From my understanding that detection is from macroquest2 that eqmule put in to send info to DBG, and that was one of the main reasons mqnext was made
I don't believe mqnext does anything like that, so you may be referring to that mq2 detection concept zaide.
I'm not saying they don't have a hack detection process that scans the programs running on my machine, or dont have the ability to detect injections within eqgame.exe - I've just never heard of that from eqlive (definitely have on eqemu/p99). However, I've used mq, mq2, mqnext, myseq since 2005 and never once was banned for it. (Even used to warp and ghost kill.)
So
S
Secrets
how are they detecting mqnext? Is it because I don't understand something in mqnext source that is disabled since they do not support TLP? I use a valid ServerID (I don't just comment out the /unload).
They're using this function, and K32EnumProcesses You can load IDA, search for K32EnumProcessModules (the string) and find it.
Retrieves a handle for each module in the specified process.
docs.microsoft.com
On login, they send a bit-shifted list of processes and module names that are disallowed. MQ2 normally excludes itself from this list, but the Launchpad.exe sends the same information to their servers and MQ2 does not hook into that. If your process (exe) or module (dll) is in the blacklist, your client will flag you for MQ2 usage and notify the server.
You can see this packet be sent every time you log in, though it's sent bit-shifted.
MQ2 currently does not exclude other cheat programs, such as server.exe and MySEQ.exe from that list, and it's only the executable or dll module name that they check presently. The list can be updated at any time on the server. It's fairly safe to say that MySEQ.exe is the only thing that could've flagged a lot of folks lately, or if you had MacroQuest2.exe running at the same time as the Launchpad.exe application.
Thus, if you were to erase all info about a MQ2 DLL being injected from the PEB, and not have MacroQuest2.exe loaded at all, you would evade Launchpad detection as long as you ran the client standalone on the PC your launch it from. Doing so would also raise suspicions, because they can track what PCs you haven't logged into the Launchpad with using their 3-step HWID process.
They iterate through every process on your PC that your user account has access to. Thus, you could theoretically hide MySEQ.exe and server.exe by using it on another Windows account with higher privilege. It'd be impossible to 'test to make sure that's working' unless you called the function yourself (you could write a MQ2 plugin to do that without being logged in) and test to see if the 'crc' matches the program you're trying to hide.
This same setup is present in other SOE games and is identical across the games in question.
So they have updated a few things since then - this being one of them.
They've also put a few layers of protection in other functions that MQNext has already bypassed in 2015, and has bypassed for years. But they've also done more to detect, and it's mostly done because the average MQ2 user can't help themselves and will warp, hack, or box on truebox if they absolutely want to - and they don't particularly care and are brazen about doing so because they are there to make money off of the game. Very few have personal enjoyment doing box armies, actually.
