- Joined
- Dec 9, 2007
- Messages
- 3,096
Well since I don't know which language you can inject into this exploit... If it could be any (which I'm sure that isn't the case) then it would be quite easy.
I have no idea which language is that...
VBScript?
Well since I don't know which language you can inject into this exploit... If it could be any (which I'm sure that isn't the case) then it would be quite easy.
VBScript? you sure? Anyway if so, then it's quite easy to check for processes
Another virus vulnerability. WC3 isn't safe until next patch. This allows us to run batch script on a computer on startup... Just write out to a batch file located in Start > Programs > Startup, and you're done.
Well if I'll find out how to use the exploit, then I'll attempt something like an antihack.
Edit, checked the code in the link, if he'd use echo instead of necho, then this would definatly be batch.
EDIT: Silly me, I just noticed it isn't necho and nstart, it's \necho which means \n = new line then echo further, meaning this is perfectly normal batch.
It is in the example a VBS, can be a mere batch file, which will have more permissions than other scripts, there is also a special batch header, which makes it run as admin.
Yeah, in short can do great damage but also great good.
hashtable
in a file could incredibly improve Warcraft III gameplay experience!Not true, there are startup folders which are global. Additionally they could modify windows system files on XP (as that has no security unlike vista and 7).
Old maps that were safe in the past will still be safe. If you host that TD you played 4 years ago (and it works), then it will still be safe. Additionally maps like TKoK RPG will also be safe as the makers are highly respected moders who can be trusted. Maps which do not use preload native are garunteed to be safe as that is a required for this bug. Offical DotA Allstars versions will also be safe as the makers are trusted and respected however people will spoof the map (like last time) so only join trusted hosts.
Maps to be careful with are public DotA Allstars games cause (like with the previous exploit) people can easilly make a broken map which will download and infect you in under a second once you join (and looks like the real genuine map when you press join). Maps which appear hacked or sound funny. Maps which are new but of something old. Common ripped maps (like LoaP or vampirisim or battleships), basically anything which will get lots of people infected.
Founder of the North map uploaded here on THW is safe and clean, after all those moths and authors work, they won't mess up now, as DSG said, just don't download maps directly from Bnet, Garena and other game portals, come here for example and check maps, those that are uploaded at least 1 time per month, have over 2000 downloads and large number of comments should be 99% safe! If not authors "uploaders" will have big problems!
I download and upload around 15-20 maps per day! Some are big some are protected, some are just spells and systems, and I didn't found anything strange!
EDIT:
Damn I just checked something and it worked perfectly fine!
As some of you know you can change file extension right!
I changed .txt file into blp and renamed it into ReplaceableTextures\CommandButtons\BTNExample.blp, WE ofc showed this as image/texture!
Pro map hacker, can easily add anything he want into map like this, there is no way to find it with MPQEditor because you don't know what resource is fake, even if you find one, there can be few other as well! Maps can be used to store anything you want without any notice about it ^^
Now this can be old news, but I just wanted to show you cool way to hide files and informations!
I once hide some "pictures" from younger brother, converting them to mp3 file, when he tried to open them, winamp killed itself to play them ^^
Note: Changing extension directly inside WE won't work!
I'm so sad that this is getting fixed![]()
Who said that?
Blizzard are going to remove this exploit, no?
Who said THAT?
I am sure they ain't gonna fix it because of Sc2.
Well, they did fix the return bug. But if they leave this one behind, shit, I'm back to mapping )) And I'll make a blast
Blizzard are going to remove this exploit, no?
By the way "necho" is infact "\necho" where \n is the escape character for a new line and echo is a command that you can use in your command prompt. Indeed this is VBScript for sure. We could make MMOs with this, in theory, we could actually make absolutelly everything. That's the reason I don't want it removed. Maybe restricted... but not removed(
I wrote that already...
Also, it's batch, but batch can easily create VBS files...
Doubt it could lol, even badass Kaspersky.I feel dumb about saying this. But will a firewall do anything?
I feel dumb about saying this. But will a firewall do anything?
So when were those "Preload" functions included in War3![]()
Uh... do you even know what they do?
That doesn't seem like a proper answer.
EDIT: Ha, I got it, whatever. I wonder why I never got to use them...
Who said THAT?
I am sure they ain't gonna fix it because of Sc2.
Yeah. Sadly Blizzard has a habit of not caring for older games (except maybe for D2, they care about it "just enough" to still update it once a year; though the update does not fix every or even the simplest problems but they're still updates).
They even launched a lawsuit against KeSPA; yeah it's in their property, their rights, etc but the thing is no KeSPA = No more (or at least very little of) SC1: Broodwar.
The saddest part is all the good maps in WC3 will be slowly forgotten (really, it's hard to play any or host any variety of maps with all these hosting bots and now malicious maps too).
Also they still have not really addressed the popularity system in SC2 (all they need is to add the "hosting" system from SC1 and WC3 back; they could keep the popularity system but just have an alternative option for users to use).
Though I am aware it's in Blizzard's best interest (money wise) to focus on their newer games but they could be good sports and care more about their older games.
Well maybe DSG didn't credited Jesus4Lyf directly, but all url links link his posts and comments!That's cool, don't even mention who discovered it, or give any credit whatsoever, because I'm sure after tinkering and discovering such things Jesus4Lyf would hate such mentions.