execute_file() and GM:S

Posted by link2x101 on June 1, 2014, 5:21 p.m.

That is, why it doesn't exist, shouldn't exist, and how it can exist.

I've spent today thinking about how Studio is lacking the execute_file() and execute_string() commands.

And there's a fair number of reasons why this is so.

    [#]Piracy concerns. It's extremely easy to create your own GML runner. Sure, it makes Game Maker a significantly harder language to use, but it's still possible. This runner can then bypass all of the free-version limitations (provided someone with a paid copy compiled the executable.) The only real features lost are things like the loading bar, icon, and game-info. [#]Safety concerns. Look, I shouldn't have to tell you that letting your code run someone else's code without any safeguard can be a problem. Keyloggers, viruses, various kinds of bots, and any other malicious software can be transmitted this way. (Not to mention older versions of Game Maker weren't so safe with the filesystem access thing. Hello, system32.) [#]Rare usage. The most common usage case for these commands that I've ever seen is level editors and readers, which can easily be done in .INI format (depending on the game, though this lacks security) or a custom format (which is really not hard to do). Games using this style of saving/loading for maps are particularly at risk of the above safety concerns. I could easily write in some code among the instance_create()s to execute a .DLL saved along with the 'map', or even have the .DLL itself embedded into the map file, creating the actual .DLL file before executing it.

Now, these commands could easily be used to allow modding to a game. That is, you could let people hook in to core gameplay components and change how it's played, or change the music, or add multiplayer. All sorts of things, but I can't say I've ever seen anyone do such a thing with a Game Maker game. (And now it's a bit late for using this method).

However, you can still add such a feature to your game if you wanted. It's just a bit harder.

Now, instead of having free reign over a Game Maker game from an outside script, you have to specifically write in (effectively whitelisting) a parser.

Using file reading functions and more-strict Game Maker code (raise your hand if you don't always use semicolons) it can then be made possible to execute outside code.

That's right, you can still use an instance_create() level system, you just have to work a bit harder on making them load.

It's a pain, but this is a far safer way to go about things, as you probably won't be whitelisting dangerous commands, nor opening a hole for .DLL hooks or keyloggers.
TL;DR: execute_string() and execute_file() are gone because they are lazy and dangerous. You can still execute strings and files if you take the time to do it properly.

Comments

twisterghost 10 years, 6 months ago

@spike1 return a data structure or array

spike1 10 years, 6 months ago

Fair enough, that would work, still the functions for those are really long and tedious to type. If i must return multiple values without execute_string I prefer.

(Un-tested)

ConvertToScreenCoords(10,20,5);
CoX = _XX;
CoY = _YY;
//Do Stuff

compared to

Coords = ConvertToScreenCoords(10,20,5);//With all creating Ds Lists and setting them and stuff extra.
CoX = ds_list_find_value(Coords,0);
CoY = ds_list_find_value(Coords,1);
ds_list_destroy(Coords);
//Do Stuff

But with execute_string it can just be:

ConvertToScreenCoords(10,20,5,"CoX","CoY");
//Do Stuff

But yeah, it isn't really necessary :). I wonder if there are some things only execute_string can do?

twisterghost 10 years, 6 months ago

You can also just return an array and know what the values mean if you don't want to use the ds_ functions (which I agree are stupid long).

Using execute_string (aka exec, eval, etc) is an awful practice in programming. They are generally mega-hacks baked into languages for the sake of having a megahack. There's almost always a better way.

Powerful Kyurem 10 years, 6 months ago

Spike1: Only user created cheats, or easily made levels (cause you can create a very specific check in-room without wasting file space on an object definition). It's mostly a convenience thing. I mean, there are probably uses if you wish to do complex random attacks, cause then you can string stuff together, or maybe something with procedural generation, but for the most part it's convenience.

Castypher 10 years, 6 months ago

Quote:
@spike1 return a data structure or array
No way, you can do that in GM now?

Powerful Kyurem 10 years, 6 months ago

You know what? If GM wants to remove it from their general stuff, that's fine by me, but does anyone know of a .dll for execute_string?

twisterghost 10 years, 6 months ago

Quote:
No way, you can do that in GM now?

WE LIVE IN THE FUTURE NOW, BOYS.

Quote:
does anyone know of a .dll for execute_string?

nvm we in the past

Powerful Kyurem 10 years, 6 months ago

Quote:
nvm we in the past

Are you saying I live in the past?

twisterghost 10 years, 6 months ago

No, you're living in the future so the present is your past.

Powerful Kyurem 10 years, 6 months ago

*sigh* is there one or not?