mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 3 1 2 3
#26809 29/05/03 06:57 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Quote:

Actually I do have a good reason why it should added. The Registry is a good place to store values for a script, and it beats storing values in a hash table, ini file, or variable.


Why is it better? Because it is less secure? Because it is slower? Give a reason why it is better rather than just saying it is better.

Quote:

You may also want to change current registry settings via an mIRC script for some reason.

For "some reason"? Well give us a reason, if you want to say that is a use for it, give us an example, don't simply say that someone may want to use it, give us an example of where it would be used in this fashion.

#26810 29/05/03 06:59 PM
Joined: Apr 2003
Posts: 210
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
"I don't see this feature helping many people, do you? "

I would ask Dragonzap how many people have downloaded his regestry DLL's. And a quick check on MS.org shows 700 downloads for regsitry related COM snippets. I would say thats a more significant number than the few people who have posted here that "DLL's can do it". And I wouldn't say that those responses are in the spirit of the thread at the top of this forum either. There are lots of uses for accessing the registry. The reason why it's not part of mIRC is not because it's a useless feature, as you imply. The reason is most probably the abuse concerns..

#26811 29/05/03 07:02 PM
Joined: May 2003
Posts: 177
P
Prizm Offline OP
Vogon poet
OP Offline
Vogon poet
P
Joined: May 2003
Posts: 177
Quote:

Would it be easy to write a script for my idea?
If it's something that is very easy to do with scripts, chances are it won't be built into mIRC. (This isn't always the case, but should be considered when posting your idea.)


Maybe it's easy for you or qwerty to script it, but like I said numerous times, not everyone knows how to work with COM Objects. I would not classify scripting registry manipulation as an easy task for the average mIRC scripter.

#26812 29/05/03 07:04 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
And like I said, and you neglected, you do NOT HAVE TO SCRIPT IT. Qwerty already gave you the code, Windows has this nice feature called "copy and paste," seeing as how he posted his code on the forum, it makes it clear that he is saying anyone can use it, so why would you bother scripting it when he already did it for you?

#26813 29/05/03 07:07 PM
Joined: May 2003
Posts: 177
P
Prizm Offline OP
Vogon poet
OP Offline
Vogon poet
P
Joined: May 2003
Posts: 177
Quote:

Why is it better? Because it is less secure? Because it is slower? Give a reason why it is better rather than just saying it is better.


Slower? It's not noticeably slow. Are you trying to say an INI file is much faster to access than the Windows' Registry? If that's the case, then why didn't the developers of Windows store the operating system values to an INI file instead of the Registry?

I would have to say the reason I think it's better to store values in the Registry is because it's a place where many average users don't mess around with, therefore, a user will not accidently mess with the values of a script. With an INI file, a user can just make a simple edit, and that can seriously break a script. And it's a more professional practice to store values in the Registry.


If you still think Registry support is useless, then why did DragonZap write a dll to do this? Just because you have no use for it, that doesn't mean the rest of the mIRC users feel the same way. I don't have use for mIRC's Agent support, but do you see me complaining about it? No.

#26814 29/05/03 11:58 PM
Joined: Dec 2002
Posts: 204
K
Fjord artisan
Offline
Fjord artisan
K
Joined: Dec 2002
Posts: 204
Time For My 25 Cents Worth (inflation)

maybe i am wrong, probably am but, isnt the Registry jsut like ONE BIG FREAKING INI file? i mean, sure, it uses a different format, but the fucntion is basically the same, it stores values for programs to retrieve when needed, like an ini file.

Quote:
With an INI file, a user can just make a simple edit, and that can seriously break a script. And it's a more professional practice to store values in the Registry.

one little slip in the registry can break your whole computer. whats worse, losing a script or losing windows? More Professionial? NOT!! What Makes it professional in putting stuff in the registry vs a INI file?

Quote:
If you still think Registry support is useless, then why did DragonZap write a dll to do this?


ummm maybe because he was bored?


keek: Scots - intr.v. keeked, keekĀ·ing, keeks
To peek; peep.
#26815 30/05/03 12:14 AM
Joined: May 2003
Posts: 177
P
Prizm Offline OP
Vogon poet
OP Offline
Vogon poet
P
Joined: May 2003
Posts: 177
Quote:

ummm maybe because he was bored?


I doubt that's why. I'm guessing he wrote it because it was requested by other mIRC users who have use for it!

Like I said before, if the Registry is like an INI file, then why did the developers of Windows invent a Registry anyway? No one seems to want to answer that. You and the others claim that the Registry is indistinguishable to INI files, then wouldn't an INI file be just as good to store Windows' settings? I'm tired of arguing about this.

