowledge, whereas you're just going full-tinfoil without any understanding of the actual topic at hand.

How about the fact you demonstrated that you are completely oblivious to the AV problem? Seems you have just been posting out of your ass all this time in an effort to derail. Wondering who the ass is again?

I already responded to your point regarding the antivirus warnings about a foreign dll file. However, now we're stuck in a double-post cycle where we're responding to one another's earlier post before seeing the second.

Oh, wait, here we go:

Mmmhmm. Who said anything about process hijacking? Who is concerned about process hijacking?

I am concerned about process scanning. The P99 community at large is mostly concerned about process scanning.

I wonder what made up fictional concerns and strawmen distraction you are going to create next?

Why don't you read the actual thread content? If you had followed the conversation between myself, Ostros, and Alaron, then you would have seen us discussing how swapping a dll could lead to it obtaining information on unassociated processes. This would require the code in the dll to hijack the Everquest process and inject other code into the web browser (or whatever it's trying to access). This is where the topic of process hijacking originates from.

I'm not sure if I agree with you. In what sense are those two events separate?

The antivirus software detects a foreign dll file simply by virtue of that dll file having been modified by a third party. However, if the code in that dll file were to, say, try to grant the Everquest process administrative privileges when the program was clearly not designed to do so, wouldn't there be an additional warning or intervention by the antivirus software?

It is definitely a programming language. Most people even call it "assembly language" (see Wikipedia). In any case, this is not relevant other than to say "I know something you don't know."


Maybe in the 1980s it was appropriate to refer to assembly as a "programming language" Keyword being "programming". I never said ASM was not a language.

In 2015, I think referring to it as a programming language is not precisely accurate. I guess machine code should be referred to as a programming language according to you guys as well. To each his own, I personally won't be hearing anyone in my life or myself refer to ASM as a "programming language."

If you bring some guys in to work with ASM on a project, 9 times out of 10 they aren't doing the real programming of the project. They are there for a very narrow scope of work to help the actual programmer, but can it be said that the ASM temps are programming? I guess...I just happen to call it tech support.

I won't give ASM any acknowledgement as a programming language. Its a language, and that's it.

https://s-media-cache-ak0.pinimg.com/236x/70/c5/b1/70c5b14312d1f7ad0289931534ac315c.jpg

Maybe in the 1980s it was appropriate to refer to assembly as a "programming language" Keyword being "programming". I never said ASM was not a language.

In 2015, I think referring to it as a programming language is not precisely accurate. I guess machine code should be referred to as a programming language according to you guys as well. To each his own, I personally won't be hearing anyone in my life or myself refer to ASM as a "programming language."

If you bring some guys in to work with ASM on a project, 9 times out of 10 they aren't doing the real programming of the project. They are there for a very narrow scope of work to help the actual programmer, but can it be said that the ASM temps are programming? I guess...I just happen to call it tech support.

I won't give ASM any acknowledgement as a programming language. Its a language, and that's it.

http://i.imgur.com/6VBG3of.gif

i just wanted you all to know im filing a lawsuit for damages to my car and my gpu which was irrepairably damaged by this dll

also this stalking and constant phone calls have to stop. for the last time, i dont believe in credit card debt so please stop asking

enjoy ur sue

Why don't you read the actual thread content? If you had followed the conversation between myself, Ostros, and Alaron, then you would have seen us discussing how swapping a dll could lead to it obtaining information on unassociated processes. This would require the code in the dll to hijack the Everquest process and inject other code into the web browser (or whatever it's trying to access). This is where the topic of process hijacking originates from.


Mmmhmm. Are you familiar with Blizzard Entertainment's version of this type of snooping? Or SOE's that was pulled from the project back in 2001-2002 I believe.

Rather than run covertly, Blizzard has the executable "Warden.exe" run on your computer alongside Starcraft, Diablo, and WoW as well I believe (can't confirm WoW). Google warden.exe and get educated on the vast history of snooping and detection.

AV has never detected warden.exe as malicious despite the fact it is exactly similar to what SOE was trying to do in 2001-2002. So not sure what this AV argument is about, looks like another derail.

The antivirus software detects a foreign dll file simply by virtue of that dll file having been modified by a third party.


I suppose it could. It would need to index and checksum every DLL on the computer... is that why it's so damn slow? I haven't read much about AVs.


