Read a thread about that Verant has implemented ACL like 2 patches ago.
Was wondering if they can detect if you read EQs memory with readmemoryprocess with SACL?
On MSDN:
"A system access control list (SACL) enables administrators to log attempts to access a secured object. Each ACE specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in a SACL can generate audit records when an access attempt fails, when it succeeds, or both. In future releases, a SACL will also be able to raise an alarm when an unauthorized user attempts to gain access to an object. For more information about SACLs, see Audit Generation and SACL Access Right."
Also. read a post by MisterSpock that its better to use an ACL maneuver, or running the application as SYSTEM instead of entering debug mode. Anyone care to give some more information on this?
As it is now I have made a program to give debug privilegies to my program and scan all Private memory blocks of EQ. Its not for sniffing the key, more for making a Windows version of ShowEQ(Private).
Last but not least, what should we look for in the updated files from verant for 'keys' to if they are checking for memory reads?
Thanks.