MMOElites: Rift As An Unprivileged User - MMOElites

Jump to content

All sales are currently suspended while we consider different methods of releasing tools.

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Rift As An Unprivileged User

#1 User is offline   Urguwno  Icon

  • Thank you for not littering your mind.
  • Group: Member
  • Posts: 94
  • Joined: 01-August 10
  • Thanked: 45
  • LocationDallas

Posted 06 March 2011 - 04:38 PM

It appears Trion has access to your process list and is monitoring for naughty bits. It's time to hide your wives, hide your children....

The attached batch file will do the following for you:
  • Create a normal unprivileged user account. The Username/Password is Yoda/Password1.
  • Set the registry key to remove Yoda from the logon screen. (We're just using it to launch Rift.)
  • Set permissions on the Rift folder to give Yoda full control. (for patching)
  • Create a batch file on your desktop to run Rift with the Yoda account. (using PsExec)
  • Set the registry key to prevent the Rift Error Handler from running.
  • Copy your old %AppData%\Rift configuration files to the new account.

Note: You can find/replace Yoda/Password1 with whatever name and password you like -- stay away from spaces and special characters.


Prerequisites:
  • You must have Windows Vista 64-bit or Windows 7 64-bit. I may write 32-bit instructions later.
  • You must have Rift installed into the default folder. (or you can find/replace with your path)
  • Download and install Debugging Tools for Windows 64-bit into the default folder.
    http://msdl.microsof..._6.11.1.404.msi
    CDB.EXE should be in "C:\Program Files\Debugging Tools for Windows (x64)".
  • Download PsExec.exe and put it somewhere in the path. I suggest just dropping it in your C:\Windows\System32 folder.
    http://download.sysi...les/PsTools.zip


Instructions:
  • Rename INSTALL.TXT to INSTALL.CMD.
  • Right-click INSTALL.CMD and choose Run As Administrator. Delete INSTALL.CMD when finished.
  • Any time you want to run Rift, launch the RIFT.CMD file on your desktop.

Note: The Windows security model will only allow a normal user to see their processes (.exe names) and the processes being run as services. Run Cheat Engine, AutoIt, Olly, etc. with your regular administrator account and they will be hidden from Trion.


Troubleshooting
  • See the Prerequisites section.
  • Everything is assumed to be on the C: drive. Change this in the install.cmd if you need to.
  • Disable User Account Control (UAC) in Control Panel if you have major problems.
  • Check Task Manager to verify Rift is running as the new account.
  • Sometimes the OS will create a new user account folder with the PC name appended. (e.g. C:\Users\Yoda.MyPC)
    If you don't see your characters at logon:
    1) Start / Run / %appdata%
    2) Copy the Rift folder
    3) Paste the Rift folder into the path for your new unprivileged user account. (overwrite)
    e.g. C:\Users\Yoda.MyPC\\AppData\Roaming\
  • PM me if you have any problems.


04/10 Edit - Accidentally left CALC.EXE in there previously which I was using for testing.

Attached File(s)



Thanked by 3 Members:

#2 User is offline   blinkosbox  Icon

  • Group: Member
  • Posts: 4
  • Joined: 06-March 11
  • Thanked: 0

Posted 06 March 2011 - 06:17 PM

View PostUrguwno, on 06 March 2011 - 04:38 PM, said:

It appears Trion has access to your process list and is monitoring for naughty bits. It's time to hide your wives, hide your children....

The attached batch file will do the following for you:
  • Create a normal unprivileged user account. The Username/Password is Yoda/Password1.
  • Set the registry key to remove Yoda from the logon screen. (We're just using it to launch Rift.)
  • Set permissions on the Rift folder to give Yoda full control. (for patching)
  • Create a batch file on your desktop to run Rift with the Yoda account. (using PsExec)
  • Set the registry key to prevent the Rift Error Handler from running.
  • Copy your old %AppData%\Rift configuration files to the new account.

Note: You can find/replace Yoda/Password1 with whatever name and password you like -- stay away from spaces and special characters.


Prerequisites:
  • You must have Windows Vista 64-bit or Windows 7 64-bit. I may write 32-bit instructions later.
  • Download and install Debugging Tools for Windows 64-bit using the default path.
    http://msdl.microsof..._6.11.1.404.msi
    CDB.EXE should be in "C:\Program Files\Debugging Tools for Windows (x64)".
  • Download PsExec.exe and put it somewhere in the path. I suggest just dropping it in your C:\Windows\System32 folder.
    http://download.sysi...les/PsTools.zip


Instructions:
  • Rename INSTALL.TXT to INSTALL.CMD.
  • Right-click INSTALL.CMD and choose Run As Administrator. Delete INSTALL.CMD when finished.
  • Any time you want to run Rift, launch the RIFT.CMD file on your desktop.