However, if the code in that dll file were to, say, try to grant the Everquest process administrative privileges when the program was clearly not designed to do so, wouldn't there be an additional warning or intervention by the antivirus software?


http://stackoverflow.com/questions/14553610/is-it-possible-for-one-process-to-inject-code-into-another-without-administrativ

See Oleg's answer for one method. Would there be a warning for that? Not sure, probably depends on the AV.

Mmmhmm. Are you familiar with Blizzard Entertainment's version of this type of snooping? Or SOE's that was pulled from the project back in 2001-2002 I believe.

Rather than run covertly, Blizzard has the executable "Warden.exe" run on your computer alongside Starcraft, Diablo, and WoW as well I believe (can't confirm WoW). Google warden.exe and get educated on the vast history of snooping and detection.

AV has never detected warden.exe as malicious despite the fact it is exactly similar to what SOE was trying to do in 2001-2002. So not sure what this AV argument is about, looks like another derail.

This is my take on the situation and how I approached this issue earlier:

Blizzard wrote the entire program. When you install one of their games, you also grant it access privileges using the host's administrative account. This means that Blizzard was capable of programming the installation procedure to request the privileges needed to bypass the protection measures afforded by the process control block in order to scan the RAM. This also means that the antivirus did not detect the scanning because that was what the program was supposed to be doing, considering that the host administrator approved the installation of the program and by extension, the capability for Warden to access the information it could.

Rogean and his crew, on the other hand, are not capable of doing this with the EverQuest Titanium client. They are only able to swap in a dll file. When the Everquest Titanium client installs, it is granted access privileges in order to run, which typically involve access to stuff like the current working directory and maybe a "my games" folder in the User's My Documents folder. If Rogean were to program some kind of malicious scanning capability into his code, it would require the eqgame process to obtain privileges outside of those granted to it at installation, which would require it to somehow access the administrative account. This is what would be detected by an antivirus program.

https://s-media-cache-ak0.pinimg.com/236x/70/c5/b1/70c5b14312d1f7ad0289931534ac315c.jpg

Perfect

Go to IBM and tell them you want to "program" for them with ASM, and that is your only expertise with a "language". Watch the horrific cringe and no followup interview.

Thank you for reinforcing and agreeing with me that ASM is absolutely not a programming lanugage in any way shape or form.

And good job doubling down on your off-topic derail.

I've had job offers at IBM. I turned them down because I have a job already.

Of course it's not a programming language. It's an instruction set type. 'asm' is short for x86/x64 assembler due to the keyword in C.

It's not a programming language, but that doesn't mean it's unreadable. If it was unreadable then EQEmulator wouldn't be a thing and your programs wouldn't run.

Please look how object files are generated; you might learn a thing or two.

And to those calling a ".dll" different than an ".exe", the only difference is their PE header flags that specify how the module should be loaded. You could manual map a binary file and have it loaded as an fyi.

See: http://www.codeproject.com/Tips/430684/Loading-Win-DLLs-manually-without-LoadLibrary

I suppose it could. It would need to index and checksum every DLL on the computer... is that why it's so damn slow? I haven't read much about AVs.

That's a good question. I would figure that it would index the file when it's created in the system, i.e. at installation. Then it would not have to index the entire system at one time? It might use pre-existing indexes. If this were the case, then a block of indexes would be created at the same time when a program is installed. Maybe it just checks the dll files against the other files in the installation path? If an individual dll file or multiple files were altered by a third party, then they would have different modification dates. On the other hand, if an official patch were released, it might modify the entire set of dlls associated with the program.

I've had job offers at IBM. I turned them down because I have a job already.

Of course it's not a programming language. It's an instruction set type. 'asm' is short for x86/x64 assembler due to the keyword in C.

It's not a programming language, but that doesn't mean it's unreadable. If it was unreadable then EQEmulator wouldn't be a thing and your programs wouldn't run.

Please look how object files are generated; you might learn a thing or two.

And to those calling a ".dll" different than an ".exe", the only difference is their PE header flags that specify how the module should be loaded. You could manual map a binary file and have it loaded as an fyi.

See: http://www.codeproject.com/Tips/430684/Loading-Win-DLLs-manually-without-LoadLibrary

Yes! Thank you Secrets, I am forever in your debt. These nerds had me up against the ropes for a minute.

