PDA

View Full Version : Verant snooping in temporary Internet files?



Fatty
01-31-2003, 01:50 AM
Anyone ever tried a program from Sysinternals called handle?(http://www.sysinternals.com/ntw2k/freeware/handle.shtml)

I tried it today and checked out everquest.
If you open a dos box and run handle with this: "handle -p everquest", without the quotes, you will get a list of files that everquest has accessed. Note, I havent started everquest fully, just gotten to the click play window.

Here are a few:
C:\Documents and Settings\Username here\Local Settings\Temporary Internet Files\Content.IE5

C:\Documents and Settings\Username here\Local Settings\Temporary Internet Files\Content.IE5\index.dat

There are more internet files listed too thats accessed.

If you want some more info, write "handle -a -p everquest".

Here is one you get then.
\BaseNamedObjects\C:_Documents and Settings_User name here_Cookies_index.dat_Some number here

Now, what im wondering. What is everquest doing with accessing these places? What possible use do they have of cookies? My thought was that they could scan cookie names or sites been to, to get a list of possible hackers.(Search for seq.sourceforge.net...)

Now, these files are actually hidden in the operating system, and deleting the internet explorer history doesnt delete the content of Content.IE5, which shows where you have been on the net. To see/delete this catalogue, you have to write in the catalogue manually, for example: "C:\Documents and Settings\Username here\Local Settings\Temporary Internet Files\Content.IE5"

I dont know if this means anything at all. Was hoping other hackers had more information about this and possibly find out what eq is really doing with access to these files/registry settings.

mvern
01-31-2003, 04:22 AM
The patcher uses embeded internet explorer stuff for downloads - your just seeing ie access cookie files, not really anything out of the ordinary.

high_jeeves
01-31-2003, 10:41 AM
This is also a good search before you post situation... This problem gets "detected" by some amatuer hacker about once every two months, and we all hear about how the sky is falling, again.

Search = Good.

--Jeeves

cbreaker
01-31-2003, 01:13 PM
Although on EVERY SINGLE thread related to this I had to sift through high_jeeves bullshit ("This has been discussed!!! How dare you post this again!!") this has indeed been posted before.

In fact, one person even used the same tool as you. However, I saw no mention of a sky falling.

Iam_Walrus
01-31-2003, 01:15 PM
It's not "How dare you post this again!" it's "Quit wasting your keystrokes and please use the Search tool. It gets lonely when it isn't being used..."

Fatty
01-31-2003, 02:48 PM
Yeah, I could find the answer to this if I searched for sysinternals or cookies, not when searching for handle though. And no, the tool that was used by others was filemon, thats another utility than I used, although from same provider.

However, even though they use/need these files, doesnt mean they cant pull out some information from them. Could for instance search for certain keywords and send a true/false answer to the server about it. Would be pretty hard to detect, unless you can detect searches through these files.

Anyway, im sure its benign. Remember though, its easier to say use the search tool when you read this board every day and know everything whats going on in here. And im sure, many other people havent read about it, since its hidden 'deep' in the archives.

And nowere did I mention anything about 'Sky is falling'. Just posted to gain insight into what other people knew about this. I thought they probably did use it for something other than snooping, which indeed seems to be the case here.

And yeah, I should have used the search tool here, I aknowledge that.

high_jeeves
01-31-2003, 03:00 PM
You should always search before you post. period. It really isnt that hard to find the information you need. For example, a search of "temporary internet files" brings up the answer. A number of other searches I tried also found answers on the first page of search results.. Searching isnt that hard. Do it first.. save everyone, including yourself, some time.

--Jeeves

Lyroschen
01-31-2003, 03:56 PM
On the same note, Jeeves, your post has been said before, too. Might be worthwhile to search before you post. Unless it just makes you feel superior to flame, in which case, falme on!

My kudos to mvern who replied:


The patcher uses embeded internet explorer stuff for downloads - your just seeing ie access cookie files, not really anything out of the ordinary.

Can we end this thread here? Or do more egos need fluffing?

spungee
02-01-2003, 12:55 AM
mine mine mine

wolfy
02-01-2003, 10:42 AM
watching you all bicker about searching to see if a post has been made before, is like watching a bunch of old women nagging their husbands.

posts do happen again, just live with it, and repetative whinges like yours would no longer happen.

PainNSuffering
02-01-2003, 09:16 PM
Search on "search before you post"
Displaying Topics 1 to 25 of 173

Search on "search before you post + Username: high_jeeves"
Displaying Topics 1 to 25 of 43

It would apear he has said this before, but does not seem to be alone in that fact. But I am 100% sure, some one else has told jeeves he has told people to use the search feature before. I will leave the searching for telling people to search for yourself, since it seems to be important to you.

QuerySEQ
02-01-2003, 11:53 PM
EQ snooping Temporary Internet Files.

the guys that Program EQ are actually pretty smart.

NO, SOE is not snooping your Temporary internet files.

EQ's new interface uses XML. XML for the programmers is MUCH easier and faster to modify than making hard code changes to the game itself, PLUS it makes the actual applications smaller ( if anyone paid attention to that, with the advent of the new interface and removal of the old one, reduced the 'footprint' of EQ by almost 120K!!!..

What does XML do for EQ? Well, with Windows 98+ and IE5+, the Browser was integrated into the OS, so.. instead of trying to write and modify a propritary interface. They use native MS code to access features.

That cool little MP3 player? It uses native Microsoft MCI codes ( those of you that knew how to do it, actually had MCI 'hotkeys' running that would play MP3's before that advent of the new little 'toy' player.

