Community Forums > Voobly Support and Game Complaints Support > Client and Website related Problems and Questions > 1.6 Patch file detected as malware

1.6 Patch file detected as malware
Subscribe

 simolkaw


Posted 13 November 2021 - 10:55 pm
I do a random scan then i found a file (copylang.dll) on 1.6 Patch detected as threat (malware) i said maybe a mistake
then i go scan it online and 17 security vendors flagged this file as malicious.

what is the story ?
Link | Reply | Quote
 +pablo@voobly

Community Patch Developer


Posted 14 November 2021 - 1:10 am
Usually antivirus get suspicious of files and programs they don't know or that do something suspicious. That dll in particular handles the language change inside the v1.6 Game Data folder. Since it deletes and copies the different language files, it may look as more harmfull than it actually is.

Probably with time the antivirus will ignore it.
Link | Reply | Quote
 simolkaw


Posted 14 November 2021 - 9:16 pm
With the time more antiviruses detect it as threat
yesterday was 17 antivirus to 20 (today) security vendors flagged this file as malicious

[You must login to view link]
Link | Reply | Quote
 +mikael@voobly

Community Patch Developer


Posted 14 November 2021 - 9:52 pm
the antivirus behavious when you make a dll compatible with windows xp , and a dll that get registery key flag it like trojant and virus.
here the source code:
Code:
#include "copySelectedLanguageini.h" #include<iostream> #include<fstream> using namespace std; #define _en_KEY TEXT("SOFTWARE\\Voobly\\Voobly\\game\\13\\v1.6 RC\\") //#define _es_KEY TEXT("SOFTWARE\\Voobly\\Voobly\\game\\13\\v1.6 RC\\") //#define _chKEY TEXT("SOFTWARE\\Voobly\\Voobly\\game\\13\\v1.6 RC\\") bool LanguageReg( DWORD i) { DWORD dwDefault; HKEY hKey; LONG lResult; DWORD dwValue = 0x0; DWORD dwType; DWORD dwSize = sizeof(dwValue); bool res = false; TCHAR val[MAX_PATH] = ""; DWORD dataSize = sizeof(val); // First, check for a policy. lResult = RegOpenKeyEx(HKEY_CURRENT_USER, _en_KEY, 0, KEY_READ, &hKey); if (lResult == ERROR_SUCCESS) { if (i == 0x0) { lResult = RegQueryValueEx(hKey, "English", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x1) { lResult = RegQueryValueEx(hKey, "Espanol", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x2) { lResult = RegQueryValueEx(hKey, "Chinese", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x3) { lResult = RegQueryValueEx(hKey, "French", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x4) { lResult = RegQueryValueEx(hKey, "Italian", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x5) { lResult = RegQueryValueEx(hKey, "Japanese", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x6) { lResult = RegQueryValueEx(hKey, "Russe", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x7) { lResult = RegQueryValueEx(hKey, "Turk", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x8) { lResult = RegQueryValueEx(hKey, "Portugues", 0, &dwType, (LPBYTE)&val, &dataSize); } if (i == 0x9) { lResult = RegQueryValueEx(hKey, "Deutch", 0, &dwType, (LPBYTE)&val, &dataSize); } if (strcmp(val, "true") == 0)//L"v1.6 Game Data")) { res = true; } RegCloseKey(hKey); } return res; } bool isSameFIleSize() { //we check lanugage ini size bool sameSizeLanguage = false; ifstream in_file("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", ios::binary); in_file.seekg(0, ios::end); int file_size = in_file.tellg(); //English if (LanguageReg(0x0)) { ifstream in_file_en("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_en.ini", ios::binary); in_file_en.seekg(0, ios::end); int file_size_en = in_file_en.tellg(); sameSizeLanguage = file_size_en == file_size; } //Espanol if (LanguageReg(0x1)) { ifstream in_file_es("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_es.ini", ios::binary); in_file_es.seekg(0, ios::end); int file_size_es = in_file_es.tellg(); sameSizeLanguage = file_size_es == file_size; } //Chinese if (LanguageReg(0x2)) { ifstream in_file_zh("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_zh.ini", ios::binary); in_file_zh.seekg(0, ios::end); int file_size_zh = in_file_zh.tellg(); sameSizeLanguage = file_size_zh == file_size; } //French if (LanguageReg(0x3)) { ifstream in_file_fr("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_fr.ini", ios::binary); in_file_fr.seekg(0, ios::end); int file_size_fr = in_file_fr.tellg(); sameSizeLanguage = file_size_fr == file_size; } //Italian if (LanguageReg(0x4)) { ifstream in_file_it("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_it.ini", ios::binary); in_file_it.seekg(0, ios::end); int file_size_it = in_file_it.tellg(); sameSizeLanguage = file_size_it == file_size; } //Japanese if (LanguageReg(0x5)) { ifstream in_file_jp("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_jp.ini", ios::binary); in_file_jp.seekg(0, ios::end); int file_size_jp = in_file_jp.tellg(); sameSizeLanguage = file_size_jp == file_size; } //Russe if (LanguageReg(0x6)) { ifstream in_file_ru("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_ru.ini", ios::binary); in_file_ru.seekg(0, ios::end); int file_size_ru = in_file_ru.tellg(); sameSizeLanguage = file_size_ru == file_size; } //Turk if (LanguageReg(0x7)) { ifstream