Virus Maps!

WARNING!

It has been discovered that you are able to run code that doesn't just modify wc3 but your computer. You can read more about it in this thread:
Virus Maps!

interesting , ty for the info

DarkSath wrote:interesting , ty for the info

This can be used for good things, for example creating save/load systems without an enormous amount of numbers/letters, but allows you to add things like malware,spyware or viruses,too.

Asgard_Ragna wrote:
This can be used for good things, for example creating save/load systems without an enormous amount of numbers/letters, but allows you to add things like malware,spyware or viruses,too.

Indeed, a very good JASSer could create a system that stores the save code in registry/text files. But since Blizzard will probably fix it asap, I won't bother doing that. I barely understand how this works anyway..

So please dont play any new public maps, and especially no unknown russian maps... since the russian community was aware of this exploit a little bit earlier ...and someone already might have created something like that *evil*

tex or reg files would 'crackable' , best to make app to make an http request and store exp on an external server.
but really i dont see how they can inject trojan and stuff in a map ... w3 would crash at opening
as u said s3 , blizz will surely patch that in some days

I think you cannot directly execute a virus which is stored within the map.
The trick is that you can use the bytecode to create a connection to the internet and download a infected dll or executable from a server, much like a trojan can.
The test map found on thehelper for example opens the cmd console. Not very dangerous (^^) but it proves that you can do much more with it.
The point is that code variables point to a certain place in the computer's memory. Usually you cannot access parts of the memory which are not allocated to wc3. But now there is a way to "skip" lines, thus enabling you to "hop" out of the allocated memory. The you can inject bytecode commands to do stuff on the pc.

The reason why I thought about reg/text is because you don't need a server nor a internet connection to play it. Ofc you'd still have to encrypt saved code.
The save codes that can be made today (esp if you have so much space to use) cannot be hacked by brute force anymore. Ofc you still could crack open the map and take a look at the system itself, but in this case sending wrong information to the server will also be easy.

But think about how much information you can store accurately without the user having to write down anything - That'd be awesome for RPGs and in dotd you could e.g. save the number of times you beat the map, the number of zombies/bosses killed in total, how often you played which hero, or allow much better algorythm to evaluate whether the player should receive a certain award or not (based on k/h ratio, teamkills, use of abilities..)

PS: I've read through some discussions. Chances are that Blizzard will fix that bug by removing the famous H2I-bug, which is used in many maps.. so if Blizzard is evil and lazy they might break 10% of all wc3 maps in their next patch (including dotd)

I'd never have thought that there is a way to access the computer through the VM of wc3.. both a dream and a nightmare.

But I can give a green light for dotd. As long as you download it from this website or from a trusted person on the internet nothing can happen. However, DON'T download maps from Epicwar which have been uploaded recently!

thx for explanation