Support NeoGAF

[RionaaM]

Take a picture of a 25 page thread of hackers and trainer makers all freaking out over steams latest update about how it installed some kind of malware/rootkit that takes control of windows system dlls? okay, just see for your self if you want a source.

Where does it show that Steam takes control of Windows system .dlls? You can quote that part.

 

[HoodWinked]

Summer Sale 201....3

this is the year they dont have one :3

 

[HoosTrax]

I still got my inventory copies of Dota 2. Anyone wanna buy? $30 a piece.

Weird. All four in my inventory disappeared.

 

[Ryan_]

I still got my inventory copies of Dota 2. Anyone wanna buy? $30 a piece.

What a bargain!

 

[Thieve]

Oh, wow, all my extra copies of DOTA2 are gone! Checking previous posts, seems this happened to everyone else. I get to keep the game, right? Is DOTA2 release F2P or they put a price tag to it?

Aww, I wanted to keep at least one :\. I do that with all the Beta invites.

 

[jediyoshi]

Take a picture of a 25 page thread of hackers and trainer makers all freaking out over steams latest update about how it installed some kind of malware/rootkit that takes control of windows system dlls? okay, just see for your self if you want a source.

Mmm, not sure that's how citations and proofing work

 

[HoosTrax]

My TF2 inventory disappeared :|

 

[Exuro]

My TF2 inventory disappeared :|

TF3 release imminent.

 

[super-famicom]

Summer Sale 201....3

this is the year they dont have one :3

Steam servers must be in Westeros, since winters can last a looong time over there.

 

[I am Michael Bolton]

Steam just stealth rooted everyone. No, seriously. Remember Blizzard's "Warden" anti-cheat measures? Well, Steam has something like that now. Hooks into core Windows DLLs and if you try to use a trainer in a game, it doesn't matter if you're online or offline, it'll crash out. In fact, it doesn't even matter if it's a Steam game. I put most of my GoG collection into the Steam launcher because, what the hell, why not - but go to use a trainer or edit the memory, and it's game over.

This is a level of invasive, malware-like activity that concerns me greatly. I sometimes cheat in single player games. I don't give half a shit about achievements, I just like to enjoy the game on my terms. They're single-player, why not? Apparently because Valve says so, is why not.

Here's a thread with people freaking out about it, there's another source but its not really legit and don't want to link it.
http://steamcommunity.com/discussions/forum/0/864972621156907811/#p3

Been using FF7 saves the last few days that have activated achievements without me actually doing anything, simply because the save I used was far enough into the game. No problems. Not sure if that qualifies though.

 

[Thieve]

TF3 release imminent.

Team Fourtress. Valve can't 3.

 

[Hawkie]

My TF2 inventory disappeared :|

Pirate Gaben has plundered all the TF2 items and you have to use Mystery Cards to find the secret location to get them back.

 

[daninthemix]

Been using FF7 saves the last few days that have activated achievements without me actually doing anything, simply because the save I used was far enough into the game. No problems. Not sure if that qualifies though.

No, it'll only be trainers that fiddle with the game's memory while it's running that are an issue.

I hope not though. That would be extremely invasive of Valve to do that.

 

[Grief.exe]

No, it'll only be trainers that fiddle with the game's memory while it's running that are an issue.

I hope not though. That would be extremely invasive of Valve to do that.

And completely against their policies so far.

 

[XANDER CAGE]

So that means no Bolopatch in JC2? Valve pls

 

[Acorn]

Wow thats a shitty move valve.

 

[Ogedai_Khan]

Pirate Gaben has plundered all the TF2 items and you have to use Mystery Cards to find the secret location to get them back.

Stahp! I don't have any of these mystery card things.

 

[Salsa]

maybe they wanna link cards to achievements

 

[Cth]

EDIT: Already covered

 

[Razorskin]

Need a better source for that Steam rooting claim.

 

[Exuro]

maybe they wanna link cards to achievements

And/or achievements to future events. The Treasure hunt summer sale was my favorite because of the achievement hunting for dlc stuff.

 

[Im_Special]

Need a better source for that Steam rooting claim.

Then go look for one your self, seriously if you need hand holding to this degree linking to more dll talk is just going to explode your brain. Anyway here is another source from the popular Cheat Engine forums http://forum.cheatengine.org/viewtopic.php?t=566285

 

[Grief.exe]

Right as Dota gets released

Works for me.

 

[Crimsonclaw111]

I bought the Half Life Pack GAF. What order do I play them in?

 

[Echoplx]

I bought the Half Life Pack GAF. What order do I play them in?

Half Life 3 first

 

[The_Monk]

I knew I was going to see that image, fellow GAFfer Grief did it right!

 

[grindamasta]

So, 10 minutes ago I was looking into Dragon Nest store page, and now, after reloading the browser, it says that is region locked or some shit... WTF Is this game really region locked ??

http://store.steampowered.com/app/11610

 

[Crimsonclaw111]

Half Life 3 first

Half Life 3 beta confirmed.

