RMTers discuss P1999 dsetup.dll "includes some NSA-level intrusive scans on your PC" - Page 5

Man0warr · #1 10-19-2015, 05:26 PM

It doesn't, which is what Rogean and Secrets are saying. Unless the browser somehow interacted with the EQ executable.

dafier · #2 10-19-2015, 05:33 PM

So. If you try to read what's in your local mem space, it will start a logging process? Or is it modify only?

simp403 · #3 10-19-2015, 10:19 PM

Quote:

Originally Posted by dafier [You must be logged in to view images. Log in or Register.]

So. If you try to read what's in your local mem space, it will start a logging process? Or is it modify only?

Every process is allotted a portion of memory it can use at runtime. This process cannot access the memory space of any other process by virtue of the process control board unless specifically allowed to do so. When you ask can "you" read, do you mean you as a user accessing the memory? It's definitely possible to grab the data in memory, but from what I've seen, a number of games, usually MMOs, have code built in that detects if you access its process memory and will kick you. This is implemented to help combat botting and I know ArcheAge had something like this in place.

Oleris · #4 10-19-2015, 05:39 PM

the best part of the thread was secrets arguing with clayton (last name here) on the FB page.

Secrets · #5 10-19-2015, 06:03 PM

Quote:

Originally Posted by Oleris [You must be logged in to view images. Log in or Register.]

the best part of the thread was secrets arguing with clayton (last name here) on the FB page.

[You must be logged in to view images. Log in or Register.]

simp403 · #6 10-19-2015, 10:28 PM

Sorry for the double post. To clarify, I'm pretty sure you can still write a program that accesses the process memory of another process. This is what MQ does from what I gather. However, the process whose memory is being access can see what other processes are interacting with it, which is how I think anti-cheat measures are created to combat things like client-side hacking and grabbing or altering the game's memory.

This is what I believe Rogean's code does: it detects whether or not another program is accessing EverQuest's memory space and sends information on that program to his server. This is how he can see the filepath that MQ was installed in. When a program runs, it does not run as "program.exe". It runs as "C:/Program Files/fuckyou/program.exe". Being able to see the filepath and the machine's name does not mean the program has access to other information in your system.

Furthermore, the Everquest client code is not altered whatsoever by Rogean. I believe this means that it will only be able to access primary and secondary memory that the actual EverQuest game could access. In other words, Rogean cannot somehow change the client such that it can grab web browser information or other system information outside of the information it normally has access to just by adding in a dll file.

Magikarp · #7 10-19-2015, 11:36 PM

this explains why my bank account is low and i got that fixit ticket for expired registration the other week and i may have a drinking problem

illuminati everywhere

damnit rogean. glad to have someone reveal the TRUTH for all to see

iruinedyourday · #8 10-19-2015, 11:48 PM

i heard the virgin detector they put in the client crashed the internet for 30 minuets.

simp403 · #9 10-19-2015, 11:52 PM

Quote:

Originally Posted by iruinedyourday [You must be logged in to view images. Log in or Register.]

i heard the virgin detector they put in the client crashed the internet for 30 minuets.

EverQuest can't run on Linux, though.

Secrets · #10 10-19-2015, 11:54 PM

Pretty much, a DLL can do all of that. But his doesn't that is the key.

It'd set off AVs and then some. And not just on runtime; it only sets off AVs on runtime because it's packed with Themida. If it was sending your bank information or recording keystrokes you figured someone would've picked that up by now.