And about the "decompiling" or what not of a .dll, I get it. Its just unreasonable to assume anyone will spend the hours or has the ASM neckbeard to make sense of it. RedGuides has no idea what they were talking is something everyone can agree on I think.

Champion_standing and Bruno, go eat dirt.

simp403, go pound sand.

Alaron01, ask and you shall be forgiven.

Alaron01, ask and you shall be forgiven.


Not that I really care, but... https://en.wikipedia.org/wiki/Low-level_programming_language

... Does it really matter what you call it if you know what it does? ...

I will take the forgiveness anyway. :)

One thing is 100% clear.

All 3 of you are virgins.

Yes! Thank you Secrets, I am forever in your debt. These nerds had me up against the ropes for a minute.

Lol, he's wrong, though. An assembly language is a low-level programming language such as ARM or x86. An instruction set type would be CISC or RISC, not x86. I can see that you're desperate to find an exit from this conversation, though.

Not that I really care, but... https://en.wikipedia.org/wiki/Low-level_programming_language

... Does it really matter what you call it if you know what it does? ...

I will take the forgiveness anyway. :)

Lets just agree there is programming language, and then there is programming language.

In colloquial speak, I'm not comfortable with ASM being given the title "programming language". I have to stop there this could go on for several pages if Secrets somehow gets baited into this semantic/misnomer war. The joke I cracked earlier pretty much summed it up about machine code being a "programming language" too :rolleyes:

Kthx forgiven.

One thing is 100% clear.

All 3 of you are virgins.

We all play on an emulation server for a 16-year-old MMO. That probably should have been your first hint.

lol



I posted reading materials that clearly back up what I was saying and you accuse me of not reading?



What does that even mean?



I'm trying, but you're too cute.


Here let me spell it out for you: They actually don't back you up. In fact the second link goes directly against what you said. Therefore, you can't fucking read.

Why do any of you idiots think you need to inject code into the web browser to look at your browsing habit when you can for example just open the sqlite database that is nicely stored for you by your browser?

Stop sperging

Why do any of you idiots think you need to inject code into the web browser to look at your browsing habit when you can for example just open the sqlite database that is nicely stored for you by your browser?

Because most of the people in here are havin' a giggl pretending to be smart.

Here let me spell it out for you: They actually don't back you up. In fact the second link goes directly against what you said. Therefore, you can't fucking read.

Since you are so incapable I will extract the relevant information out of the link in a last ditch attempt to smash it into your dense skull.

Both files are PE files. Both contain the exact same layout. A DLL is a library and therefore can not be executed. If you try to run it you'll get an error about a missing entry point. An EXE is a program that can be executed. It has an entry point. A flag inside the PE header indicates which file type it is (irrelevant of file extension). The PE header has a field where the entry point for the program resides. In DLLs it isn't used (or at least not as an entry point).

One minor difference is that in most cases DLLs have an export section where symbols are exported. EXEs should never have an export section since they aren't libraries but nothing prevents that from happening. The Win32 loader doesn't care either way.

Other than that they are identical. So, in summary, EXEs are executable programs while DLLs are libraries loaded into a process and contain some sort of useful functionality like security, database access or something.


I was saying that if your DLL is loaded and its DLL main function is called, it's functionally equivalent to an executable. QED, no more room for arguing, shut the fuck up, go home. If you can't make the connection at this point you are either full-blown retard or had no idea what you were talking about to start with.

Or here is another way, look at the DNS cache.

This thread is sad.

# posts by user in this thread is directly proportional to user weight

Why do any of you idiots think you need to inject code into the web browser to look at your browsing habit when you can for example just open the sqlite database that is nicely stored for you by your browser?

Regardless of how it does it, the process running EQ would still need access privileges that it doesn't have in order to access this kind of information.

Since you are so incapable I will extract the relevant information out of the link in a last ditch attempt to smash it into your dense skull.



I was saying that if your DLL is loaded and its DLL main function is called, it's functionally equivalent to an executable. QED, no more room for arguing, shut the fuck up, go home. If you can't make the connection at this point you are either full-blown retard or had no idea what you were talking about to start with.

FINALLY.

I've been waiting for this.

And I quote:

The only difference between an executable and a DLL is that an executable contains an entry point. If a DLL is having its DLL main executed then it is, for all practical purposes, an executable. Did you know you can load an executable as a DLL as well?

