does anyone know how magelo works? i assume that they also sniff memory of eq to get item information, and that perhaps they also have to sniff the key out to decrypt some info. am i wrong? what is to stop vi from telling the difference between magelo and a key sniffer? especially if someone smart enough watched what magelo did and emulted its memory reads (but only using the one where it reads the key?).

Yea, but still Magelo is a "Third party utility" which is technically banned by the EULA...

Even if it doesn't give anyone an unfair advantage, theres nothing forcing SoE from banning you from using that too...

I get the sinking feeling that there are going to be a lot of bannings after the next patch due to any app touching memory... Although, I could be wrong. Just my gut feeling. And now that there saying that they are having "serious problems" with XP (the game not registering the expansions or something properly), it wouldn't suprise me to see a patch in the next day or so...

Nice way to disguise if there putting "anti-key sniffing" code in...

Sony "Were patching because of XP problems"
Gimp "Okay, np. Let me play with the new executable. Hmmm.. where's that key ripper"
Sony "Ding! Got another one, and they thought we were really fixing a bug! Nobody actually had an XP problem, and they'll never know"

Just being my parinoid self

I wouldn't say that's overly paranoid, Raven...

Either way, the Magelo thing is good. I like that. Lots of people are running Magelo... mmm.

/nod RavenCT - we have running PoP on several XP-Clients ... no problmes - the rest may or not may be paranoia ... we will see.

My Paranoia: i will not run my little tool some days after the next patch :p

Why allow EQ to run as a priviledged account?

For those who are runing Windows 2000, or XP just run EQ as a normal user account. It will not be privledged enough to scan the memory footprint of other programs running as a different user.

Just run your sniffer under an account with the needed privs.


For those still running 98/SE/ME, you are SOL. Everything is fair game there.

"Why allow EQ to run as a priviledged account?

For those who are runing Windows 2000, or XP just run EQ as a normal user account. It will not be privledged enough to scan the memory footprint of other programs running as a different user.

Just run your sniffer under an account with the needed privs."

are you saying if you run eq and sniffer under non admin account eqgame.exe will not have priveldges to scan for memory footprints?

can we get confirmation on this?

a_guide_01

Eek! I don't this is paranoia, sounds pretty close to me.

I tried to log on my mule this morning to sell some junk, and couldn't reach the logon servers. I had to leave for work before getting on, does anyone who can logon know if there was a patch sent?

Ok, maybe I'm just dumb, but... When I try to run EQ as a normal user (Limited User) I get kicked to desktop after entering the account password. Could that be because I installed EQ as an administrator account, then changed that same account to limited?

Also, on a side note, I have seen the problem they are talking about, I have not been effected by it as any of my chars are not 61 or higher, but I have seen it say 3 expansions enabled, when actually ALL of them should be. There could a legitimate problem there. Oh, and when it did this, I could not access PoK from the Nexus, so I actaully wasn't flagged as having the expansion.

Make sure the user account you are using has read write change access to the folder that EQ runs from.

To do this log in as admin (or equiv) right click the folder and then click security - choose permissions for the user/group you want to run EQ.

FYI, I did have the issue with not having expansions registered. I was in PoT, and every time I clicked on the book it just sent me to the zone safe spot. I tried camping, that didn't work, and then I eventually logged out, deleted all relevant files, patched, and logged back in, and it was working. It turns out it was just the act of logging back in that fixed it.

I am paranoid as well though. The sniffer I am running has been filled with extra code, the exe is renamed to something believable for the size it is and that could believeably be running at the same time as EQ, the output file has been renamed, and the whole thing is running in a directory with a harmless name. But I will still stop using it after the next patch until I hear what's up. I dont' want to get banned. :)

Privledged does not mean "admin". You can grant all sorts of privledges to accounts/groups.

I am not where I can run EQ atm, but I think one of the previous posts is correct, you just have to make sure that the user account that you are running EQ as, has read/write privledges in the EQ install directory.


