FFACEV disabling processes without permission?

[Churchill]

I came across this line of code the other day and was wondering what people thought about it?

Spoiler: show

Code:

ULONG WINAPI InjectionEventThread(void* p_Param)
{
	while(Running)
	{
		MODULEENTRY32  hModEntry;
		hModEntry.dwSize = sizeof(MODULEENTRY32);
		PROCESSENTRY32 processInfo;
		processInfo.dwSize = sizeof(PROCESSENTRY32);

		HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
		while( Process32Next( hSnapShot, &processInfo ) )
		{
			if( !Running )
				break;
			_strlwr_s(processInfo.szExeFile);
			if( strcmp(processInfo.szExeFile, "pol.exe") == 0 )
			{
				HANDLE hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, processInfo.th32ProcessID );
				if( Module32First(hModuleSnap, &hModEntry) )
				{
					bool Injected = false;
					bool PolLoaded = false;
					bool FFxiLoaded = false;
					while( Module32Next(hModuleSnap, &hModEntry) )
					{
						if( !Running )
							break;
						_strlwr_s(hModEntry.szModule);
						if( strcmp(hModEntry.szModule, "ffacev.dll") == 0 )
						{
							Injected = true;
							//break;
						}
						else if( strcmp(hModEntry.szModule, "mswsock.dll") == 0 )
						{
							PolLoaded = true;
						}
						else if( strcmp(hModEntry.szModule, "ffximain.dll") == 0 )
						{
							FFxiLoaded = true;
							break;
						}
						Sleep(20);
					}//while( Module32Next(hModuleSnap, &hModEntry) )
					if( !Injected && PolLoaded && !FFxiLoaded )
					{
						HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processInfo.th32ProcessID);
						if( hProcess )
						{
							InjectLibrary(hProcess, InstallPath.c_str());
							CloseHandle(hProcess);
						}//if( hProcess )
					}
				}//if( Module32First(hModuleSnap, &hModEntry) )
				CloseHandle(hModuleSnap);
			}
			else if( strcmp(processInfo.szExeFile, "elitexi bot.exe") == 0 )
			{
				HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processInfo.th32ProcessID);
				
				PostMessageW((HWND)hProcess, WM_CLOSE, 0, 0);
				WaitForSingleObject(hProcess, 1000);
				      
				// Check exit code
				DWORD dwExitCode = 0;
				GetExitCodeProcess(hProcess, &dwExitCode);
				if(dwExitCode == STILL_ACTIVE)
				  TerminateProcess(hProcess, 0);
				if(hProcess)
					CloseHandle(hProcess);				
			}//if( strcmp(processInfo.szExeFile, "pol.exe") == 0 )
			Sleep(20);
		}//while( Process32Next( hSnapShot, &processInfo ) )
		CloseHandle( hSnapShot );
		Sleep(10000);
	}//while(Running)
	return 0;

Ignoring whether you agree with botting for whatever purposes people use it for, how do you feel about programmers who also have been brought back on board windower utilizing their software to control what processes are running on your computer? It makes me wonder what else FFACEV team has planned considering they've always maintained that EliteXI/Wiz has contained malware/viruses when EliteXI/Wiz has never been proven to contain such devices.

[Byrthnoth]

Last I heard, they pretty convincingly showed that EliteXI contained a backdoor that let the creator load whatever he wanted onto your computer without your permission. If you're fine with it, that's great, but I guess you should stop updating FFACE.

[Casey_]

If you run any software, you are subject to its contents, malicious or not. You may never know it is or isn't malicious for sure, and I can tell you it wouldn't be the first time a paid{? free} hack included a backdoor for any game.

Personally, I see the FFACE checking for the bot as a "Don't cheat you asswipe." Well, within reason I guess. FFACE can be argued as cheating in some ways, but that's another topic.

[Kegsay]

Personally, I see the FFACE checking for the bot as a "Don't cheat you asswipe."

Pretty much, all the code does is check for the exe and closes it. Though you could have a perfectly legit unrelated program called "elitexi bot.exe" and that would be closed, so it's not a foolproof way of doing it.

[Shenrien]

All it's gonna take is one of them getting butt hurt and then start putting in kill Playonline.exe at random event times and shits gonna hit the fan.. probably around the time the person "retired" from the duty of keeping either program online with one final update, and will just try to play it off like a crash every now and then.

[Churchill]

"Don't cheat you asswipe" as an excuse coming from a program that is also cheating? Seems mildly asinine of an argument to make.

[kenshyn]

Its called don't allow your system to be used as a DOS attack machine by wiz but then again if your dumb enough to be running his garbage what happens to you is your own damn stupid ass problem. Wiz code can basically take over your machine and do just about whatever he wants with it....

[Casey_]

"Don't cheat you asswipe" as an excuse coming from a program that is also cheating? Seems mildly asinine of an argument to make.

In a completely different game, I've heard similar arguments. There was a thing called "ForceCommand" where server admins could issue arbitrary commands to clients with the possibility of doing malicious things, but its intention was to do benevolent things such as setting PurgeCacheDays to 0 which would set someone's download cache to never expire. This was back in the days of 56k where re-downloading 5mb every 30 days {PurgeCacheDays default} was actually serious business.

