|
|
#1
03-13-2015, 05:04 AM
|
|||
|
What -EXACTLY- does dsetup.dll do?
Before you dismiss this as yet another paranoid thread, let me get a few things out of the way:
With that aside - I have to know. What does dsetup.dll do exactly? Does it only monitor the EQ process for any changes, or does it look at other processes that are running? The former is A-OK, the latter is rife for abuse. What methods does it use to accomplish the monitoring (Assuming it does)? Does it use any sort of pre-existing software, or was it written by a developer here? Again, I have to stress - security through obscurity does not work - if someone really wanted to, they could figure out how this works. I just would like to hear it from the developers themselves what it does. This isn't a threat or anything stupid like that either, I'm just cautious of any anti-hacking software as, while the original intentions may have been good, they have been exploited in the past. If dsetup.dll is only capable of looking at the EQ process, then that shouldn't be an issue. If it's looking at other processes - then it's a possible problem and I'd like to know so I can uninstall P1999. And one last time, I really have to stress - I'm not tin foil hatting, I'm not looking for jokes, I'm not insulting anyone, I'm not saying this isn't needed or anything like that - I just want to know so I can make an informed decision. | ||
|
|||
|
#3
03-13-2015, 10:59 AM
|
|||
|
Doubt anyone is going to tell you what custom code is being run inside the encrypted dll. Even if they did if you don't trust them to provide it why would you trust their explanation.
If you are worried run it in a sandbox where it cant do any harm. On a VM or a parallel OS install or even a dedicated air gapped box. Not like the game has high system requirements. Just my 2 cents. Kanem | ||
|
|
|||
|
#4
03-13-2015, 11:00 AM
|
|||
|
I'm not sure how much they want to elaborate on how it works because that would make it easier for hackers to bypass it.
__________________
| ||
|
|
|||
|
#5
03-13-2015, 01:28 PM
|
|||
|
im pretty sure its some fly-by-night hack job that was implemented in haste to stop hacking from burning the server. if you inspect the dll file in some sort of decompiler (or whatever can read dll files, i forget) it will tell you what .net classes it implements.
im also pretty sure that if you run EQ in administrator mode, dsetup.dll can allow total remote access to your machine. pls correct me if im wrong EDIT: #NOTCLASSIC
__________________
 | ||
|
Last edited by phacemeltar; 03-14-2015 at 03:16 AM..
|
|
||
|
#6
03-14-2015, 02:20 PM
|
|||
|
Some of the functionality of this DDL is used for their anti-cheating checks. One of the calls to the library is clearly doing a process scan through all processes to identify common cheating programs (unless you were smart enough to recompile them and change their executable names, lpszClassName, etc.). This is why your antivirus programs are trapping its behavior as a common Trojan virus.
SOE and Blizzard both used to use this methodology and it was successful in removing a good chunk of the cheating. However scanning information on someone else's computer and sending it to yourself regardless of your intention is illegal. And so after that they had to remove the code from their mmos and use server-side behavioural cheat detections instead. I don't know everything the library is doing but there are a number of tools out there that can plug into visual studio and get all the entry points to all the functions in the DLL and try to run them individually and trace through what they do. But that is an immense amount of effort to really figure out everything it is doing. | ||
|
|
|||
 |
|
|
Linear Mode