Did you know you fucking can't? C# and Python are both programming languages that work and compile by entirely different methods. But yeah other than that they're completely identical :v.

Sound dumb? It should.

There is no bit of information in your links or in ANY of your posts that implies you can do that. That an .exe and a .dll have functional similarities is irrelevant. Next you'll you tell me I can run programs by clicking on a .dll file.

From your second link:

EXE:

It's a executable file
When loading an executable, no export is called, but only the module entry point.
When a system launches new executable, a new process is created
The entry thread is called in context of main thread of that process.
DLL:

It's a Dynamic Link Library
There are multiple exported symbols.
The system loads a DLL into the context of an existing process.

Again, similarities are irrelevant here. They both have their uses and functions, and a .dll can't be used for malicious purposes without causing your AV programs to go ballistic.

So for the context of this thread, you're not only full of shit, but just flinging around your vague understanding of file extensions and what they mean in an attempt to save face. I leave you to double back over your sources to figure out why. QED indeed you actual moron.

You don't have a clue what you are talking about, it doesn't need any special access privileges. It will have the same permissions as the user who started it. Guess what, you have the permission to access that file.

Above post in response to simp. No edit.

You don't have a clue what you are talking about, it doesn't need any special access privileges. It will have the same permissions as the user who started it. Guess what, you have the permission to access that file.

This is true, but all outbound communications need to be cleared regardless, this is why it asks you to allow access when you first start the game. BUT this only applies to the game. If it tries this with any other program, it should gain your AV's attention rather quickly.

FINALLY.

I've been waiting for this.


Oh goody.



Did you know you fucking can't? C# and Python are both programming languages that work and compile by entirely different methods. But yeah other than that they're completely identical :v.

Sound dumb? It should.


It does because it's completely irrelevant.


There is no bit of information in your links or in ANY of your posts that implies you can do that. That an .exe and a .dll have functional similarities is irrelevant. Next you'll you tell me I can run programs by clicking on a .dll file.


I said if the DLL is loaded then it has an entry point called DLL main. Soooo... the qualifier there is IF it's loaded.... it's functionally equivalent... I never claimed anything else. Can you connect the dots?


Again, similarities are irrelevant here. They both have their uses and functions, and a .dll can't be used for malicious purposes without causing your AV programs to go ballistic.


You have a lot of faith in your AV programs :rolleyes:


So for the context of this thread, you're not only full of shit, but just flinging around your vague understanding of file extensions and what they mean in an attempt to save face. I leave you to double back over your sources to figure out why. QED indeed you actual moron.


The funniest thing is this is exactly what you're doing! lol. The only thing you've done that demonstrates anything beyond a vague understanding of file extensions is a completely irrelevant comment about C# and python. You're full of hot air and you don't know when to shut up.

Lookit those mental gymnastics.

How could you tell if the eqgame.exe process was accessing your web browser's DNS cache?

Rogean drained my bank accounts.

Lookit those mental gymnastics.

Why are you angry again?

Enough big boy computer words, did Secrets get caught fibbin' or not?

Enough big boy computer words, did Secrets get caught fibbin' or not?

As with any proper discussion about computers or software, it pretty much broke down into a bunch of individual spats over semantics.

As with any proper discussion about computers or software, it pretty much broke down into a bunch of individual spats over semantics.

This was literally my only problem. Greengrocer over there needed to be called on his bullshit.

I don't care what it is to be honest. I'm self taught and I can read x86 ASM. Pretty much all that matters

And yes CISC/RISC is a type. Let's stop playing semantics and just agree that rmtsite is trying to save face by lying because they're selling virtual items in a 15 year old elf simulator instead of having actual jobs.

Dump the DLL and reverse it yourself if you're so concerned. I know what it does and I am not concerned.

You mean the dll that's been obfuscated with Themida? That dll?

You haven't seen the source nor will 99% of the rest of this community be able to "dump and reverse it", but you know that.

Regardless of how it does it, the process running EQ would still need access privileges that it doesn't have in order to access this kind of information.

The average Windows user just uses the Administrator-rights account because they are 'lazy and don't want to use UAC prompts'.

Admin rights Windows users have access to all that information provided they're running at the same elevation level as the process in question.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms686701%28v=vs.85%29.aspx

# posts by user in this thread is directly proportional to user weight

Posts: 884

Confirmed Fat.

that title change.