Just because something can be used for something bad, doesn't mean it's inherently bad. FFACE is a simple API for creating simple-to-semi-advanced FFXI mods, a nice example is the old version of GearCollector before it was improved to use SigScan. GearCollector would interface with FFACE to get the current item position and current name of what inventory section you had up {Mog locker, Storage, etc.} and it would issue commands to automatically store items you don't need and pick items out of your moghouse to gear jobs effectively. Totally not malicious, not really cheating since anyone can do that, just not automatically.

But on the other hand, the same useful functions used for GearCollector could potentially be used for a crafting bot, which is obvious cheating.

tl;dr the tool isn't evil, it's the things that use the tool badly that are.

[nitsuj]

Just a heads up, this war has been going on on FFACE's website/irc for a few days now. It has spread to windower forums and then again supposedly to one side DDoS-ing the other.

I know you guys here love your drama, but I recommend treading lightly as both sides seem to be at war :/

Officially, Windower has no stance on the matter. Bots are bad. Controlling someone else's computer is bad. etc etc.

[cdgreg]

http://news.ffevo.com/

Revenge of the Roid Episode 9000 aka: C0d3r(W1zb1t) gets butthurt (again)
posted Oct 2, 2011 1:57 AM by RZN Administrator [ updated Oct 2, 2011 2:40 AM ]

If you are reading this you probably already know the forums are down again and if you know to check here then you already know why so you can just skip the rest of this.
For everyone else, our old friend um... I'm really not sure what the hell he's going by these days so I'm just going to call him wizzer, seems fitting. So wizzer has seen fit to attack ffevo.com again. I have to admit, I asked for it this time. I'm not saying his little tantrum is in anyway OK, on any level, for anyone over the age of 2 but, I did provoke this one. You see, back when we figured out how he was infecting his users I thought to myself. "self, someone should do something!" I agreed and thought it would only be fitting. This was also around the time i was working on the injection service for FFACEV. So i added a few lines of code so that if his bot was running it would send it a "close" message. The birds were singing, the sun shining. The world as a whole was a better place or, at the very least that shit was funny. Then some assclown blew the whistle... Something about farmbot, I want to use both, blah blah drama... drama... Hope he's happy, it would have taken wizzer years to figure it out on his own.

Now the fun part! I have attached the hit counts from this mornings ddos attack, its a fun way to see how wizzer is spending his users money.

PS I'll upload current versions here sometime. If you can't wait find our irc.

PPS By assclown I mean dlsmd([email protected])

| Attachments: IpHits9-30-11.xls

[Apelila]

Wait so the guy who runs FFEVO started this? Over wizbot?

http://www.planetcalypsoforum.com/ga...pot-kettle.jpg

[dasva]

Wait so the guy who runs FFEVO started this? Over wizbot?

Technically wizbot started it by attacking the FFEVO site. Supposedly often using wizbot to get wizbot users to unknowingly help. He was in all reality just trying to protect his site

[Byrthnoth]

FFEvo tolerates the creations of bots and stuff, but I'm under the impression most people aren't using their programs to dDOS websites that interfere with their (ever more irrelevant) botting market.

[dasva]

I don't really no for certain since I don't use wizbot and couldn't figure out if it was really anyways probably lol. Just saying what he's posted while the site was more or less down for long periods of time because of the attacks. Supposedly wizbot really really hates people using free bots instead of paying him money so he tries to get rid of them

[zaps]

which means wiz keeps attacking ffevo, and ffevo fights back.

regardless. The practice of intentionally putting back doors in programs isn't exactly new or necessarily bad. The practice of using these back doors for malicious intent instead of administration purposes basically turns wiz's bot into bloatware+virus. I don't blame ffevo for fighting back, wiz is a douche bag.

[The Blackrose]

So he's basically turning his pool of users into a botnet. How quaint. Pretty sure a few people would frown on his shenanigans.

[zaps]

I'm pretty sure most of his users don't know what a bot net is. That's probably half the problem.

[The Blackrose]

Was talking more along the lines of hosting/ISP. They don't like police showing up and potentially rolling off with their servers to investigate shit like this.

[Mojo]

I believe that this conflict actually began on more civil grounds. The FFACEV creator guy simply asserted that Wizbot was shitty program that mostly profited off the work of others. He was met with retaliation in that the Wizbot creator guy put some DDoS code into Wizbot so that all Wizbot users would DDoS FFEvo servers (which hosts a lot of free FFXI apps.) This is only a recent development in the ongoing battle between the two, although if you're going to choose sides I'd go with the person who doesn't attack web servers hosting unrelated free shit simply because a competitors program can be found there. Maybe I'm wrong though it's been a while since I first heard about this and you always hear one side of the story anyways.

[zaps]

Was talking more along the lines of hosting/ISP. They don't like police showing up and potentially rolling off with their servers to investigate shit like this.

That's a good call. ISP/Hosts have to deal with the extra loads on their equipment too. As well as law enforcement mucking stuff up even further.