Jump to content

MouseKeyboardActivityMonitor.dll

epic
 Share

Recommended Posts


submix8c

submix8c

Posted
Posted

? This says it's OpenSource -

http://www.herdprotect.com/mousekeyboardactivitymonitor.dll-38f54246273170d3a608760500e9d432a4476491.aspx

http://globalmousekeyhook.codeplex.com/documentation

http://globalmousekeyhook.codeplex.com/releases

You may have an "altered" one that may "steal" keystrokes?

Upload YOURS to VirusTotal.

You could ALSO download the "official" one and replace YOURS to see if the symptom disappears (which would prove yours has been tampered with)?

epic

epic

Posted
  • Author
Posted

Why in the world would I upload mine when I provided the link to the application distributing the dll

bphlpt

bphlpt

Posted
Posted

You may have an "altered" one that may "steal" keystrokes?

Upload YOURS to VirusTotal.

Why in the world would I upload mine when I provided the link to the application distributing the dll

No one was asking you to upload yours here, but rather to submit it to VirusTotal if you were concerned that it had any malware in it.

Cheers and Regards

epic

epic

Posted
  • Author
Posted

I may upload it there, but Virus Total isn't going to show anything more than what NOD32 or other Virus scanners pick up, nothing. It's too easy for a experienced programmer to bypass known scanning methods. The point is to decompile it and locate these IP's, if they're attached to this dll.

I'm looking to decompile the application to remove the ad and ip address' calling home. It's annoying and also severly lags the system.

dencorso

dencorso

Posted
Posted

I'm looking to decompile the application to remove the ad and ip address' calling home. It's annoying and also severly lags the system.

Great. Then do it, already. It's obvious nobody has volunteered to do so for you... If you don't want any advice, stop posting about it.

jaclaz

jaclaz

Posted
Posted (edited)

I really don' t understand. :no:

You supposedly already have the IP's listed (the fact that you likely have two out of three or even three out of three :w00t: wrong is a side note).

Just §@c#ing run a few WHOIS queries, like here:

http://whois.domaintools.com/

23.79.108.98 ->Akamai <- let me doubt that the dll actually phones home to Akamai

74.125.225.46 ->Google <- let me doubt that the dll actually phones home to Google

43.30.212.136 :

person: Akira Kato
address: Keio University, Graduate School of Media Design
address: 4-1-1 Hiyoshi, Kohoku, Yokoahama 223-8526
country: JP

Since the Author of the Library is called George Mamaladze and is German:

http://globalmousekeyhook.codeplex.com/releases

http://www.codeproject.com/Articles/7294/Processing-Global-Mouse-and-Keyboard-Hooks-in-C

allow me to also doubt that the .dll would connect to a domain of a professor at a Japan University:

Then simply try replacing the .dll version shipped with Gamma Control with the one from the official site (that will be v3.0.1.9579 whilst the one in Gamma Control is 3.0.1.39244) and see if the behaviour is the same, then IF it is, review the Source code for version v3.0.1.9579 and re-build it.

There is no need whatsoever to disassemble/decompile anything, and even if there was, it would be essentially your own homework.

jaclaz

Edited by jaclaz
epic

epic

Posted
  • Author
Posted (edited)

The IP's, as I stated before (perhaps I wasn't very clear), are both adsense. I NEVER said the dll was calling home, I clearly stated IF, but still, I stated the "program" (IE: THE EXECUTABLE, AKA: an .EXE derpdederp) IS .. obviously you did not check it out.

If you bothered to open up the executable within reflector you'd see the ip's in there as well as facebook, twitter, and some other bul*****.

Edited by epic
jaclaz

jaclaz

Posted
Posted

The IP's, as I stated before (perhaps I wasn't very clear), are both adsense.

The THREE addresses are BOTH adsense. Fascinating. :yes:

I NEVER said the dll was calling home or anything else, I stated the "program" IS .. obviously you did not check it out.

That's good :), as I NEVER said that you said that the .dll was calling home, I said how I doubted that the .dll was calling those addresses.

Of course I did not check "it" out, first thing because you did not ask to check "it" out for you (you asked about decompiling the .dll, which made, makes and will make no sense whatsoever, for the reasons exposed).

Quick layman comparison ;):

Q. My car does not start, can someone check the tires pressure for me?

A. No, you check your tires pressure and I doubt that your left front tire being at 32.362 psi is connected with the car failing to start.

jaclaz

tain

tain

Posted
Posted

jaclaz, you clearly have not met your customer's requirements and are unlikely to receive payment for the work you have done until you have satisified all of his needs. :whistle:

jaclaz

jaclaz

Posted
Posted

jaclaz, you clearly have not met your customer's requirements and are unlikely to receive payment for the work you have done until you have satisified all of his needs. :whistle:

Which is fine anyway :yes:, as I am doing this pro bono:

http://en.wikipedia.org/wiki/Pro_bono

or - even better - as Professional courtesy:

http://en.wikipedia.org/wiki/Professional_courtesy

Though of course I am sorry I didn't meet fully a fellow MSFNer's expectations. :(

jaclaz

submix8c

submix8c

Posted
Posted (edited)

I clearly stated (adding in the red to clarify)

You could ALSO download the "official" one and replace YOURS with IT to see if the symptom disappears (which would prove yours has been tampered with)?

Epic test scenario! That -is- the official one I gave the link to. Curious as to WHY you want to Decompile when the SOURCE is right there as well. :blink:

(Love it when a member totally ignores sound advice then argues...)

Edited by submix8c

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...