"
patlefort3 wrote:
I don't understand the if you can afford part. Linux (Ubuntu, Fedora, etc) is free. You can dual boot with Windows.
If your most capable box happens to be a newer laptop, linux is pretty much out of the question until the drivers become available. Currently I'm lucky to even find Windows drivers that work for some parts (yes touchpad I'm looking at you). The if you can afford part- personally I'd have to buy another box to set up as a gaming box since my old desktop box is incapable of being upgraded with a good enough graphics card. Well that and it would be like sticking a new motor in a broken down heap of a car.
It does however make a great linux box for non gaming purposes :)
As to a process monitor, yeah its not going to give you anything until after start up is complete. Likely you wouldn't see anything interesting until after you logged in. Then you'd specifically look for calls to Process32First as it starts walking the process tree. It has been awhile since I've dived that far into the guts, but luckily the people trying to crack the added code are sharing their results with anyone who bothers looking. Its not something for the uninitiated, even many senior programmers would have to knuckle down and do grunt work to sweat out the details.
But like I said, there are plenty of hackers out there working on cracking it and sharing their findings freely. That is why this effort GGG is making is so stupid, it is doomed to failure. The only thing achieved besides a temporary lull in cheat/bot activity is to pretty much permanently piss off anyone and everyone who gives a damn about privacy, especially those of us who trusted them.
My 2c anyhow.
|
|
"
againwetryagain wrote:
"
patlefort3 wrote:
I don't understand the if you can afford part. Linux (Ubuntu, Fedora, etc) is free. You can dual boot with Windows.
If your most capable box happens to be a newer laptop, linux is pretty much out of the question until the drivers become available. Currently I'm lucky to even find Windows drivers that work for some parts (yes touchpad I'm looking at you). The if you can afford part- personally I'd have to buy another box to set up as a gaming box since my old desktop box is incapable of being upgraded with a good enough graphics card. Well that and it would be like sticking a new motor in a broken down heap of a car.
It does however make a great linux box for non gaming purposes :)
As to a process monitor, yeah its not going to give you anything until after start up is complete. Likely you wouldn't see anything interesting until after you logged in. Then you'd specifically look for calls to Process32First as it starts walking the process tree. It has been awhile since I've dived that far into the guts, but luckily the people trying to crack the added code are sharing their results with anyone who bothers looking. Its not something for the uninitiated, even many senior programmers would have to knuckle down and do grunt work to sweat out the details.
But like I said, there are plenty of hackers out there working on cracking it and sharing their findings freely. That is why this effort GGG is making is so stupid, it is doomed to failure. The only thing achieved besides a temporary lull in cheat/bot activity is to pretty much permanently piss off anyone and everyone who gives a damn about privacy, especially those of us who trusted them.
My 2c anyhow.
+1 i like this <3
|
Posted byhobokiller21#5239on Jan 16, 2015, 6:37:56 AM
|
|
Watching this thread for like 2 days now, i finally decided to write something.
Do you guys who are so afraid of spyware included with PoE use cellphones and ATM machines? If you do, i've got some bad news for you: everytime your cellphone is on, it's sending data about your location, incoming and outgoing calls as well as messages to a cellphone-company owned database where they remain stored for about 2 years. Everytime you use an ATM machine, you get recorded (they also record the amount of money you withdrew as well as the location and time of withdrawal) and that data is then stored at the banks' security center for about 2 years.
Don't even get me started on using Gmail & Google while the NSA is actively monitoring everything you write and serch for on the internet.
So yeah, if you're concirned with an indie games' anti-cheat feature but on the other hand don't care about any of the stuff i (and others) have mentioned, then you've got bigger problems than GGG knowing what processes run alongside PoE. My 2 cents.
|
Posted byTom7i#1833on Jan 16, 2015, 6:48:53 AM
|
"
Tom7i wrote:
Watching this thread for like 2 days now, i finally decided to write something.
