Project 1999
Page 3 of 9 12 3 45 Last »
Show 10 post(s) from this thread on one page

Project 1999 (/forums/index.php)
-   Technical Discussion (/forums/forumdisplay.php?f=40)
-   -   dsetup.dll is setting off malware alert (/forums/showthread.php?t=156044)

Grimjaw 07-04-2014 12:43 AM
Quote:
Originally Posted by abacab-101 (Post 1522134)
The file is obfuscated, and has two anti-cracking methods put into place; the first is the encryption and the block against .NET Reflector editing, it jumbles up the text and actively block compilers there are ways around that but I won't post that here.

The second is when it's edited a Project1999 pop-up comes up that says "this file has been corrupted, modified, and changed" as well as the DLL-2 error that pops up; the trick here is to maintain the file integrity and size; since most of the file has bullshit hex for filler (the lines upon lines of CC CC CC CC CC and 00 00 00 00 00) that must be maintained to keep the file from being rejected by the p99 client.

DLL has been cracked it's not hard at all.
so what does it do then lol? U can read pcode?

abacab-101 07-04-2014 12:49 AM
Quote:
Originally Posted by Grimjaw (Post 1522149)
so what does it do then lol? U can read pcode?
1. It's a callback
2. It causes an overflow on third-party programs, when you D/C it flags you because it sends out bad packets that the server then collects from your client; since MQ2 can't function well when the dsetup.dll is running at x100000 as opposed to the normal x0200 of eqgame.exe it disconnects the moment your character hits the world and reads the very first packet.

abacab-101 07-04-2014 01:37 AM
P99's handle:
eqgame.exe (5556), DLL, C:\p99\dsetup.dll, 0x10000000

Normal handle:
eqgame.exe (5556), DLL, C:\everquest\dsetup.dll, 0x02000

abacab-101 07-04-2014 01:38 AM
MQ2 reads 0x02 as that is what the client normally pushes, since p99 puts out 0x10 MQ2 cannot handle it and disconnects, thus the flagging occurs.

phiren 07-04-2014 10:11 AM
For the record, I don't think DSETUP.DLL is a big conspiracy to steal information on my computer.

I'm probably part of a minority of people who play on a machine where I have no control over my anti virus settings.

So -- if the devs feel that what they did is fine, and it's McAfee + other anti virus just being lame (which I completely agree with actually)... then that's fine.

I just wanted to bring it to the attention in the hopes that maybe the Devs can find an alternative.

~Phiren

lvpa 07-09-2014 02:15 AM
AVG just picked this up. It was odd because I hadn't done anything for like an hour, was just sitting afk, and it popped up.

Should I let AVG remove it? It's already quarantining it and not giving me the option to leave it alone; the options are quarantine or remove completely.

Ambrotos 07-09-2014 04:27 AM
then you won't be able to play on the server. It isn't a virus

lvpa 07-09-2014 04:40 AM
Quote:
Originally Posted by Ambrotos (Post 1526887)
then you won't be able to play on the server. It isn't a virus
I know; I'm saying AVG didn't give me a choice, it was either delete or quarantine; both amount to the program becoming inaccessible.

Ambrotos 07-09-2014 05:57 AM
Derubael made a good post on the first page I think. Just switch scanners, and don't deal with avg.

Argh 07-09-2014 06:07 AM
Malwarebytes


All times are GMT -4. The time now is 04:51 AM.
Page 3 of 9 12 3 45 Last »
Show 10 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.