execute_file() and GM:S

Posted by link2x101 on June 1, 2014, 5:21 p.m.

That is, why it doesn't exist, shouldn't exist, and how it can exist.

I've spent today thinking about how Studio is lacking the execute_file() and execute_string() commands.

And there's a fair number of reasons why this is so.

    [#]Piracy concerns. It's extremely easy to create your own GML runner. Sure, it makes Game Maker a significantly harder language to use, but it's still possible. This runner can then bypass all of the free-version limitations (provided someone with a paid copy compiled the executable.) The only real features lost are things like the loading bar, icon, and game-info. [#]Safety concerns. Look, I shouldn't have to tell you that letting your code run someone else's code without any safeguard can be a problem. Keyloggers, viruses, various kinds of bots, and any other malicious software can be transmitted this way. (Not to mention older versions of Game Maker weren't so safe with the filesystem access thing. Hello, system32.) [#]Rare usage. The most common usage case for these commands that I've ever seen is level editors and readers, which can easily be done in .INI format (depending on the game, though this lacks security) or a custom format (which is really not hard to do). Games using this style of saving/loading for maps are particularly at risk of the above safety concerns. I could easily write in some code among the instance_create()s to execute a .DLL saved along with the 'map', or even have the .DLL itself embedded into the map file, creating the actual .DLL file before executing it.

Now, these commands could easily be used to allow modding to a game. That is, you could let people hook in to core gameplay components and change how it's played, or change the music, or add multiplayer. All sorts of things, but I can't say I've ever seen anyone do such a thing with a Game Maker game. (And now it's a bit late for using this method).

However, you can still add such a feature to your game if you wanted. It's just a bit harder.

Now, instead of having free reign over a Game Maker game from an outside script, you have to specifically write in (effectively whitelisting) a parser.

Using file reading functions and more-strict Game Maker code (raise your hand if you don't always use semicolons) it can then be made possible to execute outside code.

That's right, you can still use an instance_create() level system, you just have to work a bit harder on making them load.

It's a pain, but this is a far safer way to go about things, as you probably won't be whitelisting dangerous commands, nor opening a hole for .DLL hooks or keyloggers.
TL;DR: execute_string() and execute_file() are gone because they are lazy and dangerous. You can still execute strings and files if you take the time to do it properly.

Comments

Powerful Kyurem 10 years, 6 months ago

Like I said, nobody uses Execute_File. It should be removed. I even said that execute_string should be limited to just in-house functions, and (maybe) multiplayer functions. Obviously, anything else would only be useful for stealing code or making viruses.

Quote: Pirate_Rob
If they don't port, just remove the commands :P

There's already around 50 uses of the string executing object. I'd like to see you remove all of those. :p

Iasper 10 years, 6 months ago

Or you just don't bother trying to manipulate other people's games even if they don't want you to. Seems like the most viable option to me. Like mentioned before, the main reason for their deletion is the fact GMS actually compiles rather than just interpreting it.

Powerful Kyurem 10 years, 6 months ago

That comment made no sense at all. The 50 uses I'm talking about aren't cheat codes or mods. I actually used objects executing strings in my own code, so I could put checks in levels as I go. Like whether an enemy is dead, or a button is pressed, etc. If I tried to port my own game that I made to Studio, it would break.

Yeah sure, mods are awesome, but I'd gladly give that feature up in a windows 8 version* if necessary.

*GM 8.1 isn't entirely stable in windows 8. It can sometimes crash.

Iasper 10 years, 6 months ago

I was referring to you doing stuff to Nintendo Nightmare. Besides that, there's absolutely no reason to use execute_string like that when GM has a built in debug screen where you can add expressions like those

Powerful Kyurem 10 years, 6 months ago

"when GM has a built in debug screen where you can add expressions like those "

*facepalm* That's a debugging feature, and I sometimes use it. That's not what I meant. I use execute_string objects to actually make the level work. There's so many checks for puzzles and such that it is easier in the long run to just make a quick object via creation code to do it.

Also, I rarely made mods in Nintendo Nightmare. I mostly used it for… well… cheating. The only mod I tried making was the multiplayer and that completely broke. Anyways, that isn't really relevant anymore, since I could just as easily wire the cheats to hotkeys, seeing as I have a copy of the source and all. *scribbles quick mental note for debugging later*

Castypher 10 years, 6 months ago

Quote:
*GM 8.1 isn't entirely stable in windows 8. It can sometimes crash.
It crashes if you don't know how to manage your audio. I've never had my games crash on Windows 8, and I also develop in GM8.1.

Quote:
I use execute_string objects to actually make the level work.
I've used execute_string in exactly one case, and even then it was a hacked together method of doing something I could've done with a little more effort. I've been developing in GM for over ten years now and I promise you there's no case where execute_string does something that good programming can't.

Some of the things GMS took away make porting and developing a little inconvenient, but all in all I can understand why they did it and any programmer worth his salt should be able to easily make that adjustment.

(even though I still complain about GMS to this day)

The only thing that aggravates me about the loss of execute_string is that its debugging equivalent is apparently absent in the new debugger.

Powerful Kyurem 10 years, 6 months ago

I could do the equivalent somewhat easily. I'd just have to make a huge list of checks, and it would be very tedious and annoying. Like I said, it's mostly when certain enemies are dead, or a puzzle is solved. Things that would normally be a waste to create one object for. The other way saves file space.

Iasper 10 years, 6 months ago

Or you just set a global variable? Seems so much more practical to me and no work at all

Powerful Kyurem 10 years, 6 months ago

*facepalm* Where's the check, fair sir? Where is the check?

(I'm sorry. That meme just popped into my head.)

spike1 10 years, 6 months ago

Just wondering, are there pointers in the new GM? That was the only thing I used it for, so I could pass variable names as strings so I could reference them without hard coding the name then setting a new variable too it. Of course, if you return one value you can just use Return, but with multiple it becomes trickier. Has this been solved? :)