Expanding the capabilities of ACS scripting with python

[DavidN]

Oddly enough I was trying to work out how to do this a few years ago, for a silly Doom-based order management tool I was going to submit to a hackathon at work :) (Maybe a stuck order spawns an enemy, shooting it makes it retry or cancel) Looking at the log file was the only way I could imagine how to get data out of GZDoom as well - although as it’s open source I suppose you could just get it to do anything with some tweaks.

 

Input was the other tricky part - I’ve seen a weird technique used where a streamer sets up their controls so that some key inputs run scripts for spawning monsters and so on, then another program is set up to listen to a stream chat and simulate those inputs so that the audience can interact with the game and make the player’s life harder :) These days you can also use ZScript to check the contents of a lump, which can be changed at runtime if GZDoom is running an extracted pk3 folder.

 

I’m glad this caught your interest :)

Edited June 17, 2023 by DavidN

[Gez]

On dimanche 4 juin 2023 at 10:09 PM, Ausara said:

Also I don't think having a second program running in the background is safe for a game.

Steam and Discord say hello.

 

On the topic of ACS and Python, I want to mention the late Kate Fox who tried to plug GZDoom and Python together.

[Bauul]

On 6/7/2023 at 11:30 AM, QuotePilgrim said:

I don't think if ACS had a function that can write a file to the user's machine that would be such a terrible thing

 

Given the community's history with Terry wads, ACS having the power to write files to your PC seems like a terrible idea. What's to stop some troll writing a script that just fills your PC with millions of files?

 

I would never trust running a ZDoom map again.

[DavidN]

4 hours ago, Gez said:

On the topic of ACS and Python, I want to mention the late Kate Fox who tried to plug GZDoom and Python together.

Mentioning it like this completely reads like that’s what killed her D:

[QuotePilgrim]

On 6/17/2023 at 9:20 AM, Bauul said:

Given the community's history with Terry wads, ACS having the power to write files to your PC seems like a terrible idea. What's to stop some troll writing a script that just fills your PC with millions of files?

What's to stop any game other than Doom from doing the same thing? If one game did that to you would you also stop trusting all games ever?

 

Every PC game engine out there allows game developers to read and write files with arbitrary data in the users machine. GZDoom is the only exception to this I can possibly think of. Why is it a bad idea for GZDoom to have that feature, and not a bad idea for every other game engine in existence? Any game you have ever played could have filled your PC with millions of files, but they didn't, and I bet you never worried that they might do that. Besides, if that's what you wanna do, you don't even have to make a game at all, just distribute a zip bomb under the pretense that it is a game, it's a lot less work than making a game (or a mod/level for a game, as would usually be the case with DOOM), and just as effective.

I've been working on an off on a standalone game made in GZDoom for a couple years now. The ability to create files in the user's home directory (which, again, is a normal thing almost every game does) in order to save persistent data would be a very useful feature that would save me a lot of headache. The game has very little content in it at this point, and I'm already having to come up with ugly workarounds to implement some of the features I want. I have honestly considered forking GZDoom, making changes to the source code, and ensuring my game would only be playable with my modified version of GZDoom. I have ultimately decided against it, as it would be simpler to just distribute the pk3 for members of the DOOM community, even if I still have to bundle my game with GZDoom for everyone else. I may, however, revisit this idea at some point.

Edited June 19, 2023 by QuotePilgrim

[Shepardus]

38 minutes ago, QuotePilgrim said:

What's to stop any game other than Doom from doing the same thing? If one game did that to you would you also stop trusting all games ever?

If a stranger were to send me an arbitrary executable and I didn't know anything about it nor anyone else who has run it, then yeah I'd be leery of running it. Same if a website asks me to install a plugin or asks for camera/microphone/location access with no good reason to do so, or if a smartphone app requests more permissions than it should. That doesn't stop me from trusting "all games ever" because there are other factors to consider besides what a program can theoretically do, like whether I understand what it's supposed to do, whether others have already run or reviewed it, and whether there's source code that I can vet myself. With Doom WADs I can download a random WAD posted in a forum thread with no replies and be reasonably confident that it's not going to blow up my computer, but if it asked me to run a Python script it'd certainly raise my eyebrows (I'd probably look at the script in an editor before running it).

[Bauul]

1 hour ago, QuotePilgrim said:

Every PC game engine out there allows game developers to read and write files with arbitrary data in the users machine.

 

Just to make sure we're on the same page, we're not talking about game developers building a new game on an existing engine, we're talking about modders making content for Doom. 

 

Like I said, Doom has an actual and very real history of people making troll wads specifically designed to mess with your system. Zip bombs, like you describe, was one such method. I recall for a while Zandronum had the ability to directly edit console commands and so naturally there were mods that basically sought to brick people's installation.

 

This isn't some hypothetical fear, it's a genuine problem the community faced (which thankfully is much less of an issue now precisely because of the diligence of not allowing the types of things you are describing).

 

Edit: You might want to read through this thread for some context too: https://forum.zdoom.org/viewtopic.php?t=58775. Back in 2017 an exploit in ZScript was found that allowed modders to edit console commands and ultimately write files to the users' system. It was a huge deal and requires a rapid emergency patch when it was discovered. What you're asking for is basically for this exploit to be reinstated.

 

1 hour ago, QuotePilgrim said:

I have honestly considered forking GZDoom, making changes to the source code

 

So why aren't you, out of interest? A good proportion of people using GZDoom to create their own games have forked the engine, precisely because so much of GZDoom is designed with the Doom community (and all it's baggage) in mind. 

Edited June 19, 2023 by Bauul

[QuotePilgrim]

49 minutes ago, Bauul said:

So why aren't you, out of interest? A good proportion of people using GZDoom to create their own games have forked the engine, precisely because so much of GZDoom is designed with the Doom community (and all it's baggage) in mind. 

Because, as I said, for the sake of sharing the game with the DOOM community, it's simpler to just give people the pk3 and let them use their own installation of GZDoom if they wish to. So far, I believe I can make everything I have in mind work with unmodified GZDoom -- even if requires atrocious workarounds --, but if there is some game mechanic I deem absolutely required which would need me to modify the engine, I might do that. Or I would at least try to, as I am not super familiar with C++ (I wrote a couple simple command line tools back in high school, learned Python, then never looked back), meaning I would have to essentially learn the language as I make the changes I want.

Edited June 19, 2023 by QuotePilgrim