Asset - Extension Execute Shell (for Windows, macOS, and Ubuntu)

Samuel Venable

Time Killer
A user told me they can't get the mac port of this extension working. I don't have any problems with it on my end, is there anyone else who can verify this is an issue? If so, I'lll need a sample project reproducing the issue.
 
Hi. I am using this to get past what I assume is the sandboxing, so an included file can be copied, have its contents edited and then be directly saved back into the original by way of Notepad. For whatever reason I couldn't do this any other way within GMS, but I wondered if you are aware of whether this is misusing it?

I ask because this is something being considered for a tutorial on how to make your own text editor (although it's mainly about me making a much needed utility to tidy up my messy scripts) and I don't want to promote bad practices. Not really bothered about side effects personally, since its working for me, but I'd rather be 100% clear this is something I can suggest to others. And you might not want crediting for something that, I dunno, blows up peoples computers or some such :)
 

Samuel Venable

Time Killer
Hi. I am using this to get past what I assume is the sandboxing, so an included file can be copied, have its contents edited and then be directly saved back into the original by way of Notepad. For whatever reason I couldn't do this any other way within GMS, but I wondered if you are aware of whether this is misusing it?

I ask because this is something being considered for a tutorial on how to make your own text editor (although it's mainly about me making a much needed utility to tidy up my messy scripts) and I don't want to promote bad practices. Not really bothered about side effects personally, since its working for me, but I'd rather be 100% clear this is something I can suggest to others. And you might not want crediting for something that, I dunno, blows up peoples computers or some such :)
This isn't any less dangerous than any other form of executable code. It's what people do with it that can cause trouble. Same could be said about visual studio, microsoft's official IDE for C++ development; people program viruses using that. I don't know why people consider this any more dangerous. You could swap out any dll and have an exe run malicious code. These vulnerabilities exist with nearly all software on the planet. No need to single this one out or call it a bad practice, because believe me, it's nothing different from the ordinary. GameMaker used to have this feature built-in. They took it out along with a ton of other features claiming them to be not cross-platform even though we all know the truth behind that. They wanted less work to do. Less code to have to port to multiple platforms. At least, that's my impression.
 
This isn't any less dangerous than any other form of executable code. It's what people do with it that can cause trouble. Same could be said about visual studio, microsoft's official IDE for C++ development; people program viruses using that. I don't know why people consider this any more dangerous. You could swap out any dll and have an exe run malicious code. These vulnerabilities exist with nearly all software on the planet. No need to single this one out or call it a bad practice, because believe me, it's nothing different from the ordinary. GameMaker used to have this feature built-in. They took it out along with a ton of other features claiming them to be not cross-platform even though we all know the truth behind that. They wanted less work to do. Less code to have to port to multiple platforms. At least, that's my impression.
My apologies if you thought I was attacking you for being able to do this. "Bad practices" was a poor choice of words, but there might be consequences I'm unaware of in terms of system integrity / code integrity. I don't know :) That's what I meant by bad practices.

It's for a text editor built from GML (I have lots of unused variables floating around in scripts to remove, and commented out unused code), and I might make a tutorial of it. Which would be a bit crappy if it involved shifting files around outside of GMS, and a ton of concessions to being able to do it in GML in the first place.

Including the text files it will read is just a matter of convenience for the user, as is being able to save the edited file back in. It's a very specific purpose, and one where the developer intends for the user to be an active participant - but as far as I can tell even giving system permissions doesn't allow the sand box to be this direct, and the sand box options in GMS 1.4 won't work (for me at least - though that could be down to being a crap programmer)

Assuming I actually need to do it this way, then I just wanted to make sure it wouldn't be an issue. Since it uses your code, and that would need crediting if I do make this tutorial.
 
Last edited:
Could you use this asset to produce with GM:S a program called a "game booter", a program that contains a listing of other GMS games that execute shell will run from the sub-directory of the game booter's sandbox ( As long as you have the physical RAM to run them )?

The game booter is used to prevent the user from running the other games outside of the game booter. The other games are password locked, and only the game booter writes a password via execute shell, that the other games will acknowledge as a password, run the game, then delete the password file using a destroy command sent to the OS via execute shell from the game, while the game is still running.

The destroy command is a small program I wrote in C, which simply, truncates the file to 0 bytes to prevent file recovery and then deletes it.
 