 

[Monado Blade]

I bought the Half Life Pack GAF. What order do I play them in?

In the order they came out of course

 

[Razorskin]

Then go look for one your self, seriously if you need hand holding to this degree linking to more dll talk is just going to explode your brain. Anyway here is another source from the popular Cheat Engine forums http://forum.cheatengine.org/viewtopic.php?t=566285

Maybe just Steam changing how memory addresses work which fucks up trainers.

 

[Crimsonclaw111]

In the order they came out of course

Well yea but I was talking mostly about the various expansions.

 

[dave is ok]

Maybe they don't want people cheating to get their special Summer Sale achievements

Spoiler

dear god please have special summer sale achivements

 

[HoosTrax]

Is Half-Life Source an official remake?

One of these days, I'm going to make another earnest attempt to try to play through the HL series without either of these things happening within the first half an hour: a) falling asleep, b) wanting to puke my guts out due to motion sickness, or c) both of the above

 

[Monado Blade]

Maybe just Steam changing how memory addresses work which fucks up trainers.

I feel this is the most likely explanation. Doesn't make any sense for Valve to take action this late in the game

 

[Alcoholikaust]

I bought the Half Life Pack GAF. What order do I play them in?

Black Mesa first

 

[Tenrius]

I bought the Half Life Pack GAF. What order do I play them in?

Release order.

 

[Monado Blade]

Well yea but I was talking mostly about the various expansions.

My suggestion still applies.

Is Half-Life Source an official remake?

Not quite. It's just the original game recompiled with the source engine. All models and textures are the same bit now they have some extra particle effects. Some new physics too I think

 

[Tenrius]

Well yea but I was talking mostly about the various expansions.

HL1 → Blue Shift → Opposing Force → HL2 → Ep. 1 → Ep. 2

 

[Omikron]

Black Mesa first

This is the worst advice.

 

[scorpscarx]

Yall should just read through the Steam discussion... http://steamcommunity.com/discussions/forum/0/864972621156907811/?tscn=1373414080#p4

 

[Monado Blade]

Release order.

HL1 → Blue Shift → Opposing Force → HL2 → Ep. 1 → Ep. 2

Actually Blue Shift came after Opposing Force, but that's a good enough order

 

[RionaaM]

Then go look for one your self, seriously if you need hand holding to this degree linking to more dll talk is just going to explode your brain. Anyway here is another source from the popular Cheat Engine forums http://forum.cheatengine.org/viewtopic.php?t=566285

You're the one claiming that Steam is affecting Windows .dlls and all that shady shit. The burden of proof is on you.

Attacking the person asking you for it doesn't help much to your argument's credibility.

 

[Monado Blade]

Black Mesa first

No, Black Mesa last

 

[HoosTrax]

Yall should just read through the Steam discussion... http://steamcommunity.com/discussions/forum/0/864972621156907811/?tscn=1373414080#p4

The last few posts say another update just got pushed and fixes the issue? That's what I got out of it anyways.

---

Unrelated, but I've been having this really irritating issue with GAF the past couple of weeks, where if I edit a post, the GAF page just stalls and spins endlessly and won't go back to the thread like it should.

 

[Overdoziz]

Well, excuuuuuuse me.

 

[scorpscarx]

The last few posts say another update just got pushed and fixes the issue? That's what I got out of it anyways.

Yeah that plus, there are a good couple of technical posts that explain what it did exactly on the last couple of pages....

Yea I just f5 the page, and the edit screen goes away.

 

[Im_Special]

You're the one claiming that Steam is affecting Windows .dlls and all that shady shit. The burden of proof is on you.

Attacking the person asking you for it doesn't help much to your argument's credibility.

NORMAL API LIBRARY FUNCTION IN KERNEL32.DLL

766049BF - 8B FF - mov edi,edi
766049C1 - 55 - push ebp
766049C2 - 8B EC - mov ebp,esp
766049C4 - 83 7D 08 00 - cmp dword ptr [ebp+08],00
766049C8 - 53 - push ebx
766049C9 - 56 - push esi
766049CA - 57 - push edi
766049CB - 74 17 - je 766049E4
766049CD - 68 F8496076 - push 766049F8 : ["twain_32.dll"]
766049D2 - FF 75 08 - push [ebp+08]
766049D5 - E8 30000000 - call 76604A0A : [->76FDC7D9]
766049DA - 59 - pop ecx
766049DB - 59 - pop ecx
766049DC - 85 C0 - test eax,eax
766049DE - 0F84 6EEE0200 - je 76633852
766049E4 - 6A 00 - push 00
766049E6 - 6A 00 - push 00
766049E8 - FF 75 08 - push [ebp+08]
766049EB - E8 F5FEFFFF - call 766048E5 : [->74BB2CCC]
766049F0 - 5F - pop edi
766049F1 - 5E - pop esi
766049F2 - 5B - pop ebx
766049F3 - 5D - pop ebp
766049F4 - C2 0400 - ret 0004

