epic

MouseKeyboardActivityMonitor.dll

16 posts in this topic

Would anyone mind decompiling the dll included in Gamma Control?

It's supposedly 'safe,' but I'm having my doubts.

You can get it from the package from http://www.desktopnerds.com/product-gammacontrol?id=download

The program calling home and causing system hangs. Blocked via firewall

43.30.212.136
74.125.225.46
23.79.108.98

Edited by epic
0

Share this post


Link to post
Share on other sites

? This says it's OpenSource -

http://www.herdprotect.com/mousekeyboardactivitymonitor.dll-38f54246273170d3a608760500e9d432a4476491.aspx

http://globalmousekeyhook.codeplex.com/documentation

http://globalmousekeyhook.codeplex.com/releases

You may have an "altered" one that may "steal" keystrokes?

Upload YOURS to VirusTotal.

You could ALSO download the "official" one and replace YOURS to see if the symptom disappears (which would prove yours has been tampered with)?

0

Share this post


Link to post
Share on other sites

Why in the world would I upload mine when I provided the link to the application distributing the dll

0

Share this post


Link to post
Share on other sites

You may have an "altered" one that may "steal" keystrokes?

Upload YOURS to VirusTotal.

Why in the world would I upload mine when I provided the link to the application distributing the dll

No one was asking you to upload yours here, but rather to submit it to VirusTotal if you were concerned that it had any malware in it.

Cheers and Regards

0

Share this post


Link to post
Share on other sites

I may upload it there, but Virus Total isn't going to show anything more than what NOD32 or other Virus scanners pick up, nothing. It's too easy for a experienced programmer to bypass known scanning methods. The point is to decompile it and locate these IP's, if they're attached to this dll.

I'm looking to decompile the application to remove the ad and ip address' calling home. It's annoying and also severly lags the system.

0

Share this post


Link to post
Share on other sites

I'm looking to decompile the application to remove the ad and ip address' calling home. It's annoying and also severly lags the system.

Great. Then do it, already. It's obvious nobody has volunteered to do so for you... If you don't want any advice, stop posting about it.

0

Share this post


Link to post
Share on other sites

I really don' t understand. :no:

You supposedly already have the IP's listed (the fact that you likely have two out of three or even three out of three :w00t: wrong is a side note).

Just §@c#ing run a few WHOIS queries, like here:

http://whois.domaintools.com/

23.79.108.98 ->Akamai <- let me doubt that the dll actually phones home to Akamai

74.125.225.46 ->Google <- let me doubt that the dll actually phones home to Google

43.30.212.136 :

person: Akira Kato
address: Keio University, Graduate School of Media Design
address: 4-1-1 Hiyoshi, Kohoku, Yokoahama 223-8526
country: JP

Since the Author of the Library is called George Mamaladze and is German:

http://globalmousekeyhook.codeplex.com/releases

http://www.codeproject.com/Articles/7294/Processing-Global-Mouse-and-Keyboard-Hooks-in-C

allow me to also doubt that the .dll would connect to a domain of a professor at a Japan University:

Then simply try replacing the .dll version shipped with Gamma Control with the one from the official site (that will be v3.0.1.9579 whilst the one in Gamma Control is 3.0.1.39244) and see if the behaviour is the same, then IF it is, review the Source code for version v3.0.1.9579 and re-build it.

There is no need whatsoever to disassemble/decompile anything, and even if there was, it would be essentially your own homework.

jaclaz

Edited by jaclaz
0

Share this post


Link to post
Share on other sites

@jaclaz :yes: :golfclap:

0

Share this post


Link to post
Share on other sites

The IP's, as I stated before (perhaps I wasn't very clear), are both adsense. I NEVER said the dll was calling home, I clearly stated IF, but still, I stated the "program" (IE: THE EXECUTABLE, AKA: an .EXE derpdederp) IS .. obviously you did not check it out.

If you bothered to open up the executable within reflector you'd see the ip's in there as well as facebook, twitter, and some other bul*****.

Edited by epic
0

Share this post


Link to post
Share on other sites

The IP's, as I stated before (perhaps I wasn't very clear), are both adsense.

The THREE addresses are BOTH adsense. Fascinating. :yes:

I NEVER said the dll was calling home or anything else, I stated the "program" IS .. obviously you did not check it out.

That's good :), as I NEVER said that you said that the .dll was calling home, I said how I doubted that the .dll was calling those addresses.

Of course I did not check "it" out, first thing because you did not ask to check "it" out for you (you asked about decompiling the .dll, which made, makes and will make no sense whatsoever, for the reasons exposed).

Quick layman comparison ;):

Q. My car does not start, can someone check the tires pressure for me?

A. No, you check your tires pressure and I doubt that your left front tire being at 32.362 psi is connected with the car failing to start.

jaclaz

0

Share this post


Link to post
Share on other sites

jaclaz, you clearly have not met your customer's requirements and are unlikely to receive payment for the work you have done until you have satisified all of his needs. :whistle:

0

Share this post


Link to post
Share on other sites

jaclaz, you clearly have not met your customer's requirements and are unlikely to receive payment for the work you have done until you have satisified all of his needs. :whistle:

Which is fine anyway :yes:, as I am doing this pro bono:

http://en.wikipedia.org/wiki/Pro_bono

or - even better - as Professional courtesy:

http://en.wikipedia.org/wiki/Professional_courtesy

Though of course I am sorry I didn't meet fully a fellow MSFNer's expectations. :(

jaclaz

0

Share this post


Link to post
Share on other sites

Haha perhaps my sarcasm wasn't dripping enough; a common failure of mine :)

0

Share this post


Link to post
Share on other sites

I clearly stated (adding in the red to clarify)

You could ALSO download the "official" one and replace YOURS with IT to see if the symptom disappears (which would prove yours has been tampered with)?

Epic test scenario! That -is- the official one I gave the link to. Curious as to WHY you want to Decompile when the SOURCE is right there as well. :blink:

(Love it when a member totally ignores sound advice then argues...)

Edited by submix8c
0

Share this post


Link to post
Share on other sites

Haha perhaps my sarcasm wasn't dripping enough; a common failure of mine :)

Naah, rest assured it was dripping enough :yes:, it's my own that is a bit less evident ;) due to my (only for today's special :whistle:) lower-than-normal level of grumpiness which forced me into adding some politically correct note...

jaclaz

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.