Regular user accounts can do a a process enumeration, i.e. get the running process name. But they will not be able to "open" the process and scan memory.

Also, lock down the directory where you keep you config and data files, so they won't be able to scan the files for signatures.

In win2k/winXP, you can be logged in as one account and run a program as another account. I wonder if this would do the same thing...

i.e. login with an admin account to run magelo, sniffer, etc. right-click the shortcut, run as, underprivileged account name and password, voila.

Yes, suprphrk, that has the same results.

And again, on Windows 2000/XP, there is NO need to allow EQ to run in a privledged account.

Understanding this and using this will greatly enhance you effectiveness of avoiding detection.

It will not be 100%, because you can always do something stupid, like name your sniffer program - eqkeysniffer.exe
:eek:

But if Windows security is used CORRECTLY. EQ will not be able to see config files, data files, etc, that could be or are being used to transport the key information.

The only "open" issues I see at the moment, is where the EQ application can be notified when its memory is being scanned. I know there has been some other threads discussing this, and I have been looking at it.

Now I did that, made an acct limited in XP, gave it the permissions, but when i would type my password in to log in, I crashed to desktop.

Originally posted by Ratt
I wouldn't say that's overly paranoid, Raven...

Either way, the Magelo thing is good. I like that. Lots of people are running Magelo... mmm.

Quite many people. Magelo has a grand number (possiable all) GM Only items in their database.

Now, there's only one way possiable for them to get those items into there. ;)

Now I did that, made an acct limited in XP, gave it the permissions, but when i would type my password in to log in, I crashed to desktop.



Yes, same thing here, at precisely the same time-as I stated above.

I dont have my drives partitioned as NTFS and as such, I have no security tab in the properties of my folders. Also, when logged in as Administrator, there really arent a whole lot of choices of how to edit a users permissions.

I'll take a look a little deeper tommorow under the administrator tools, I know how XP generalized everything and put a big pretty red bow on it, I'm sure its in there somewhere. Will just have to dig a little more.

Quite many people. Magelo has a grand number (possiable all) GM Only items in their database.

Now, there's only one way possiable for them to get those items into there.

Maybe Guides and GMs use maglo? Or maybe they also use SEQ? Who knows?

Just a thought.

Yea, but still Magelo is a "Third party utility" which is technically banned by the EULA...


Actually.. reguarding 3rd party software let me quote that for you:


9. You may not use any 3rd party software to modify the Software to change Game play. you may not use our intellectual property rights contained in the Game or the Software to create or provide any other means through which Game may be played by others, as through sever emulators. You may not take any action which imposes an unreasonable or disproprotionately large load on our infrastructure. You may not sell or auction any Everquest characters, items, coin, or copyrighted material.


Magelo does not modify the software to change gameplay.
ShowEQ does not modify the software to change gameplay.

They can however ban you for any reason they so chose.

You are correct that you must be using NTFS to have many of the permissions options.

You can non-destructively convert to NTFS using the command Convert:

Converts FAT volumes to NTFS.

CONVERT volume /FS:NTFS [/V]

volume Specifies the drive letter (followed by a colon),
mount point, or volume name.
/FS:NTFS Specifies that the volume to be converted to NTFS.
/V Specifies that Convert should be run in verbose mode.

For instance to convert drive C::

Convert C: /FS:NTFS


Warnings:
This cannot be undone. (i.e. you cannot go back to FAT)

If you dual boot to other OS (linux, win 9x etc) you will lose the drives as mountable AND may have problems booting into other OS (such as if Drive C: also contained win 9x.... you lose it <period>).

Volumes converted thusly have default permissions set to EVERYONE/ALL on all folders. There exists no DEFAULT security on any folder. You must manually set it. (this is no worse than default security on your FAT drive however... you just have to set better security manually)

Maybe Guides and GMs use maglo? Or maybe they also use SEQ? Who knows?

Dunno about SEQ, but point in tell is that we do know Guides/GMs are using Magelo.

The only way for GM only items to get entered into the Magelo Database is by a GM/Guide using Magelo.