exec cmd similar to the Localize()? + Running .bat/.py files

Discussions about Coding and Scripting
User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

exec cmd similar to the Localize()? + Running .bat/.py files

Post by PrinceOfFunky » Sat Dec 09, 2017 7:52 am

Why does the exec command asks for an INT file if it can read from txt files either? Does it mean Localize() function can read from txt and do the same staff of the exec command?
Old thought:
Spoiler
Show
Also I forgot to show what error is thrown when I try opening a 'non-existing' file using the function(that I forgot to show in the vid) that let 'players' travel, but the error talks about "file not found", so does it mean that function was intended to open files other than webpages and Unreal URL protocols? (I tested it using the file:/// directive and it works, is it a standard protocol or it works cause of my browser handling it?)


EDIT: /o\ I managed to execute a bat file using that function! I'll post the vid here.
New thought:
The function from within PlayerPawn.uc 'ClientTravel()' can also run .bat files!



p.s. Of course other than all the cool stuff you can do using the shell through Unreal, it also means there's actually a way to write into INTs through Unreal, so this means you can write and read textual dynamic arrays.

EDIT 2: I think that function uses the explorer, you can send any kind of URL onto the explorer and the behaviour is exactly the same.
"Your stuff is known to be buggy and unfinished/not properly tested"

nogardilaref
Masterful
Posts: 577
Joined: Tue Jun 20, 2017 1:00 pm
Personal rank: ⚋⚊⚌☰⚞⌖⚟☰⚌⚊⚋

Re: exec cmd similar to the Localize()? + Running .bat/.py f

Post by nogardilaref » Sat Dec 09, 2017 2:14 pm

"file" (file://..) is a standard scheme for opening local files, and is handled by the OS itself, and not the browser, although you can also use it from the browser.
The only reason things like "http://" and "https://" open your browser automatically, is because the browsers register themselves to be the ones responsible for those schemes.
This is also why "unreal://" opens UT, as long as UT is properly installed, including the entries in the Windows registry.

Having that said, yeah, this stuff allows you to open anything, because it's really meant to open anything.
UT by design is also meant for you to be able to leave the game to visit websites, as shown by the fact that it has support for hyperlinks which is demonstrable by the very first tab that is opened when you mean to play a multiplayer game (the message from Epic games directing you to their newer forums/sites).

From there, it becomes rather clear why it can execute things like bat files and the like as well, since by simply "calling" file:///something, that something being a bat file or another kind of executable that the OS simply executes by omission, then it's just executed.

This of course breaks the sandbox nature of Unreal Engine, and is around things like these that we're able to have stuff like NPLoader to download and use remote .dll files I believe (I don't know myself how NPLoader works, but I didn't actively look for an explanation either).
Which means servers could easily inject malware into your system this way as well.

User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

Re: exec cmd similar to the Localize()? + Running .bat/.py f

Post by PrinceOfFunky » Sat Dec 09, 2017 2:29 pm

nogardilaref wrote:"file" (file://..) is a standard scheme for opening local files, and is handled by the OS itself, and not the browser, although you can also use it from the browser.
The only reason things like "http://" and "https://" open your browser automatically, is because the browsers register themselves to be the ones responsible for those schemes.
This is also why "unreal://" opens UT, as long as UT is properly installed, including the entries in the Windows registry.

Having that said, yeah, this stuff allows you to open anything, because it's really meant to open anything.
UT by design is also meant for you to be able to leave the game to visit websites, as shown by the fact that it has support for hyperlinks which is demonstrable by the very first tab that is opened when you mean to play a multiplayer game (the message from Epic games directing you to their newer forums/sites).

From there, it becomes rather clear why it can execute things like bat files and the like as well, since by simply "calling" file:///something, that something being a bat file or another kind of executable that the OS simply executes by omission, then it's just executed.

