We are back to square one! Warcraft III is UNSAFE again!!!

[Ezekiel12]

Preload exploit is one of the best modding tools wc3 has to offer,

We should be clear here. The "exploit" is doing malicious things with the preload natives, not that you are generally able to create files.

If the natives allow only paths within the currently started war3.exe and only file type .pld is allowed to be written (and overwritten) there should be nothing left to exploit.

 

[leandrotp]

really?
Windows has a permanent startup folder for all users.

WINXP
DISK:\Documents and Settings\All Users\Start Menu\Programs\Startup
WIN7+
DISK:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Preload exploit much more dangerous than code execution.

You can only write to that folder if WC3 is running as administrator (unfortunately, Garena and some other clients do that).

And this doesn't mean that it is "more dangerous" than code execution. It might be easier to use (everyone knows how to make a .bat), but code execution is much more powerful. And also some antivirus detect .bat files in the user's startup folder, but they won't detect malicious code running inside the WC3 process.

Preload exploit is one of the best modding tools wc3 has to offer

Memory reading and writing is the best of the best tools in WC3 modding that can ever be made. I have already written a large api in pure JASS to take advantage of the ability to read and write memory. Basically I can read and modify any property of any object in the game (unit armor, ability cooldown, manacost, anything).

The only bad thing is that memory access is also a security risk for the user. But hey, so is the preload exploit, and everyone uses it in their maps! I've been thinking, why do I need to keep a secret of this thing at all? Why can't we simply turn WC3 into a native-code custom game engine?

After all, a map with a virus inside is no different than a true .exe virus. Every user is responsible for what they download into their computer. So we just need to tell them to never join custom maps they don't already have, and only download maps from trusted sources.

 

[Ezekiel12]

Why can't we simply turn WC3 into a native-code custom game engine?

Because Blizzard offers wc3 as a product to people of all ages. Those have to be guaranteed safety when using it.
Getting your computer wrecked because of joining a custom map is not considered safe.

 

[DracoL1ch]

what? windows is also a product to people of all ages, and billion viruses flying on win. that's not how you gonna defend that. not to speak, wc3 itself isn't provide any kind of warranty. just like normal EULA, blizzard have no responsibility for whatever happens with user's pc

 

[edo494]

I imagine despite their terms and services, they could be held liable if your harddrive was formatted as a result of blizzard being unable to patch/prevent such exploit of their software. You are always responsible for your software, mainly when its commercial(last time I checked, they still werent handing out free copies so it is still commercial product)

 

[DracoL1ch]

duh. tell that to Adobe. you install any soft on your own purposes and you can definitly live without doing that. therefore it's ur own fault, whatever is happening next.

 

[edo494]

and what tells you that you couldnt sue adobe for destroying your sensitive data on your computer via their software?

 

[leandrotp]

and what tells you that you couldnt sue adobe for destroying your sensitive data on your computer via their software?

You don't sue Microsoft when your Windows PC gets a virus, do you?

And if you did, I'm pretty sure you wouldn't get anything. At least in my country, you wouldn't.

 

[DracoL1ch]

and what tells you that you couldnt sue adobe for destroying your sensitive data on your computer via their software?

eula, lawyer, simple logic

 

[Almia]

Actually , Warcraft can exploit viruses when J4L wrote the Infest function, which writes a file to be executed by the computer on startup and download a file from the given address. IDK if this is fixed but if it is not, Blizzard has to fix this 2 exploits.

as for the case of J4L, I think Blizzard can't fix it because the only way to fix it is to remove the Preload functions themselves.

C2I is now the problem that needs to be prioritized because it is much easier to write and manipulate.

 

[DracoL1ch]

C2I is now the problem that needs to be prioritized because it is much easier to write and manipulate.

no. problem is blizzard do not want to give access to all sctructures of WC3 to mapmakers. solve it - and no hacks would be needed.

 

[IcemanBo]

Hey,

I really wonder what blizzard has answered to the e-mails they got from you.
I mean as you guys work on this: http://www.hiveworkshop.com/forums/...cript-its-time-revolution-279262/#post2826189,
which might become pretty critical for the common user's pc.
Have they even gave an appropriate answer?

 

[Zwiebelchen]

as for the case of J4L, I think Blizzard can't fix it because the only way to fix it is to remove the Preload functions themselves.

I actually talked to a blizz employee about this and we came to the conclusion that instead of fixing the Preload functions directly, it was way easier to just restrict PreloadGenEnd() to relative paths. This way, we can still write files on the HDD like we used to (for debug logs or savecodes), but can no longer inject files into system critical folders or Autorun.

Which is a quick and easy fix that removes the ability to do harm with preload without breaking the good things.

C2I is now the problem that needs to be prioritized because it is much easier to write and manipulate.

Agreed. But here's the catch: if we can use it to read out game data, Blizzard can do it aswell. Which means that natives to access unit and ability stats could be easy to implement.

 

[Almia]

Blizzard should really release the functions that retrieve Object Data.

 

[DracoL1ch]

do you really think they can do better than we did?

 

[Almia]

Impressive

 

[Zwiebelchen]

Wait, so you even found a way to manipulate the UI?
Isn't that our solution to writing data that I requested?

 

[DracoL1ch]

Wait, so you even found a way to manipulate the UI?
Isn't that our solution to writing data that I requested?

It's up to Leandro to publish techniques. He's the one who found them. I just applied all those possibilities to make perfect dota.

 

[Almia]

Is there a possibility that this exploit can read some hidden values? like for example, the current cursor position of the local player, the /fps value, etc. things that is shown in our User Interface?

 

[DracoL1ch]

Is there a possibility that this exploit can read some hidden values? like for example, the current cursor position of the local player, the /fps value, etc. things that is shown in our User Interface?

read? anything you can ever think about.

 

[Almia]

OMG!

We can say goodbye to trackables if that's the case.

 

[DracoL1ch]

so far you have to keep things sync between players, therefore you need some bridges. it's tricky enough

 

[Almia]

Can't that be synced via TriggerHappy's Sync library?

 

[Chaosy]

I feel like pretty much all maps will be complete garbage now.
Compared to what we'll be able to create now that is.

 

[edo494]

welcome ingame map hack scripts

 

[DracoL1ch]

Can't that be synced via TriggerHappy's Sync library?

as long as your agents being calculated at both sides, it doesnt matter how do you achieve it.

 

[Chaosy]

Oh, and on another note. I feel so unmotivated to create something now, because I know that I can create better things once these libraries goes public.

It'll be funny for the spell mods, they'll have to reject soooo many systems.

 

[Almia]

It'll be funny for the spell mods, they'll have to reject soooo many systems.

They won't

if something magical like this gets removed by Blizzard...

 

[Chaosy]

If they do that, I certainly hope they present us with an replacement.
Because I will hate them for a good while for removing it otherwise.