[RenderEdge] Memory Hack

[Kakerate]

Keep in mind just previewing a map can be fatal below 1.28

list the risks

Like the inherent risk when you run any software? A couple people probably lost trust in War3's VM as a result of the 1.24 hackery, shame. If all the stars align, there will land a single malicious person in the 1.26 community. (or forbid on live bnet) These scaretactics just kind of perpetuates people not trusting the game engine, especially when vulnerabilities STILL exist in it.

 

[HappyTauren]

Like the inherent risk when you run any software?

I am sure all software can run user-specified bytecode on your system without additional permissions. That's exactly what happens when I play DOTA or CS:GO :eyeroll: not even close

Look, stop trying to make a case for it with "like thats gonna happen!" mentality, because it is the stupidest way to argue for your case when people can see through it (I could as well say that posting credit card info on a deserted forum is also unlikely to be abused, arguing the same way that you do, and everyone would understand that's dumb).

Instead, just say, the risks are there, and we know about it, so we just hope we won't get fucked over it based on our previous experiences. That's the only honest way to go about it, really. Everything else is trying to coerce people to think that something won't happen because reasons.

I didn't get ran over by a car, and it's a small chance I will be. So I will stop looking left and right as I pass the streets, because hey, the chances of getting ran over by a car are slim anyways, so if I up them a bit by not taking care to prevent it, it's still low, right?

 

[Kakerate]

Bashing on 1.26 when 1.28 has the SAME exploit (simply needed new way of execution) just makes you seem disingenuous about the problems in our community and how we can work together to fix them.

I didn't get ran over by a car, and it's a small chance I will be. So I will stop looking left and right as I pass the streets, because hey, the chances of getting ran over by a car are slim anyways, so if I up them a bit by not taking care to prevent it, it's still low, right?

No. If you wanted to be accurate, you would see 1.26 and 1.28 as two separate roads. You should look both left AND right before walking across either road. Never have I been advocating blindly trusting maps, and yet you strawman me in this way. In fact it is YOU insisting not to look both ways before crossing the street with 1.28, assuming maps running on it can blindly be trusted.

 

[HappyTauren]

In fact it is YOU insisting not to look both ways before crossing the street with 1.28, assuming maps running on it can blindly be trusted.

Must be really fun to conjure things in your head that I didn't say.

 

[Kakerate]

When you're putting 100% of the focus on a single patch, yeah. You are almost certainly ignorant of the vulnerabilities of 1.28. Luckily, no one has tried spreading viruses to you through 1.28 ^^

So, if 1.28 and 1.26 are as vulnerable as the other, why default to one? Better API. The nice libs that have been written in 1.26 have not been translated to 1.28 yet because the architecture is bound to change again.

 

[HappyTauren]

Version 1.26 and sub exploit techniques are more well known, making it statistically more dangerous. I am not even playing wc3 online atm, but if you have to play wc3 online, then 1.28 is safer (not safe by any means) at the moment.

 

[Kakerate]

There is no "safer" if the exploit exists on both platforms , they are both equally at risk. But I'm sure you know what it takes for one of these to be made, right? Surely bytecode between two patches of the same VM differ VASTLY. Of course not. If someone wanted to infect users on 1.28, they would do it. It's not accurate to imply it hasn't happened on 1.28 yet because it's safer....

 

[HappyTauren]

There is no "safer" if the exploit exists on both platforms , they are both equally at risk.

There are hardly two things that are equal in the statistical world, that are not absolute extremes, unless your "equally" is binary, with 0 for "can't get infected" and 1 for "can get infected".

If someone wanted to infect users on 1.28, they would do it.

Yes, anyone motivated enough could do a similar thing on both patches. But there's more readily available information on how to do it on the old patches, reducing the amount of effort required by someone to do it. As of now, both are unsafe.

It's not accurate to imply it hasn't happened on 1.28 yet because it's safer....

But it is accurate to say that you're either not reading what other people are typing, can't understand what's being said, or just want to, again, conjure things nobody has even said.

 

[Kakerate]

But there's more readily available information on how to do it on the old patches, reducing the amount of effort required by someone to do it

factually incorrect.

But it is accurate to say that you're either not reading what other people are typing, can't understand what's being said, or just want to, again, conjure things nobody has even said.

What specifically have I said that implies this? Contest something and stop being vague.

I am sure all software can run user-specified bytecode on your system without additional permissions.

Couldn't be further from anything relevant.. you're the one who isn't understanding, and each comment you give is indicating so.

 

[HappyTauren]

What specifically have I said that implies this?

Most things you think I have said, which I didn't. I quoted you numerous times to ask you where did I say particular things, which you mostly just ignored.

Also, it's ridiculous to think that there's more info online on how to hack a more recent patch, than an old patch (of relevant age, that is still used). This is almost never the case for anything.

Welp, I think I shouldn't argue with someone who calls the opposition "retard croneys" and puts words into my mouth which I never said.

Therefore, goodbye.

 

[Frotty]

@Kakerate since u left the objective discussion, there isn't much left to say. If you use memhack in your map, it is 1.26 exclusive. I never said the idea in itself is bad or that I have security concerns. But you're making it sound like "why would one NOT use memhack" or "if u dont use memhack you are an idiot", and you seem to not accept any counter arguments.

 

[Kakerate]

If you use memhack in your map, it is 1.26 exclusive.

This isn't true and has been demonstrated so. The Example I saw used UnitID to call Memory functions, which were actually in another .j file. As I've said before, the extra hurdles to jump through make 1.28 unappealing to most people using Memory, which is bad for 1.28.

why would one NOT use memhack

It's fine to stay within war3's confines, but making something truly unique within the war3 engine is difficult with the various constraints imposed by lack of API.

you seem to not accept any counter arguments.

I'm sure theres a counter argument out there, but 1.28ers are fumbling to figure it out. I'm just trying to help get the facts out there because the more misinformation about 1.28 being safe, the more dangerous bnet is.

 

[csh]

Also, it's ridiculous to think that there's more info online on how to hack a more recent patch, than an old patch (of relevant age, that is still used).

There are many info online on how to hack 1.28 patch, but they are written in chinese and almost every mapper in China knew it, so you dont know it, the point should be why blizzard didnt fix it by now.

 

[kopoil]

Allright, i played with the map editor when i was 10 years old. I was able to do pretty much anything using the editor, tho i never used JASS or any other shit that i dont even know how to access. How the hell u had the patience to make this entire library? Also i dont even fucking know how to use this crappy damn code. The only thing i was able to achieve was reversing the get address for ability, and i did it while i was reversing the game. It was the ID + some unk address * 8 + 04 = the address u are looking for. BUT HOW THE HELL TO USE UR LIBRARY ? The only thing i want to do here is make external hack that will make the black square invisible. The suqare behind my god damn UI.