Project 1999

Go Back   Project 1999 > General Community > Rants and Flames
Reload this Page RMTers discuss P1999 dsetup.dll "includes some NSA-level intrusive scans on your PC"
Home Forums Register Members List Today's Posts

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 10-19-2015, 10:42 PM
Alaron01 Alaron01 is offline
Large Rat


Join Date: Sep 2010
Posts: 6
Default
Quote:
Originally Posted by simp403 [You must be logged in to view images. Log in or Register.]
So how could the EQClient executable access information outside of the access privelages it is granted when it's installed on the system? Swapping out a .dll file won't change these, meaning that P1999 can only access data within the process's allotted memory, in the locations on secondary storage specified by said access privelages, and data that is shared with the process by other processes it interacts with.

So how would the addition of a .dll file allow the EQClient to grab data from the web browser, which is an entirely separate process that does not interact with it whatsoever? How does this executable suddenly get full access to the file management system simply through the addition of a dll? Can someone please let me know if this is possible? I knly just graduated from Comp Sci, but all of these claims seem to be full of shit to me. Am I missing something here?
Here's where to start: https://en.wikipedia.org/wiki/DLL_injection

It usually involves more than just swapping out a DLL. It's easiest to have an executable that can do the injection (see bullet point #3 in the wiki for how-to).

Once you can get another process to load your DLL, then your DLL main function will be called. This is where the process that's being injected into loses all control, and this is precisely why a detection mechanism for cheating would target foreign DLLs. An attacker can have all kinds of fun in here since they are executing in the other process' address space.

So, rough sketch of how P1999 staff could theoretically make your EQClient grab data from your web browser:
1) Inject a DLL into EQClient through the launcher.
2) Now the DLL main function will get called by EQClient. They put the code for DLL injection into the DLL that's being injected though! So now this DLL main will make EQClient inject the very same DLL into your web browser. If you are feeling fancy (or kinky) you could do something like hooking the function for receiving tells and trigger this to happen only when "gay elf love" is contained in the text.
3) The same thing happens inside the web browser except it starts snapping screenshots. Hide yo kids, hide yo wife.

The claim that it's possible is not full of shit.. I wouldn't miss any sleep over worrying about it though.

PS: I see you've worked out more of this while I wrote this post. Cool. Gonna post it anyway in case you find something interesting.
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 01:28 AM.

Privacy Policy - Project 1999 - Classic Everquest - Archive - Top

Everquest is a registered trademark of Daybreak Game Company LLC.
Project 1999 is not associated or affiliated in any way with Daybreak Game Company LLC. 		Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.