Alas... I go to far. Since the INTERFACE is now XML based, it uses the Browser features embedding in IE ( your OS ). Since the browser throws things in the Temporary Internet Dir, (to work with them, parse them, disgard or cache them) is why EQ is 'sort of' using the Temporary Internet Files directory..

Does that answer your question?

Poncho
02-02-2003, 01:43 PM
Hmm, interesting thread really. I too noticed the same thing Fatty originally brought with this thread. I think his whole post was eluding to the questions:

If I notice EQ scanning my temp internet files, can they see that I have been such sites as this?

and

Can they, or are they going to do anything about it?

Well, thats what I read from the post anyhow. It never really worried me, but the lingering questions were still in the back of my mind.

Query- nice post. Perfect answer as far as I'm concerned. Nice to be spoon-fed that 2+2 =4. Still trying to figure out why I tend to get 3 1/2 sometimes ;)


Poncho

high_jeeves
02-02-2003, 02:00 PM
Unfortunately, QuerySEQ's post is, in all likelyhood, wrong.

1) The reason the application footprint got smaller is that they were able to remove all of the the old UI code and resources from the application. Instead of having code and resources for 2 UIs, they only had one.

2) EQ itself probably does not use IE to do its XML work. Why? because that would require a large amount of code in memory, that EQ doesnt need. More than likely, they picked up one of the many extremely inexpensive (or even free), and light weight XML parsing libraries, and use it to parse the UI xml. It is even quite possible that they wrote their own, since it is a relatively trivial task.

3) EQ has always hit the temporary internet files, since LONG before the new UI was introduced (just searching on this forum will show that to be true). EQ loads the IE libraries (which, in turn look through temporary internet files) in order to do the patching, which uses standard HTTP as its transport.

As for wether or not they can look at what pages you are going through: Any application on your system could do that. For that matter, its pretty trivial to write some javascript on a web page that does the same thing. Are they doing it and sending back information? No.

Again, ALL of this information has been stated before, by many people here, myself included...

--Jeeves

QuerySEQ
02-02-2003, 04:22 PM
Jeeves is probably correct on the interface part, I did not mean to imply that EQ uses IE, but the same library 'hooks'.

Anything from the patcher to the new UI. Even those of us that use Nutscrape, have a temporary area for that work to be performed.

The patcher 'unloads' when it has completed its task and launched the application. I have found many EQ xml objects in my temporary files directory.

I dont know for certain if they can or cannot actually use your temporary internet files. I am sure it is possible, however.. if Caught doing such, it would be an infringement of privacy, and they would be liable. due to the fact that it is quite easy to see that occur, I seriously doubt SOE would want to try and explain that to the International Community, as well as having a pretty hefty class action against them for it.

I think it is just a place that is being used to parse, temp, discard..etc..

The Duck
02-04-2003, 11:01 AM
I seriously doubt SOE would want to try and explain that to the International Community, as well as having a pretty hefty class action against them for it.

I'm sure they'd win that suit if they proved that the did nothing more than use it to expose people who are in fact breaking the law by hacking their software, which they specifically hold rights and prevent you from doing.

However, it all goes back to the fact that most of the people in these forums assume SoE doesn't want you using SEQ, which is in most liklyhood, wrong.

SoE knows that people use SEQ, they know that people buy and sell characters, and they know that people buy and sell items.

You think if they really decided to stop all three they couldn't make significan't progress?

The simple fact is, that running an online game is politics as much as anything else. They don't give a shit that you're using SEQ, they give a shit that other people give a shit that you're using SEQ. As long as they maintain the illusion that they're against it, yet even put in tools to allow themselves to make extra money off the business (in the case of renames and server transfers...), everyone is happy. Ignorance, after all, is bliss.

*quack*

throx
02-04-2003, 01:21 PM
I think the idea that it would be somehow "illegal" for Sony to scan your computer looking for ShowEQ is pretty much an urban myth. At the most, all they'd have to do is change the EULA to make you give them express permission to do so before running the game.

The whole idea of a "class action suit" is just laughable. Exactly what damages would you be claiming, assuming all they were doing is denying access to their private servers to those people who were found to have suspicious code on their machines?

As for the "Temp internet files" thing, the patcher hooks IE to manage the downloads throught the WinINet API. IE is the thing acessing the files, not as a scratch working area or anything like that, just normal caching operations. eqgame.exe itself doesn't like with IE and doesn't scan these files.

XML isn't anything magical. For the most part it slows applications down and increases their memory footprint because it deals with character data where binary is usually good enough. It's only real benefit is that it's extensible so that adding additional properties isn't too difficult and tends to not break backward compatibility. However, the disasters caused by custom UIs whenever they make enhancements in eqgame.exe shows that XMLs benefits aren't usually as wonderful as it's proponents claim.

deathinc
02-05-2003, 03:04 AM
Originally posted by The Duck

I'm sure they'd win that suit if they proved that the did nothing more than use it to expose people who are in fact breaking the law by hacking their software, which they specifically hold rights and prevent you from doing.

One thing... It is not illegal (DMCA aside for a moment), as in 'against the law' to hack the EQ software client-side. What it is though, is a violation of the EULA -- an agreement between two or more parties, and is not a 'law'.

On the topic of the DMCA the only 'hacking' that might be illegal as you describe deals with the encryption. But I'm not going to go down that road, but suffice it to say, it would be one hell of a stretch.

And as an obvious note: hacking the EQ servers is most definately illegal, as in computer trespass illegal -- but SEQ does not do that.