Let's stop playing semantics and just agree that Redguides is trying to save face by lying because they're selling virtual items in a 15 year old elf simulator instead of having actual jobs.

Pretty much. I think that much was settled on a while back.

Posts: 884

Confirmed Fat.

He was talking about how many posts each person has in this thread only.

So Redguides is putting tinfoil theories out because anti RMT measures have been so effective recently? Great work Rogean et al! Doesn't change the fact that you allowed Nizzard to run Nihilum as an RMT scheme for two years but it does give me hope for the future. Back then, there wasn't a need to keep Daybreak happy. Now there is, so hopefully future servers will be legit.

eh if secrets can hack the gibson to examine the anticheat I'd bet the redguides staff can too.

pick both or neither

Yep if Redguides staff is engineering a new mq compile every time there's a patch, they can certainly provide prof of NSA activity.

check the garbage folder

http://i.imgur.com/rwnOtuo.png

Yep if Redguides staff is engineering a new mq compile every time there's a patch, they can certainly provide prof of NSA activity.

Redguides doesn't need to generate new offsets every patch. They have a working titanium compile which doesn't need updating.

Rogean doesn't give you a big message on your screen when you're being caught like Dennis Nedry from Jurassic Park.

http://i.ytimg.com/vi/aNLx0fM-oQg/hqdefault.jpg

check the garbage folder


http://i58.tinypic.com/15d2no4.gif

I personally spent two days going over a 3GB mysql log BY HAND for any signs of anomolies.

I still want to know how one goes through a MySQL log "by hand". Does he print out 3GB worth of information and use a magnifying glass?

I still want to know how one goes through a MySQL log "by hand". Does he print out 3GB worth of information and use a magnifying glass?

Broke his mouse scrolling.

As with any proper discussion about computers or software, it pretty much broke down into a bunch of individual spats over semantics.

Consequences will never be the same. Many parties were left devastated, with only a flimsy cease-fire to show for it. Some to the infirmary, others to the morgue.

Secrets hold my hand.

Naw, it probably goes something like

If: web browser says "cuckhold", send site login information to Rogean.

Else: send bank account info and install ransomware.

:)

anyone who does decent penetration testing will be able to

Why are you angry again?


I like how you're so self absorbed that you think I've been anything but :rolleyes: or better this whole time.


Come back. I need your hot hot pseudo-intelligence. This thread is really boring without you discussing tertiary subjects in a thread about a non-issue with a .dll.

I like how you're so self absorbed that you think I've been anything but :rolleyes: or better this whole time.


Come back. I need your hot hot pseudo-intelligence. This thread is really boring without you discussing tertiary subjects in a thread about a non-issue with a .dll.

:rolleyes:

:rolleyes:



http://puu.sh/kT1LJ/677d3cc0f1.gif

Everyone is so quick to dismiss this as false. But I do remember a time when playing P99 I did not have to disable my anti-virus to stop it from quarantining .dll file.

Then there is this response from a community legend. lol..

#2 Old 09-06-2014, 06:06 PM
Derubael Derubael is offline
Retired GM



Join Date: Aug 2013
Location: Cabilis East, in the northwest corner of the zone-in from Field of Bone
Posts: 5,032
Default

--------------------------------------------------------------------------------

Lyra - I copied your post into it's own brand new thread b/c I thought you did a good job of explaining this. I'd like to add this as well:


Quote:
Originally Posted by KOOLLAYD View Post
I just wanna know if it alters anything on your computer or changes anything to install anything in the background or if it just runs and pings simply because of how it was coded or what. It's reason or purpose doesn't doesn't bother me. If I seriously thought something wasn't on the level I'd have not even bothered to ask. I'd kept it moving. Since I am new I can't judge based on the last 5 years since I wasn't here. That's why I am asking you guys.

dsetup.dll doesn't modify any of your files, doesn't let us read your files, doesn't destroy your registry. It doesn't give us any kind of hands on access to your computer. It's there to detect cheats like Macroquest and ShowEQ so that we can have a truly hack free server. As a poster explained above, it is likely that someone submitted it to a (crappy, lazy) virus database and they filed it in the "well it does something but we can't be arsed to figure out what" section of their DB. So now it's going to flag on certain virus scanners.

I'm told a number of high end scanners like Kaspersky's (read: Mcaffee, Norton, are horrible at virus protection. Biggest scam in the industry IMO. AVG is good but since a lot of their business is free I'm betting they don't have the staff to check for false-positives like this and remove them).

