Here's what I came up with, heavily based on the previous post about writing a sniffer for the key.
Basically, it scans for eqgame in a loop.
Once it finds the pid, it goes to a loop that checks the key area of memory.
Once the key is != 0, it beeps and fires off "keymove.bat" (in hidden mode), which is a script I wrote that uses scp to copy the dat file over to my linux box. You can write one that uses tftp or ftp or whatever you want. Or, you can just make an empty batch file if you're keeping an active share between your machines.
After that, it keeps looping until the key changes, then fires the script off again (and beeps).
This should work without EQW.
Note: this compiles and works on XP using vc6.
Code:
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <tlhelp32.h>
#include <fstream.h>
char argkey[256]="773b90";
ULONGLONG oldkey=0;
void readkey (HANDLE hProcess)
{
FILE *fp;
while (1)
{
unsigned long addr;
ULONGLONG key;
Sleep(1000);
if (sscanf (argkey, "%08x", &addr) == 1)
{
if (ReadProcessMemory (hProcess, (void *)addr, &key, 8, NULL) == 0)
{
printf ("ReadProcessMemory on 8 bytes at 0x%08x failed: %u\n", addr, GetLastError());
} else {
if (oldkey == key)
{
// key hasn't changed
}
else
{
printf ("New key found: 0x%016I64x\n", key);
Beep(500,500);
oldkey = key;
fp = fopen("\\mydirectory\\keyfile.dat", "wb");
fwrite(&key, sizeof(key), 1, fp);
fclose(fp);
WinExec("C:\\mydirectory\\keymove.bat", SW_HIDE);
}
}
}
fflush (stdin);
}
}
void scanproclist ()
{
HANDLE hProcessSnap = NULL;
PROCESSENTRY32 pe32 = {0};
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return;
// Fill in the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hProcessSnap, &pe32))
{
HANDLE hProcess;
do
{
LPSTR pCurChar;
char pName[512];
// strip path and leave exe filename
for (pCurChar = (pe32.szExeFile + strlen (pe32.szExeFile));
*pCurChar != '\\' && pCurChar != pe32.szExeFile - 1;
--pCurChar)
strcpy(pName, pCurChar);
strlwr(pName);
if ( (strncmp (pName, "testeqgame", 10) == 0) || (strncmp (pName, "eqgame", 6) == 0) )
{
printf ("found eqgame - pid = %u\n\n", pe32.th32ProcessID);
// hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
hProcess = OpenProcess (PROCESS_VM_READ, FALSE, pe32.th32ProcessID);
if (hProcess == NULL)
{
DWORD dw;
dw = GetLastError();
printf ("OpenProcess failed, error: %u\n", dw);
return;
}
readkey (hProcess);
}
}
while (Process32Next(hProcessSnap, &pe32));
}
CloseHandle (hProcessSnap);
return;
}
void main(int argc, char **argv)
{
while (1) {
Sleep(10000); // Scan for EQGame only every 10 seconds, since it slows the system down. Makes loading slow.
scanproclist();
}
}