Project 1999

Go Back   Project 1999 > General Community > Technical Discussion

Reply
 
Thread Tools Display Modes
  #1  
Old 07-04-2014, 12:43 AM
Grimjaw Grimjaw is offline
Planar Protector

Grimjaw's Avatar

Join Date: Jun 2014
Location: https://discord.gg/ngqrDtyVe6
Posts: 1,089
Default

Quote:
Originally Posted by abacab-101 [You must be logged in to view images. Log in or Register.]
The file is obfuscated, and has two anti-cracking methods put into place; the first is the encryption and the block against .NET Reflector editing, it jumbles up the text and actively block compilers there are ways around that but I won't post that here.

The second is when it's edited a Project1999 pop-up comes up that says "this file has been corrupted, modified, and changed" as well as the DLL-2 error that pops up; the trick here is to maintain the file integrity and size; since most of the file has bullshit hex for filler (the lines upon lines of CC CC CC CC CC and 00 00 00 00 00) that must be maintained to keep the file from being rejected by the p99 client.

DLL has been cracked it's not hard at all.
so what does it do then lol? U can read pcode?
Reply With Quote
  #2  
Old 07-04-2014, 12:49 AM
abacab-101 abacab-101 is offline
Banned


Join Date: Jun 2014
Posts: 31
Default

Quote:
Originally Posted by Grimjaw [You must be logged in to view images. Log in or Register.]
so what does it do then lol? U can read pcode?
1. It's a callback
2. It causes an overflow on third-party programs, when you D/C it flags you because it sends out bad packets that the server then collects from your client; since MQ2 can't function well when the dsetup.dll is running at x100000 as opposed to the normal x0200 of eqgame.exe it disconnects the moment your character hits the world and reads the very first packet.
Reply With Quote
  #3  
Old 07-09-2014, 03:33 PM
Artaenc Artaenc is offline
Sarnak

Artaenc's Avatar

Join Date: Sep 2012
Posts: 485
Default

Quote:
Originally Posted by abacab-101 [You must be logged in to view images. Log in or Register.]
The file is obfuscated, and has two anti-cracking methods put into place; the first is the encryption and the block against .NET Reflector editing, it jumbles up the text and actively block compilers there are ways around that but I won't post that here.

The second is when it's edited a Project1999 pop-up comes up that says "this file has been corrupted, modified, and changed" as well as the DLL-2 error that pops up; the trick here is to maintain the file integrity and size; since most of the file has bullshit hex for filler (the lines upon lines of CC CC CC CC CC and 00 00 00 00 00) that must be maintained to keep the file from being rejected by the p99 client.

DLL has been cracked it's not hard at all.
Which part of the machine code is the one that detects precisely repeating commands like something that autofire would do.
__________________
https://www.asgardguild.net Whoever wields this hammer, if he be worthy, shall possess the power of Thor! -Odin
https://www.twitch.tv/artaenc I stream other games on here also like Monster Hunter World

Guild Leader of <Asgard> The home of the gods!
Lightyear/Artah
Reply With Quote
  #4  
Old 07-01-2014, 09:48 AM
getsome getsome is offline
Fire Giant

getsome's Avatar

Join Date: Apr 2010
Posts: 733
Default

Quote:
Originally Posted by BiggHurb [You must be logged in to view images. Log in or Register.]
yea right now only abacab knows how to circumvent it... /sarcasm

i mean, how do u catch the people who hide their cheating from your .dll, ie the real cheaters... u cant i guess... shame on all of u
real cheaters play on a mac.
Reply With Quote
  #5  
Old 07-01-2014, 10:07 AM
Thana8088 Thana8088 is offline
Fire Giant

Thana8088's Avatar

Join Date: Jul 2010
Posts: 533
Default

Quote:
Originally Posted by Buttcheeks [You must be logged in to view images. Log in or Register.]
I use Comodo for security, and it triggers on this file in the new patch. I scanned the old versions and they don't raise any alarms.
I use Comodo as well, and have to re-install the newest p99 files (and disable my AV) each time I want to play EQ because Comodo has nuked the .dll file.

I guess there's a way to tell Comodo to allow this seemingly malicious file to continue unmolested?
__________________
Catterine - 60 Druidess
Kattarina - 60 Shaman
Angellus - 60 Cleric
Pickahippy - 52 Druid
*******************
All priest, all the time.
Reply With Quote
  #6  
Old 07-02-2014, 11:18 AM
Grimjaw Grimjaw is offline
Planar Protector

Grimjaw's Avatar

Join Date: Jun 2014
Location: https://discord.gg/ngqrDtyVe6
Posts: 1,089
Default

yes tell comodo to ignore your EQ directory
Reply With Quote
  #7  
Old 07-02-2014, 12:39 PM
Portasaurus Portasaurus is offline
Banned


Join Date: Aug 2012
Posts: 1,477
Default

Whatever was happening that caused severe mouse lag while p99 was open seems to have stopped recently, perhaps with this latest patch.

Has anybody else who was formerly having these very very strange mouse lag issues noticed that the problem recently went away?

I have noted that this mouse lag was exactly the same as the kind of lag that occurs when broadcasting my screen via OBS to twitch, which is unsettling to say the least, and unfortunately leads me to the following question:

Can someone in a position of knowledge tell us definitively that p99 does not in any way allow remote observation of our displays or logging of our keystrokes, either inside or outside of the client?

-your Tingrocer
Reply With Quote
  #8  
Old 07-03-2014, 04:39 PM
phiren phiren is offline
Aviak


Join Date: Jul 2013
Posts: 67
Default

Granted this is my own issue -- but I play on a system where I cannot remove McAfee. This never used to be a problem until the last patch. McAfee is calling DSETUP.DLL "Artemis!" threat.

Although -- since the patch came out a week ago, and McAfee is just now calling it one -- it's probably a McAfee update.

Still though -- might be something for Devs to look into. I can't imagine there's only a few people with this issue.. probably going to be more widespread soon as all the other anti virus software gets their updates.

~phiren
Last edited by phiren; 07-03-2014 at 05:06 PM.. Reason: additional info
Reply With Quote
  #9  
Old 07-03-2014, 07:40 PM
Grimjaw Grimjaw is offline
Planar Protector

Grimjaw's Avatar

Join Date: Jun 2014
Location: https://discord.gg/ngqrDtyVe6
Posts: 1,089
Default

if u punch Artemis into google, you would see that McAfee actively scans for new threats, and when it finds them it calls them Artemis (the name of McAfee's system that is searching your PC for these threats).

That's why it's called Artemis, because it doesn't know what virus it is, it just thinks it might be a virus.

Also, it looks like the P99 developers can put in a request with McAfee to have the file white-listed:

https://secure.mcafee.com/apps/mcafe...aspx?region=us
Reply With Quote
  #10  
Old 07-04-2014, 01:38 AM
abacab-101 abacab-101 is offline
Banned


Join Date: Jun 2014
Posts: 31
Default

MQ2 reads 0x02 as that is what the client normally pushes, since p99 puts out 0x10 MQ2 cannot handle it and disconnects, thus the flagging occurs.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 02:02 PM.


Everquest is a registered trademark of Daybreak Game Company LLC.
Project 1999 is not associated or affiliated in any way with Daybreak Game Company LLC.
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.