Some of the functionality of this DDL is used for their anti-cheating checks. One of the calls to the library is clearly doing a process scan through all processes to identify common cheating programs (unless you were smart enough to recompile them and change their executable names, lpszClassName, etc.). This is why your antivirus programs are trapping its behavior as a common Trojan virus.
SOE and Blizzard both used to use this methodology and it was successful in removing a good chunk of the cheating. However scanning information on someone else's computer and sending it to yourself regardless of your intention is illegal. And so after that they had to remove the code from their mmos and use server-side behavioural cheat detections instead.
I don't know everything the library is doing but there are a number of tools out there that can plug into visual studio and get all the entry points to all the functions in the DLL and try to run them individually and trace through what they do. But that is an immense amount of effort to really figure out everything it is doing.
|