Samuel Venable

Time Killer
Could you use this asset to produce with GM:S a program called a "game booter", a program that contains a listing of other GMS games that execute shell will run from the sub-directory of the game booter's sandbox ( As long as you have the physical RAM to run them )?

The game booter is used to prevent the user from running the other games outside of the game booter. The other games are password locked, and only the game booter writes a password via execute shell, that the other games will acknowledge as a password, run the game, then delete the password file using a destroy command sent to the OS via execute shell from the game, while the game is still running.

The destroy command is a small program I wrote in C, which simply, truncates the file to 0 bytes to prevent file recovery and then deletes it.
You can use command line parameters instead of a file, that would be more secure. Although it might be desirable to read program output in some cases, in which case the extension you would want would be Evaluate Shell.

You could read from the game's password parameter with the gml functions parameter_count() (only if you need it) and more importantly parameter_string(). On a Linux machine, you could even tell the application to boot on startup of your computer, and disallow any unrelated apps from running and hide the desktop. But this will take extra configuring on your end manually apart from the extension and GMS.
 
You can use command line parameters instead of a file, that would be more secure. Although it might be desirable to read program output in some cases, in which case the extension you would want would be Evaluate Shell.

You could read from the game's password parameter with the gml functions parameter_count() (only if you need it) and more importantly parameter_string(). On a Linux machine, you could even tell the application to boot on startup of your computer, and disallow any unrelated apps from running and hide the desktop. But this will take extra configuring on your end manually apart from the extension and GMS.
Im only using Windows.
 

Samuel Venable

Time Killer
Sorry, I assumed you were using linux, because people do this kind of thing a lot with that OS. All of this should be possible on Windows too, you would just need to prevent the runner from closing on alt+f4 and write an extension that would keep the fullscreen windows that you want to always be visible to not lose focus on alt+tab. Which if you already know C, these things are reasonably easy to do. Another approach would be to not ever have a keyboard plugged in and use a gamepad instead.

Mac users need to use the open command on the app bundle, which doesn't allow for reading output, but at least you can still use parameter_string/count() this way. :)

Edit: to be more correct, Russell informed me of this:
to read the output you can use the same trick that we do which is to redirect the runner output to a file (use the -output and -debugoutput command line flags to the same file) and then read the file as it is written to.
So while you can't read output through a pipe directly, you can however send the output to a temporary text file and thus allowing you to read from that and then quickly delete the temp file for security purposes.
 
Last edited:
I just wanted to make it clear you have nothing to worry about. :) credit me only if you want to, I dont require it.
Heh! You say that....After I set up this project GMS stopped working, and my PC then crashed. Which did worry me for a bit ;)

Not sure what the culprit was, but it was after an Nvidia update, and a Microsoft one too. Just amusing timing given our conversation. Whatever caused it, things are working now.

I will credit you, since anyone doing this will need to go to the marketplace (via your links above) to download execute_shell anyway. Though I've found that its encoded as gmez and won't work with 1.4, even though the marketplace says it's the right download. I had to go way back to an old project that was made when it was first acquired.
 

Samuel Venable

Time Killer
Heh! You say that....After I set up this project GMS stopped working, and my PC then crashed. Which did worry me for a bit ;)

Not sure what the culprit was, but it was after an Nvidia update, and a Microsoft one too. Just amusing timing given our conversation. Whatever caused it, things are working now.

I will credit you, since anyone doing this will need to go to the marketplace (via your links above) to download execute_shell anyway. Though I've found that its encoded as gmez and won't work with 1.4, even though the marketplace says it's the right download. I had to go way back to an old project that was made when it was first acquired.
That doesn't sound good. lol I'm glad everything turned out to be ok. GMS2 has been reported to crash abruptly at random by several users, so it wouldn't surprise me if it's just a bug with GMS2.
 

Mr Giff

Member
Hey!

Not sure what I'm doing wrong here, I'm on Mac OS 10.14.6 Mojave and I can't seem to get this to work at all.

I run the example project with no alterations and... well, nothing happens; no Calculator no Text Edit file.

I saw your update on the marketplace talking about required code signing, so I created a code sign certificate using Keychain Certificate Assistant and used Terminal to sign the DyLib in the sand box extension folder using

Code:
codesign -s [certificate] [DyLib Path]

and that still didn't work :(

So I'm not sure what else I need to do, unless perhaps I'm signing it wrong.

I'd love to get this working! I used to use the windows version to launch Python Scripts :)
 
Top