STEAM GAME RUNNING SAME LOCATION:


766049BF - E9 06B70F00 - jmp 767000CA
766049C4 - 83 7D 08 00 - cmp dword ptr [ebp+08],00
766049C8 - 53 - push ebx
766049C9 - 56 - push esi
766049CA - 57 - push edi
766049CB - 74 17 - je 766049E4
766049CD - 68 F8496076 - push 766049F8 : ["twain_32.dll"]
766049D2 - FF 75 08 - push [ebp+08]
766049D5 - E8 30000000 - call 76604A0A : [->76FDC7D9]
766049DA - 59 - pop ecx
766049DB - 59 - pop ecx
766049DC - 85 C0 - test eax,eax
766049DE - 0F84 6EEE0200 - je 76633852
766049E4 - 6A 00 - push 00
766049E6 - 6A 00 - push 00
766049E8 - FF 75 08 - push [ebp+08]
766049EB - E8 F5FEFFFF - call 766048E5 : [->74BB2CCC]
766049F0 - 5F - pop edi
766049F1 - 5E - pop esi
766049F2 - 5B - pop ebx
766049F3 - 5D - pop ebp
766049F4 - C2 0400 - ret 0004

NOTE THE CHANGE HERE:

766049BF - E9 06B70F00 - jmp 767000CA


which goes here:

767000CA -E9 21F258E8 JMP gameover.5EC8F2F0

then points to a function in this steam .dll

gameover.dll

which you can look at the list of things that steam says is 'ok' to be running on your cpu (like the punkbuster .dll's, etc.)

5EC8F369 8B3D C8A1CA5E MOV EDI,DWORD PTR DS:[<&KERNEL32.GetModu>; kernel32.GetModuleHandleA
5EC8F36F 68 04E7CA5E PUSH gameover.5ECAE704 ; ASCII "pbcl.dll"
5EC8F374 FFD7 CALL EDI
5EC8F376 85C0 TEST EAX,EAX
5EC8F378 75 33 JNZ SHORT gameover.5EC8F3AD
5EC8F37A 68 F8E6CA5E PUSH gameover.5ECAE6F8 ; ASCII "pbcls.dll"
5EC8F37F FFD7 CALL EDI
5EC8F381 85C0 TEST EAX,EAX
5EC8F383 75 28 JNZ SHORT gameover.5EC8F3AD
5EC8F385 68 ECE6CA5E PUSH gameover.5ECAE6EC ; ASCII "pbcag.dll"
5EC8F38A FFD7 CALL EDI
5EC8F38C 85C0 TEST EAX,EAX
5EC8F38E 75 1D JNZ SHORT gameover.5EC8F3AD
5EC8F390 68 E0E6CA5E PUSH gameover.5ECAE6E0 ; ASCII "pbcags.dll"
5EC8F395 FFD7 CALL EDI
5EC8F397 85C0 TEST EAX,EAX
5EC8F399 75 12 JNZ SHORT gameover.5EC8F3AD
5EC8F39B 68 D4E6CA5E PUSH gameover.5ECAE6D4 ; ASCII "pbsv.dll"


and sets up an error here:

5EC8F3C7 FF15 D8A0CA5E CALL DWORD PTR DS:[<&KERNEL32.SetLastError>] ; kernel32.SetLastError

and crashes your game if something steam doesn't 'like' happens

and then otherwise, backtracks back to the windows system api after hooking it.


if you have any tools, and can actually get them to access the game without it crashing, then you can see that this is true..

there is ZERO DOUBT steam is hooking api's in the kernel32.dll WINDOWS SYSTEM .DLL

PERIOD..

 

[BeEatNU]

Oh, wow, all my extra copies of DOTA2 are gone! Checking previous posts, seems this happened to everyone else. I get to keep the game, right? Is DOTA2 release F2P or they put a price tag to it?

I'm glad I gave my friend the copy I had last night

 

[Grief.exe]

You're the one claiming that Steam is affecting Windows .dlls and all that shady shit. The burden of proof is on you.

Attacking the person asking you for it doesn't help much to your argument's credibility.

My thoughts exactly, well said.

The last few posts say another update just got pushed and fixes the issue? That's what I got out of it anyways.

---

Unrelated, but I've been having this really irritating issue with GAF the past couple of weeks, where if I edit a post, the GAF page just stalls and spins endlessly and won't go back to the thread like it should.

They probably utilized that during E3 to lower the burden on servers. I kind of remember it cropping up around that time.

Well, excuuuuuuse me.

Any excuse to post that image lol

 

[NaM]

Every time someone says HL3 a kitty is killed.