in_file_tr("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_tr.ini", ios::binary); in_file_tr.seekg(0, ios::end); int file_size_tr = in_file_tr.tellg(); sameSizeLanguage = file_size_tr == file_size; } //Portugues if (LanguageReg(0x8)) { ifstream in_file_br("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_br.ini", ios::binary); in_file_br.seekg(0, ios::end); int file_size_br = in_file_br.tellg(); sameSizeLanguage = file_size_br == file_size; } //Deutch if (LanguageReg(0x9)) { ifstream in_file_de("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_de.ini", ios::binary); in_file_de.seekg(0, ios::end); int file_size_de = in_file_de.tellg(); sameSizeLanguage = file_size_de == file_size; } return sameSizeLanguage; } void copySelectedLanguageini() { bool ignorUser = false; int cptSelectLang = 0; if (LanguageReg(0x0))//&& LanguageReg(0x1)) { cptSelectLang++; } if (LanguageReg(0x1)) { cptSelectLang++; } if (LanguageReg(0x2)) { cptSelectLang++; } if (LanguageReg(0x3)) { cptSelectLang++; } if (LanguageReg(0x4)) { cptSelectLang++; } if (LanguageReg(0x5)) { cptSelectLang++; } if (LanguageReg(0x6)) { cptSelectLang++; } if (LanguageReg(0x7)) { cptSelectLang++; } if (LanguageReg(0x8)) { cptSelectLang++; } if (LanguageReg(0x9)) { cptSelectLang++; } ignorUser = cptSelectLang > 1; if (ignorUser) { //we do nothing MessageBox(NULL, "Multiple languages selected we will ignore language changes", " ignore language changes ", MB_ICONINFORMATION); return; } bool sameSizeLanguage =isSameFIleSize(); if (sameSizeLanguage) { //we do nothing language is already changed return; } bool isSlectedLanguage = LanguageReg(0x0) || LanguageReg(0x1) || LanguageReg(0x2) || LanguageReg(0x3) || LanguageReg(0x4) || LanguageReg(0x5) || LanguageReg(0x6) || LanguageReg(0x7) || LanguageReg(0x8) || LanguageReg(0x9); if (!isSlectedLanguage) { //no language selected we ignore return; } if (isSlectedLanguage) { //DeleteFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini"); DeleteFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini"); } //English if (LanguageReg(0x0)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_en.ini","Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini",true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_en.ini","Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini",true); } //Espanol if (LanguageReg(0x1)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_es.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_es.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Chinese if (LanguageReg(0x2)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_zh.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_zh.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //French if (LanguageReg(0x3)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_fr.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_fr.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Italian if (LanguageReg(0x4)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_it.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_it.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Japanese if (LanguageReg(0x5)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_jp.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_jp.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Russe if (LanguageReg(0x6)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_ru.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_ru.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Turk if (LanguageReg(0x7)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_tr.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_tr.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Portugues if (LanguageReg(0x8)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_br.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_br.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //Deutch if (LanguageReg(0x8)) { //CopyFile("Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language_de.ini", "Voobly Mods\\AOC\\Data Mods\\WololoKingdoms DE\\language.ini", true); CopyFile("Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language_de.ini", "Voobly Mods\\AOC\\Data Mods\\v1.6 Game Data\\language.ini", true); } //sameSizeLanguage = isSameFIleSize(); if (!sameSizeLanguage) { system("taskkill /IM \"age2_x1.exe\" /F"); } }
Link | Reply | Quote
 freddynight


Posted 2 January 2022 - 12:39 pm
It's not your code Katsuie that triggers the false positive It's your compiler. Instead of using the regular MinGW, try CodeBlock's MinGW compiler
Link | Reply | Quote
 +mikael@voobly

Community Patch Developer


Posted 2 January 2022 - 4:17 pm
yes you can but be shure that will be compatible with win xp, wine linux and people no need library to run it.
Link | Reply | Quote
 +mikael@voobly

Community Patch Developer


Posted 2 January 2022 - 4:57 pm
ok this one is the best optimization we can do :) :
https://www.voobly.com/files/prompt/72117480
[You must login to view link]


Link | Reply | Quote
[1]
Displaying 1 - 7 out of 7 posts
Forum Jump:
1 User(s) are reading this topic (in the past 30 minutes)
0 members, 1 guests

What's popular right now:
AoKTS updates (64 users)
Word Association (63 users)
Devil May Cry (29 users)