For the longest time this file didn't get picked up on any scanner (~4ish years) and no one has ever reported it doing anything malicious to their computer. This leads me to believe the "someone submitted it" theory, possibly to try to thwart Project 1999 (Disclaimer: I'm pulling this out of my ass, but it makes sense). The DLL literally has not been touched in forever, so it's not like we added something in that would make it start getting flagged as malicious.


Quote:
Originally Posted by myriverse View Post
Much easier to get a better antivirus program. The better ones do not mistake it for a virus.

^ Kaspersky's if you're a savvy computer user, Webroot if you're not. If you really don't want to pay, AVG - but you'll have to add an exception for this file (as you stated in your OP). Spybot/adaware/malwarebytes as well, if you're not careful about the websites you visit (your computer is likely bogged with malware/adware/spyware, even if you dont know it; people in the IT field deal with this on a daily basis), you'll need these programs.

In order to circumvent the DLL flagging, simply disable your anti-virus software and re-enable it after launching EQ. This shouldn't be required with better scanners.
Last edited by Derubael; 09-18-2014 at 06:10 PM..

Around the time P99 got better act detecting is when .dll starting getting flagged..

/tinfoilhaton

We weren't quick to dismiss it as false. We spent 18 pages tearing apart the bullshit they released on their site. Did you bother reading any of it?

> Around the time P99 got better act detecting is when .dll starting

Where did you get the idea that "P99 got better detecting" around this time?

Look at previous thread links to staff banning 400+ accounts around those months. If you go back and read you can see a huge spike in staff going on about banning accounts and when the .dll started getting flagged by anti-virus when it had not before.


#1 Old 03-23-2014, 01:45 PM
Daysprung Daysprung is offline
Aviak



Join Date: Nov 2013
Posts: 55
Default The official RMTer Goodbye P1999 Thread

--------------------------------------------------------------------------------

So I'll be the first to start this thread up. There are 400 of us so should be a popular thread

I bought a Fungi Tunic from Platlord back in January for my Monk "Mylee". So beware if you think he got out of this unscathed. Mentioning names to keep future people safe since honestly this sucks the big one. Over 50 RL days of work flushed away.

But I would do it again. I would do it again, including the RMT, in a heartbeat. It made the game more playable during a time when I didn't think I could handle leveling up a new character due to time constraints. This game is amazing and brought me back to a time in my youth that I truely enjoyed. These days I dont have the same time to put in that I did back then but I do have a whole lot more money, so you can see the allure

I wish p1999 the best, thanks to the staff for making this experience possible. Eunomia in particular was a great person to deal with. Derubael, thanks for humoring my last attempt at getting my account back. Sirken, your streams were fun to watch and I enjoyed your DT's in Sebilis.

Goodbye to all my friends and guildies as well, sorry for the wasted time in helping me and I'm sorry I wont be there with you guys in the future but it was fun while it lasted. I think most people will have lost friends in this ban wave (600 characters, hard to imagine anyone not losing someone they knew) so lets all say goodbye.

Fairwell p1999!

- Daysprung (60 Cleric), Mylee (55 Monk) , Deciderius (BANK MULE)


It could be a massive coincidence.. Just saying..

What "previous thread" are you referring to? Can you please provide a link instead of copy-pasting a contextless wall of text?

Also, if you're only going by that guy's word for the "400 people banned" claim, then I would say that I don't really consider him a reliable source.

my face when rogean and friends and using ever user logged to project1999 eqemu servers as bitcoin miners.

http://static2.businessinsider.com/image/521f627cecad04e62eff5329/report-brilliant-snowden-digitally-impersonated-nsa-officials.jpg

Jesus, this again?

this thread is A+ .... learning so much from this.

Pedo bear has arrived

Hey all just posting in a legendary thread.

Pedo bear has arrived

reported again.... this is about 4 on you now . loser

reported again.... this is about 4 on you now . loser

Reported for RL attack

Reported for RL attack

nice try loser....

nice try loser....

And again, 2 times now.

Correct description, all I remember about Wizing was an unhealthy obsession with the leaderboard.

What a lowlife.

I hope this nurga sees everything I do on the computer

So is our shemale porn safe or not??

So is our shemale porn safe or not??

Don't worry, only the NSA has your pornography history.