Do you guys who are so afraid of spyware included with PoE use cellphones and ATM machines? If you do, i've got some bad news for you: everytime your cellphone is on, it's sending data about your location, incoming and outgoing calls as well as messages to a cellphone-company owned database where they remain stored for about 2 years. Everytime you use an ATM machine, you get recorded (they also record the amount of money you withdrew as well as the location and time of withdrawal) and that data is then stored at the banks' security center for about 2 years.
Don't even get me started on using Gmail & Google while the NSA is actively monitoring everything you write and serch for on the internet.
So yeah, if you're concirned with an indie games' anti-cheat feature but on the other hand don't care about any of the stuff i (and others) have mentioned, then you've got bigger problems than GGG knowing what processes run alongside PoE. My 2 cents.
And you guys accuse me of wearing a tin foil hat. Not going to get into personal history but I'll put this much out there, I'm a retired programmer, I used to have a security clearance, I used to work in Washington, DC for the US government, when some of the above topics were first raised here I was chatting with an old-coworker, when I repeated some of what was being said I'm pretty sure she fell out of her chair laughing. Not saying anything more, its not like you guys have a need to know.
Yeah I'm familiar with pretty much all the various ways my privacy is being limited if not outright violated by various entities. Some of them I've no choice but to grin and bear it, though I do make my feelings known. Funny thing though, in all the examples you mention, *none* of them were residing on my computer examining other processes that were running and doing who knows what else. It would be bad enough if it was a major company with the proper resources (Warden, Punkbuster, etc), but a small indy game company?????? Even worse. They're just as liable to do harm by accident as on purpose - and that would be if I trusted them.
So yes, there are many avenues of assault on our privacy in this digital age. We certainly don't need another one in the form of an indy software house that is engaged in a battle where they are outnumbered, outsmarted, and doomed to fail in the end after wasting untold hundreds of man-hours and more money than I'll see in the next few years.
My 2c worth.
|
|
"
againwetryagain wrote:
"
Tom7i wrote:
Watching this thread for like 2 days now, i finally decided to write something.
Do you guys who are so afraid of spyware included with PoE use cellphones and ATM machines? If you do, i've got some bad news for you: everytime your cellphone is on, it's sending data about your location, incoming and outgoing calls as well as messages to a cellphone-company owned database where they remain stored for about 2 years. Everytime you use an ATM machine, you get recorded (they also record the amount of money you withdrew as well as the location and time of withdrawal) and that data is then stored at the banks' security center for about 2 years.
Don't even get me started on using Gmail & Google while the NSA is actively monitoring everything you write and serch for on the internet.
So yeah, if you're concirned with an indie games' anti-cheat feature but on the other hand don't care about any of the stuff i (and others) have mentioned, then you've got bigger problems than GGG knowing what processes run alongside PoE. My 2 cents.
And you guys accuse me of wearing a tin foil hat. Not going to get into personal history but I'll put this much out there, I'm a retired programmer, I used to have a security clearance, I used to work in Washington, DC for the US government, when some of the above topics were first raised here I was chatting with an old-coworker, when I repeated some of what was being said I'm pretty sure she fell out of her chair laughing. Not saying anything more, its not like you guys have a need to know.
Yeah I'm familiar with pretty much all the various ways my privacy is being limited if not outright violated by various entities. Some of them I've no choice but to grin and bear it, though I do make my feelings known. Funny thing though, in all the examples you mention, *none* of them were residing on my computer examining other processes that were running and doing who knows what else. It would be bad enough if it was a major company with the proper resources (Warden, Punkbuster, etc), but a small indy game company?????? Even worse. They're just as liable to do harm by accident as on purpose - and that would be if I trusted them.
So yes, there are many avenues of assault on our privacy in this digital age. We certainly don't need another one in the form of an indy software house that is engaged in a battle where they are outnumbered, outsmarted, and doomed to fail in the end after wasting untold hundreds of man-hours and more money than I'll see in the next few years.
