The framework is there. wsock32.dll is an injector for eqgame.dll. I wouldn’t have gone about it that way (hint P99 developers — think French and German and look at how fopen is arbitrarily used in regards) due to the whole “trust” issue of the player base. So far, there is no detection there. There is just some copy/paste in the form of eqmain.dll.
Simply put, don’t run EverQuest as Administrator in Vista or 7 and the winsock injector (which is user-land kernel32 by design) won’t elevate to do anything nefarious with proper file system ACL. Windows XP however, is open to a disgustingly broad spectrum of problems.
Natively, this is allowing Project1999 to middle man the winsock API at the first layer (the point where it converts 1.x to 2.0 commands) and add additional nasty via helper DLL. Keep an eye on ws2_32.dll, wshtcpip.dll and wshiotp.dll activity calls if you’re tinfoil hat paranoid about it. It has the potential to go towards abuse of user-space privacy but in it’s current state it does no such thing.
Good luck and thanks for the concern. The sky is not falling, yet.
