Project 1999

Go Back   Project 1999 > General Community > Technical Discussion

Reply
 
Thread Tools Display Modes
  #1  
Old 03-13-2015, 05:04 AM
Jonp1999 Jonp1999 is offline
Large Rat


Join Date: Mar 2015
Posts: 6
Default What -EXACTLY- does dsetup.dll do?

Before you dismiss this as yet another paranoid thread, let me get a few things out of the way:
  • I've been searching for the past hour to try to figure out exactly what dsetup.dll does, but I keep coming across jokes, paranoia, and very little useful information. The best info I've found was the sticky here, but that doesn't explain much.
  • Security through obscurity is not a valid method of security. 15 years as a (mostly) web developer has taught me that (Painfully, I might add)
  • Anti-hacking and cheating methods are incredibly useful, and sometimes required - I completely understand and agree with that.
  • I mean absolutely no disrespect to anyone working on Project 1999.

With that aside - I have to know. What does dsetup.dll do exactly? Does it only monitor the EQ process for any changes, or does it look at other processes that are running? The former is A-OK, the latter is rife for abuse.

What methods does it use to accomplish the monitoring (Assuming it does)? Does it use any sort of pre-existing software, or was it written by a developer here?

Again, I have to stress - security through obscurity does not work - if someone really wanted to, they could figure out how this works. I just would like to hear it from the developers themselves what it does.

This isn't a threat or anything stupid like that either, I'm just cautious of any anti-hacking software as, while the original intentions may have been good, they have been exploited in the past. If dsetup.dll is only capable of looking at the EQ process, then that shouldn't be an issue. If it's looking at other processes - then it's a possible problem and I'd like to know so I can uninstall P1999.

And one last time, I really have to stress - I'm not tin foil hatting, I'm not looking for jokes, I'm not insulting anyone, I'm not saying this isn't needed or anything like that - I just want to know so I can make an informed decision.
Reply With Quote
  #2  
Old 03-13-2015, 10:50 AM
Thulack Thulack is offline
Planar Protector

Thulack's Avatar

Join Date: Sep 2011
Location: In my living room.
Posts: 4,296
Default

Pretty sure it does look for other process such as MQ and ShowEQ or any other cheating programs so bye bye.
__________________
Reply With Quote
  #3  
Old 03-13-2015, 10:59 AM
Kanem Kanem is offline
Skeleton


Join Date: Oct 2014
Posts: 17
Default

Doubt anyone is going to tell you what custom code is being run inside the encrypted dll. Even if they did if you don't trust them to provide it why would you trust their explanation.

If you are worried run it in a sandbox where it cant do any harm. On a VM or a parallel OS install or even a dedicated air gapped box. Not like the game has high system requirements.

Just my 2 cents.

Kanem
Reply With Quote
  #4  
Old 03-13-2015, 11:00 AM
Daldaen Daldaen is offline
Planar Protector


Join Date: Jun 2010
Location: Kedge Keep
Posts: 9,062
Default

I'm not sure how much they want to elaborate on how it works because that would make it easier for hackers to bypass it.
Reply With Quote
  #5  
Old 03-13-2015, 01:28 PM
phacemeltar phacemeltar is offline
Planar Protector

phacemeltar's Avatar

Join Date: Jun 2013
Location: western hemisphere
Posts: 1,612
Default

im pretty sure its some fly-by-night hack job that was implemented in haste to stop hacking from burning the server. if you inspect the dll file in some sort of decompiler (or whatever can read dll files, i forget) it will tell you what .net classes it implements.

im also pretty sure that if you run EQ in administrator mode, dsetup.dll can allow total remote access to your machine. pls correct me if im wrong


EDIT: #NOTCLASSIC
__________________
Last edited by phacemeltar; 03-14-2015 at 03:16 AM..
Reply With Quote
  #6  
Old 03-14-2015, 02:20 PM
mindeen mindeen is offline
Large Rat


Join Date: Apr 2013
Posts: 9
Default

Some of the functionality of this DDL is used for their anti-cheating checks. One of the calls to the library is clearly doing a process scan through all processes to identify common cheating programs (unless you were smart enough to recompile them and change their executable names, lpszClassName, etc.). This is why your antivirus programs are trapping its behavior as a common Trojan virus.

SOE and Blizzard both used to use this methodology and it was successful in removing a good chunk of the cheating. However scanning information on someone else's computer and sending it to yourself regardless of your intention is illegal. And so after that they had to remove the code from their mmos and use server-side behavioural cheat detections instead.

I don't know everything the library is doing but there are a number of tools out there that can plug into visual studio and get all the entry points to all the functions in the DLL and try to run them individually and trace through what they do. But that is an immense amount of effort to really figure out everything it is doing.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 05:37 PM.


Everquest is a registered trademark of Daybreak Game Company LLC.
Project 1999 is not associated or affiliated in any way with Daybreak Game Company LLC.
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.