My 2c worth.
Its always funny how people claim to be programmers and working for the government and such on a forum while they really are living with their parents sitting in some room playing video games all day.
|
Posted byDeletedon Jan 16, 2015, 8:40:10 AM
|
"
DirkAustin wrote:
Its always funny how people claim to be programmers and working for the government and such on a forum while they really are living with their parents sitting in some room playing video games all day.
Well let me put it this way kid, my parents were both long dead and buried before the original Diablo was released. Now what's your life story? Still living under a bridge?
|
|
"
againwetryagain wrote:
"
DirkAustin wrote:
Its always funny how people claim to be programmers and working for the government and such on a forum while they really are living with their parents sitting in some room playing video games all day.
Well let me put it this way kid, my parents were both long dead and buried before the original Diablo was released. Now what's your life story? Still living under a bridge?
Yeah, calling me kid makes you feel like a tough guy i bet, bravo. If you work for the government then i am the president. Now go back to your desk and spy on those pesky russians.
|
Posted byDeletedon Jan 16, 2015, 9:06:10 AM
|
"
patlefort3 wrote:
I wouldn't advise anyone that doesn't understand Windows in depth to use that program. People will freak out over nothing.
In your screenshot, it seem to me that PoE is searching for D3DREF9.DLL in all the folders defined in your PATH environment variable, which is normal when an executable wants to use a DLL.
So we need someone who can analyze it or check PoE exe's in IDA etc.
/1625088 - my Perandus shop
/746510 - PoE tiny service
/901183 - new contract system (Support it!!)
/1183686 - My map is MAD!
/1145686 - my Gear /899106 - my Shop
|
Posted byaddiaboli#5098on Jan 16, 2015, 9:06:25 AM
|
"
addiaboli wrote:
"
patlefort3 wrote:
I wouldn't advise anyone that doesn't understand Windows in depth to use that program. People will freak out over nothing.
In your screenshot, it seem to me that PoE is searching for D3DREF9.DLL in all the folders defined in your PATH environment variable, which is normal when an executable wants to use a DLL.
So we need someone who can analyze it or check PoE exe's in IDA etc.
Why would you do that? Falling for the spyware crap people spread around here? Its not spyware.
|
Posted byDeletedon Jan 16, 2015, 9:10:50 AM
|
"
addiaboli wrote:
"
patlefort3 wrote:
I wouldn't advise anyone that doesn't understand Windows in depth to use that program. People will freak out over nothing.
In your screenshot, it seem to me that PoE is searching for D3DREF9.DLL in all the folders defined in your PATH environment variable, which is normal when an executable wants to use a DLL.
So we need someone who can analyze it or check PoE exe's in IDA etc.
You'll have trouble running PoE's Client.exe in a debugger, quite possibly might get banned since it now tries to register itself as a debugger on itself. I won't mention some other steps because at this point I'm somewhat surprised I haven't already been banned.
Easiest thing to do is to use google and search for hacking websites that mention the game. Specifically, look for the patch number. If you find one of the ones I did, you may be able to read their forums and see at least some of their screenshots of debugger dumps as well as listings of diffs and other telltale signs.
As far as I can tell so far, no one knows exactly what all the client is doing. Perhaps this weekend when some of the top hackers involved have time off work enough to dig in. There is a list of Windows API calls that were added, including those to walk Window's active process list and, most recently, some to read the process images. Exactly what they are doing with that information, how much is being sent back to the servers, how often the code is being run, what triggers it, what is dormant and awaiting activation from server or future patches, all unknown at this time.
For the record, I am not personally involved in reverse engineering any GGG software, in point of fact, I no longer have any GGG software installed on this computer.
At this point, there is at least enough evidence surfacing out there that if you desired, you could likely enlist the aid of a 'white hat' security consultant in further examination of the game software.
My 2c worth.
|
|