This of course breaks the sandbox nature of Unreal Engine, and is around things like these that we're able to have stuff like NPLoader to download and use remote .dll files I believe (I don't know myself how NPLoader works, but I didn't actively look for an explanation either).
Which means servers could easily inject malware into your system this way as well.
So I guess it would work on linux also, even cause Unreal Engine is supported on it so...
Also, did you see this? That means we can write external scripts from scratch and running them using Unreal for the whole process.
Since ClientTravel() doesn't let you pass arguments when executing a program, I am currently trying to understand how the function ExecuteLocalLogBatcher(), from within StatLog.uc, works, since I noticed there are these two variables:

Code: Select all

var() globalconfig string	    LocalBatcherURL;		// Batcher URL.
var() globalconfig string	    LocalBatcherParams;		// Batcher command line parameters.
Also, there's this other function:

Code: Select all

native static function BrowseRelativeLocalURL(string URL);
Which I suppose does exactly the same of ClientTravel(), but I didn't test it. (EDIT: I just tested it and the answer is yes)
This one is also interesting:

Code: Select all

native final static function BatchLocal();
And this one is funny:

Code: Select all

function LogEventString( string EventString )
{
	Log( EventString );
}
Very useful lol. (Of course it could be useful if you would decide to log event strings in a different way).

EDIT: Looks like I was right thinking that it would have used the batch(of course XD), I tried using Level.Game.LocalLog.ExecuteLocalLogBatcher(), but before doing it I changed these two globalconfig lines:

Code: Select all

LocalBatcherURL=../NetGamesUSA.com/ngStats/ngStatsUT.exe
LocalBatcherParams=IThoughtIShouldHaveCensoredThis?
LocalLogDir=../Logs
into these:

Code: Select all

LocalBatcherURL=testexe.bat
LocalBatcherParams=test
LocalLogDir=.
But it wasn't successful, also this is the log it wrote:

Code: Select all

Log: CreateProc testexe.bat ./Unreal.ngLog.2017.12.09.14.54.47.7777.log
Just, the file "Unreal.ngLog.2017.12.09.14.54.47.7777.log" was written in the System folder.
The static function "BatchLocal()" tho, doesn't create that log file.
"Your stuff is known to be buggy and unfinished/not properly tested"

User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

Re: exec cmd similar to the Localize()? + Running .bat/.py f

Post by PrinceOfFunky » Tue Dec 12, 2017 1:11 pm

Also if you use PlayerPawn.ClientTravel() instead of StatLogFile.BrowseRelativeLocation(), you can choose the ETravelType.
It is declared in Actor.uc:

Code: Select all

// Travelling from server to server.
enum ETravelType
{
	TRAVEL_Absolute,	// Absolute URL.
	TRAVEL_Partial,		// Partial (carry name, reset server).
	TRAVEL_Relative,	// Relative URL.
};
"Your stuff is known to be buggy and unfinished/not properly tested"

User avatar
Barbie
Godlike
Posts: 2107
Joined: Fri Sep 25, 2015 9:01 pm
Location: moved without proper hashing

Re: exec cmd similar to the Localize()? + Running .bat/.py f

Post by Barbie » Tue Dec 12, 2017 5:08 pm

Opening or executing a file is even possible with a simple Teleporter: try

Code: Select all

file://localhost/c:/WINDOWS/SYSTEM32/calc.exe
(for a default windows installation) in Teleporter's URL. Luckily passing arguments seems not to work.
"Multiple exclamation marks," he went on, shaking his head, "are a sure sign of a diseased mind." --Terry Pratchett

User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

Re: exec cmd similar to the Localize()? + Running .bat/.py f

Post by PrinceOfFunky » Tue Dec 12, 2017 11:32 pm

Barbie wrote:Opening or executing a file is even possible with a simple Teleporter: try

Code: Select all

file://localhost/c:/WINDOWS/SYSTEM32/calc.exe
(for a default windows installation) in Teleporter's URL. Luckily passing arguments seems not to work.
it's file:/// (3 slashes).
EDIT2: Anyway 'localhost' is not needed.

EDIT: Wait a second... why localhost? This makes me think commands could be sent to a remote server? Lol I hope not...
"Your stuff is known to be buggy and unfinished/not properly tested"

User avatar
Barbie
Godlike
Posts: 2107
Joined: Fri Sep 25, 2015 9:01 pm
Location: moved without proper hashing

Re: exec cmd similar to the Localize()? + Running .bat/.py f

Post by Barbie » Wed Dec 13, 2017 9:50 am

PrinceOfFunky wrote:it's file:/// (3 slashes).
Where do you get this information from? There will be 3 slashes only, if you omit the host ("localhost" in this case). See Wikipedia for details.
PrinceOfFunky wrote:This makes me think commands could be sent to a remote server?
I also tried an internet host instead of localhost, but it didn't work - at least on my installation. Furthermore I don't know what protocol should be used to transfer a file over the network, and a server component sending the file would also be necessary.
"Multiple exclamation marks," he went on, shaking his head, "are a sure sign of a diseased mind." --Terry Pratchett