Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

MouseKeyboardActivityMonitor.dll

- - - - -

  • Please log in to reply
15 replies to this topic

#1
epic

epic

    Advanced Member

  • Member
  • PipPipPip
  • 391 posts
  • Joined 13-January 05

Would anyone mind decompiling the dll included in Gamma Control?

 

It's supposedly 'safe,' but I'm having my doubts.

 

You can get it from the package from http://www.desktopne...rol?id=download

 

 

The program calling home and causing system hangs. Blocked via firewall

43.30.212.136
74.125.225.46
23.79.108.98


Edited by epic, 01 March 2014 - 08:11 PM.



How to remove advertisement from MSFN

#2
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,483 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

? This says it's OpenSource -

http://www.herdprote...32a4476491.aspx

http://globalmouseke...m/documentation

http://globalmouseke...ex.com/releases

You may have an "altered" one that may "steal" keystrokes?

Upload YOURS to VirusTotal.

You could ALSO download the "official" one and replace YOURS to see if the symptom disappears (which would prove yours has been tampered with)?


Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#3
epic

epic

    Advanced Member

  • Member
  • PipPipPip
  • 391 posts
  • Joined 13-January 05

Why in the world would I upload mine when I provided the link to the application distributing the dll



#4
bphlpt

bphlpt

    MSFN Addict

  • Member
  • PipPipPipPipPipPipPip
  • 1,930 posts
  • Joined 12-May 07
  • OS:none specified
  • Country: Country Flag

You may have an "altered" one that may "steal" keystrokes?

Upload YOURS to VirusTotal.

 

 

Why in the world would I upload mine when I provided the link to the application distributing the dll

 

No one was asking you to upload yours here, but rather to submit it to VirusTotal if you were concerned that it had any malware in it.

 

Cheers and Regards


Posted Image


#5
epic

epic

    Advanced Member

  • Member
  • PipPipPip
  • 391 posts
  • Joined 13-January 05

I may upload it there, but Virus Total isn't going to show anything more than what NOD32 or other Virus scanners pick up, nothing. It's too easy for a experienced programmer to bypass known scanning methods. The point is to decompile it and locate these IP's, if they're attached to this dll.

 

I'm looking to decompile the application to remove the ad and ip address' calling home. It's annoying and also severly lags the system.



#6
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 5,809 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

I'm looking to decompile the application to remove the ad and ip address' calling home. It's annoying and also severly lags the system.

 

Great. Then do it, already. It's obvious nobody has volunteered to do so for you... If you don't want any advice, stop posting about it.



#7
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,370 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

I really don' t  understand. :no:

 

You supposedly already have the IP's listed (the fact that you likely have two out of three or even three out of three :w00t: wrong is a side note).

 

Just §@c#ing run a few WHOIS queries, like here:

http://whois.domaintools.com/

 

23.79.108.98 ->Akamai <- let me doubt that the dll actually phones home to Akamai

74.125.225.46 ->Google <- let me doubt that the dll actually phones home to Google

43.30.212.136 :

person: Akira Kato
address: Keio University, Graduate School of Media Design
address: 4-1-1 Hiyoshi, Kohoku, Yokoahama 223-8526
country: JP

Since the Author of the Library is called George Mamaladze and is German:

http://globalmouseke...ex.com/releases

http://www.codeproje...oard-Hooks-in-C

allow me to also doubt that the .dll would connect to a domain of a professor at a Japan University:

 

Then simply try replacing the .dll version shipped with Gamma Control with the one from the official site (that will be v3.0.1.9579 whilst the one in Gamma Control is 3.0.1.39244) and see if the behaviour is the same, then IF it is, review the Source code for version v3.0.1.9579 and re-build it.

 

There is no need whatsoever to disassemble/decompile anything, and even if there was, it would be essentially your own homework.

 

jaclaz


Edited by jaclaz, 03 March 2014 - 06:03 AM.


