04.11.2017, 22:08
That's not how any of this works!
A file downloaded by the game is passed to GTA's DFF file parser. If the file is an executable, it is not just randomly run, instead the game will still try and interpret it as a model, and probably fail. Think of it this way - if you download an EXE, then try and open that file from notepad, it doesn't RUN the file, just shows you the contents. Or an even better example is a BAT file - which you can happily read from inside notepad without ever executing it.
BAT, RAT, EXE, it doesn't matter; they won't be run, because they are never told to run. Instead, they are loaded as models.
HOWEVER, this is NOT the same as the warning Kalcor gave about models themselves with embedded issues. GTA was originally a single-player game with no modding. This meant that all the files it was ever intended to load were the models provided with the game. Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code. However, I say again, THIS IS NOT THE SAME AS JUST RENAMING AN EXE. To the best of my knowledge, there are no known DFF exploits, but I've also not followed the modelling side of things very closely for a few years now.
No, not in any theory at all.
^ This is correct.
If you are STILL worried then a) you're an idiot (unless you've truly found an exploit in the DFF file parser itself) and b) test it with a non-destructive batch script, maybe one that just touches a file.
A file downloaded by the game is passed to GTA's DFF file parser. If the file is an executable, it is not just randomly run, instead the game will still try and interpret it as a model, and probably fail. Think of it this way - if you download an EXE, then try and open that file from notepad, it doesn't RUN the file, just shows you the contents. Or an even better example is a BAT file - which you can happily read from inside notepad without ever executing it.
BAT, RAT, EXE, it doesn't matter; they won't be run, because they are never told to run. Instead, they are loaded as models.
HOWEVER, this is NOT the same as the warning Kalcor gave about models themselves with embedded issues. GTA was originally a single-player game with no modding. This meant that all the files it was ever intended to load were the models provided with the game. Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code. However, I say again, THIS IS NOT THE SAME AS JUST RENAMING AN EXE. To the best of my knowledge, there are no known DFF exploits, but I've also not followed the modelling side of things very closely for a few years now.
Quote:
|
Originally Posted by Misomir
 It will open file and when SAMP realize thats not required file it will crash.But,the file is opened which executes program(in theory)
|
Quote:
|
Originally Posted by MyU
Reading the file != parsing & loading a PE.
|
If you are STILL worried then a) you're an idiot (unless you've truly found an exploit in the DFF file parser itself) and b) test it with a non-destructive batch script, maybe one that just touches a file.