Note: The Windows security model will only allow a normal user to see their processes (.exe names) and the processes being run as services. Run Cheat Engine, AutoIt, Olly, etc. with your regular administrator account and they will be hidden from Trion.


Troubleshooting
  • See the Prerequisites section.
  • Everything is assumed to be on the C: drive. Change this in the install.cmd if you need to.
  • Disable User Account Control (UAC) in Control Panel if you have major problems.
  • Check Task Manager to verify Rift is running as the new account.
  • PM me if you have any problems.


This is rather unique i tried this since the release, actually just now...
I noticed the same email is required to login, but then all my current characters are gone like it's a completely new account it's kind of confusing actually, but really neat.


#3 User is offline   Urguwno  Icon

  • Thank you for not littering your mind.
  • Group: Member
  • Posts: 94
  • Joined: 01-August 10
  • Thanked: 45
  • LocationDallas

Posted 06 March 2011 - 08:43 PM

View Postblinkosbox, on 06 March 2011 - 05:17 PM, said:

I noticed the same email is required to login, but then all my current characters are gone like it's a completely new account it's kind of confusing actually, but really neat.


That problem should be fixed by copying the %appdata%\Rift folder to the new profile, which the install.cmd does for you.


#4 User is offline   dodgydan  Icon

  • Group: Member
  • Posts: 3
  • Joined: 03-March 11
  • Thanked: 1

Posted 08 March 2011 - 09:57 AM

Does this have any effect on their ability to read the clipboard contents at all?
I was thinking about adding in a little clipboard cleaning code to my project, even though that might be a touch annoying at times.


#5 User is offline   Urguwno  Icon

  • Thank you for not littering your mind.
  • Group: Member
  • Posts: 94
  • Joined: 01-August 10
  • Thanked: 45
  • LocationDallas

Posted 08 March 2011 - 11:09 AM

View Postdodgydan, on 08 March 2011 - 08:57 AM, said:

Does this have any effect on their ability to read the clipboard contents at all?


Nope. The Windows security model shares the clipboard with the entire window station.

You could use a very simple AutoIt script to keep the clipboard cleaned.

http://www.autoitscr...ons/ClipPut.htm

HotKeySet ("{F9}", "start")
HotKeySet ("{F10}", "pause")

Func pause ()
	While 1
		Sleep (50)
	WEnd
EndFunc

Func start ()
	While 1
		ClipPut ("")
		Sleep (25)
	WEnd
EndFunc

While 1
	Sleep (25)
WEnd

Attached File(s)



#6 User is offline   extinction  Icon

  • Group: Member
  • Posts: 1
  • Joined: 27-April 11
  • Thanked: 0

Posted 29 April 2011 - 03:06 AM

so me being a clueless wit, how much would u recommend to use this method? versus using the bot normal as-is?


#7 User is offline   Amadeus  Icon

  • Group: Member
  • Posts: 37
  • Joined: 09-April 11
  • Thanked: 6

Posted 29 April 2011 - 04:08 AM

Quote

It appears Trion has access to your process list and is monitoring for naughty bits. It's time to hide your wives, hide your children....


Out of idle curiosity, from where (or how) did you come to this conclusion? I'm not doubting that it's true, I just wouldn't mind checking out the underlying code, etc.

I've been running some "extra software" quite a bit lately and I've noticed that the "temporary ban" from the shard event only happens in a very specific situation: crashing and letting the game "hang" too long, or breaking with a debugger and letting the game "hang" too long. Perhaps that situation causes the process scan to which you are referring...

I suppose I could go search for the typical things used to scan the processes. But, I guess I had a feeling they weren't just using the regular Windows API calls.


#8 User is offline   Amadeus  Icon

  • Group: Member
  • Posts: 37
  • Joined: 09-April 11
  • Thanked: 6

Posted 04 May 2011 - 01:29 AM

No answer/thoughts on my question?


#9 User is offline   V0gelz  Icon

  • Group: Member
  • Posts: 57
  • Joined: 10-April 11
  • Thanked: 23

Posted 04 May 2011 - 01:50 AM

I'm wondering like Amadeus aswell. As he said it only happens with the game crashes unexpected/hangs to long and dc's. I can just use my mod aswell with that stupid debugger of theirs..


#10 User is offline   jayswag  Icon

  • Group: Member
  • Posts: 177
  • Joined: 11-April 11
  • Thanked: 56

Posted 04 May 2011 - 04:15 PM

ditto


  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users