#8
tain

tain

    Cyber Ops

  • Super Moderator
  • 3,549 posts
  • Joined 24-September 05
  • OS:none specified
  • Country: Country Flag

Donator

@jaclaz :yes: :golfclap:



#9
epic

epic

    Advanced Member

  • Member
  • PipPipPip
  • 391 posts
  • Joined 13-January 05

The IP's, as I stated before (perhaps I wasn't very clear), are both adsense.  I NEVER said the dll was calling home, I clearly stated IF, but still, I stated the "program" (IE: THE EXECUTABLE, AKA: an .EXE derpdederp) IS .. obviously you did not check it out.

 

If you bothered to open up the executable within reflector you'd see the ip's in there as well as facebook, twitter, and some other bul*****.


Edited by epic, 03 March 2014 - 09:27 AM.


#10
Tripredacus

Tripredacus

    K-Mart-ian Legend

  • Super Moderator
  • 9,882 posts
  • Joined 28-April 06
  • OS:Windows 7 x86
  • Country: Country Flag

Donator

If you bothered to open up the executable within reflector you'd see the ip's in there as well as facebook, twitter, and some other bul*****.

 

No need. You can see that it has integrated Twitter and Facebook functionality from their screenshots:

http://www.desktopne...?id=screenshots


MSFN RULES | GimageX HTA for PE 3-5 | lol probloms
tpxmsfn1_zps393339c1.jpg


#11
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,370 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

The IP's, as I stated before (perhaps I wasn't very clear), are both adsense.

The THREE addresses are BOTH adsense. Fascinating. :yes:
 

I NEVER said the dll was calling home or anything else, I stated the "program" IS .. obviously you did not check it out.

That's good :), as I NEVER said that you said that the .dll was calling home, I said how I doubted that the .dll was calling those addresses.
 
Of course I did not check "it" out, first thing because you did not ask to check "it" out for you (you asked about decompiling the .dll, which made, makes and will make no sense whatsoever, for the reasons exposed).
 
Quick layman comparison ;):
Q. My car does not start, can someone check the tires pressure for me?
A. No, you check your tires pressure and I doubt that your left front tire being at 32.362 psi is connected with the car failing to start.

jaclaz

#12
tain

tain

    Cyber Ops

  • Super Moderator
  • 3,549 posts
  • Joined 24-September 05
  • OS:none specified
  • Country: Country Flag

Donator

jaclaz, you clearly have not met your customer's requirements and are unlikely to receive payment for the work you have done until you have satisified all of his needs. :whistle:



#13
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,370 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

jaclaz, you clearly have not met your customer's requirements and are unlikely to receive payment for the work you have done until you have satisified all of his needs. :whistle:

Which is fine anyway :yes:, as I am doing this pro bono:

http://en.wikipedia.org/wiki/Pro_bono

 or - even better - as Professional courtesy:

http://en.wikipedia....sional_courtesy

 

Though of course I am sorry I didn't meet fully a fellow MSFNer's expectations. :( 

 

jaclaz



#14
tain

tain

    Cyber Ops

  • Super Moderator
  • 3,549 posts
  • Joined 24-September 05
  • OS:none specified
  • Country: Country Flag

Donator

Haha perhaps my sarcasm wasn't dripping enough; a common failure of mine :)



#15
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,483 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

I clearly stated (adding in the red to clarify)

 

You could ALSO download the "official" one and replace YOURS with IT to see if the symptom disappears (which would prove yours has been tampered with)?

Epic test scenario! That -is- the official one I gave the link to. Curious as to WHY you want to Decompile when the SOURCE is right there as well. :blink:

 

(Love it when a member totally ignores sound advice then argues...)


Edited by submix8c, 03 March 2014 - 01:53 PM.

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#16
jaclaz

jaclaz

    The Finder

  • Developer
  • 15,370 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Haha perhaps my sarcasm wasn't dripping enough; a common failure of mine :)

Naah, rest assured it was dripping enough :yes:, it's my own that is a bit less evident ;) due to my (only for today's special :whistle:) lower-than-normal level of grumpiness which forced me into adding some politically correct note...

 

jaclaz






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users