execute_file() and GM:S

Posted by link2x101 on June 1, 2014, 5:21 p.m.

That is, why it doesn't exist, shouldn't exist, and how it can exist.

I've spent today thinking about how Studio is lacking the execute_file() and execute_string() commands.

And there's a fair number of reasons why this is so.

    [#]Piracy concerns. It's extremely easy to create your own GML runner. Sure, it makes Game Maker a significantly harder language to use, but it's still possible. This runner can then bypass all of the free-version limitations (provided someone with a paid copy compiled the executable.) The only real features lost are things like the loading bar, icon, and game-info. [#]Safety concerns. Look, I shouldn't have to tell you that letting your code run someone else's code without any safeguard can be a problem. Keyloggers, viruses, various kinds of bots, and any other malicious software can be transmitted this way. (Not to mention older versions of Game Maker weren't so safe with the filesystem access thing. Hello, system32.) [#]Rare usage. The most common usage case for these commands that I've ever seen is level editors and readers, which can easily be done in .INI format (depending on the game, though this lacks security) or a custom format (which is really not hard to do). Games using this style of saving/loading for maps are particularly at risk of the above safety concerns. I could easily write in some code among the instance_create()s to execute a .DLL saved along with the 'map', or even have the .DLL itself embedded into the map file, creating the actual .DLL file before executing it.

Now, these commands could easily be used to allow modding to a game. That is, you could let people hook in to core gameplay components and change how it's played, or change the music, or add multiplayer. All sorts of things, but I can't say I've ever seen anyone do such a thing with a Game Maker game. (And now it's a bit late for using this method).

However, you can still add such a feature to your game if you wanted. It's just a bit harder.

Now, instead of having free reign over a Game Maker game from an outside script, you have to specifically write in (effectively whitelisting) a parser.

Using file reading functions and more-strict Game Maker code (raise your hand if you don't always use semicolons) it can then be made possible to execute outside code.

That's right, you can still use an instance_create() level system, you just have to work a bit harder on making them load.

It's a pain, but this is a far safer way to go about things, as you probably won't be whitelisting dangerous commands, nor opening a hole for .DLL hooks or keyloggers.
TL;DR: execute_string() and execute_file() are gone because they are lazy and dangerous. You can still execute strings and files if you take the time to do it properly.

Comments

link2x101 10 years, 6 months ago

Literally the only time I noticed semi-colons being completely necessary was when I made a program that would load a file into GM6.1, then execute is as a string. It would be interpreted as one line, so they became fairly necessary.

EDIT: Still, as a hold-over from learning PHP, I pretty much always use semi-colons.

Powerful Kyurem 10 years, 6 months ago

Pirate-Rob: /Parenthesis/ didn't…. a semicolon did.

Pirate-rob 10 years, 6 months ago

words can't describe how much I'd like to down vote that grammer correction

Well, the brackets /should've/ made it work, regardless of the semicolon.

Powerful Kyurem 10 years, 6 months ago

They are called parenthesis, not brackets!

Brackets: {}

Square Brackets: []

Parenthesis: ()

(I seriously hope you don't use brackets for all your functions)

See how I used /parenthesis/?

Pirate-rob 10 years, 6 months ago

Curley braces = {}

Parenthisis/brackets =()

Learn ya english pk

http://www.oxforddictionaries.com/words/brackets

Edit: yes i realise i made spelling mistakes, so no commenting on that D_D

Alert Games 10 years, 6 months ago

I think it is a good thing they got rid of these functions!

Think about it. The average Game Maker user is not very advanced with programming. In fact, some designers using Game Maker are actually skilled in graphics, but Game Maker allows them to create a game much easier and more flexible than any other platform (besides maybe Unity, but even still…)

Most of the time it is not a good idea to execute a string or file. I wouldn't want a game that doesn't NEED to use those functions go ahead and do it, since it can cause problems.

There is actually a dll out there that can execute a file. I found this topic:

http://gmc.yoyogames.com/index.php?showtopic=306715

You can also run batch files to do more functions, and theres something called "Silentdos" to do it in the background. (I am doing this for a program that handles the links for cloud syncing between multiple computers.)

Plus I am making an API that will handle auto-updating, encrypted game saves, and resource handling, to make it easy for a developer to use. It will also optionally include an audio dll to handle your sounds so that solves that problem. I only need helpers to make the API as quickly as possible.

Powerful Kyurem 10 years, 6 months ago

Alert games that .dll executes an .exe. That just opens another program. Personally, I'd rather remove all non multiplayer external functionality.

Anyway, is there a function to search for text in a string? I want to debug any external file stuff out of my chest system. Then, nobody can 'create a virus' as someone put it. :)

Alert Games 10 years, 6 months ago

You can make a parser using string_ commands in game maker, yes. I've done that with particle designer before.

I recommend against using execute string at all costs though, in preference rather, of parsing actions from either a list of commands or a data structure like XML or JSON.

Powerful Kyurem 10 years, 6 months ago

The game only executes code that the player explicitly puts into a text box, so unless someone advertises a cheat that is secretly a virus, there's literally no danger. (Plus, a person is dumb if they use a cheat that contains a bunch of file editing functions. Even a gamer should notice /that/)

Powerful Kyurem 10 years, 6 months ago

Now here's an ironic twist. I've been trying to port my games to windows 8. Well… it turns out that the function crashing it was /execute_string()/ ALL ALONG. No wonder studio removed it. I can't even type "a=1;" as a cheat on Windows 8!