Quote:
Originally Posted by Supreme
[You must be logged in to view images. Log in or Register.]
It is not even that complex. At the core, Macroquest deciphers packets for the client from the server that would normally not be displayed.
You can figure out how it is dedected from there.
|
Macroquest doesn't physically touch/modify packets.
Macroquest hooks into the actual Memory EQGame.exe uses.
ShowEQ reads packets. However, Project1999 encrypts certain portions of the packets and payloads. Thus why you don't get full working Maps and spawn names are garbled (Less you can decrypt them, which I doubt is very hard).
The two ways for detection is that Roegan has a dll that reads the same memory that eqgame.exe and checks for additional hooks and compare expected results. Second is to purposefully send a malformed packet and watch for people to go LD (Macroquest expecting a struct with 18bytes, gets one with 24 bytes.... blargh it CTDs).