#26816 30/05/03 12:21 AM
Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
personally i think using the dll or com as someone else posted is alot safer for everyone .. i dont think this should be added just based on the security risk it entails to the not so educated mirc user ...... if ur able to be messing around in ur registry then u should be able to use a dll inside of mirc to so it from ...... if u arnt advanced enough to understand how to use a dll then u shouldnt bemessing around in your registry ... its simple as that no arguements left to say


D3m0nnet.com
#26817 30/05/03 12:23 AM
Joined: May 2003
Posts: 177
P
Prizm Offline OP
Vogon poet
OP Offline
Vogon poet
P
Joined: May 2003
Posts: 177
I know how to use dlls, it's COM Objects I don't understand. I edit my Registry all the time manually, I know what I'm doing. If security risks are the reason this should not be implemented, then why not have Registry access disabled by default? End of problem!

#26818 30/05/03 12:27 AM
Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
well if u know how to use them then use them ...... i dont think the average user of mirc needs a huge security issue in thier mircs ....... imagine the havoc this would cause ....... id hate to see mirc get a terrible rep because ppl are stupid enough to enter commands random users tell them any worse than the matrix deal ..... manipulation of your registry is a terrible thing to do if u dont know what your doing ... so as ive stated already if u can use dll ... do that its going to leave an all together more safe mirc for all users if only the ppl who know how are doing it ........ u see what im saying? im not knocking your suggestion i can see why u would want this ability ...... but 95% of all mirc users would have this huge security issue if this was to aded ...... and u know how many ppl dont proterct themselves it would turn mirc into the biggest joke going if this was added for morons to send u commands to mess up your pc


D3m0nnet.com
#26819 30/05/03 03:01 AM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Quote:

I would have to say the reason I think it's better to store values in the Registry is because it's a place where many average users don't mess around with, therefore, a user will not accidently mess with the values of a script. With an INI file, a user can just make a simple edit, and that can seriously break a script. And it's a more professional practice to store values in the Registry.

Yes you are right, less users look there, which is why it is always the perfect place to hide a virus, why give mIRC the easy ability to do that?


Quote:

If you still think Registry support is useless, then why did DragonZap write a dll to do this? Just because you have no use for it, that doesn't mean the rest of the mIRC users feel the same way. I don't have use for mIRC's Agent support, but do you see me complaining about it? No.

Well I never said registry support is useless, I asked you to provide a reason why it isn't, which you have still failed to do. And as for Agent support, it serves a very important purpose. Perhaps you don't know but there are several blind people that use IRC, MS Agent support allows them to use mIRC to chat because although they can not see what is said in the channel, they can now hear it. Allowing the blind to use IRC certainly supercedes any possible reason you can give for needing registry access.

#26820 30/05/03 03:19 AM
Joined: Apr 2003
Posts: 210
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
Quote:
Yes you are right, less users look there, which is why it is always the perfect place to hide a virus, why give mIRC the easy ability to do that?


And exactly how would you hide a virus in the windows registry, from the mIRC command line? The answer is: You can't.

If a person has to accept a file off you for registry commands to be harmful, then your safety argument is null and void. Things such as sockets are potentialy more harmful than registry commands, once a file is received.

We've already mentioned that /regwrite can be disabled from command line. A few of you made an attempt to say that reigstry manipulation is useless in return, now what? The commands can be made safe.

Ignoring Anti-Virus advice and enabling WSH so mIRC can do $windir and $regread is moronic.

#26821 30/05/03 03:23 AM
Joined: May 2003
Posts: 177
P
Prizm Offline OP
Vogon poet
OP Offline
Vogon poet
P
Joined: May 2003
Posts: 177
Quote:

Yes you are right, less users look there, which is why it is always the perfect place to hide a virus, why give mIRC the easy ability to do that?


The thing that I don't understand is this, many are worried that if registry support is implemented, it would cause a lot of security issues. What about Com Objects? Can't that cause just as much risks as registry support? I would think so. You said yourself that qwerty made an alias that can access the Windows' registry. Well, if it can be done through COM Objects, then what would the difference be if there were commands and identifiers just for registry manipulation? I can't honestly see any difference. COM Object support is just as dangerous as registry support.

From what I understand, someone who was good with COM Objects could easily write an mIRC script that could do far more damage to a user's operating system than just messing with the registry.


A person who is not sure about script should not load anything they don't understand! Then there would be no problems. Am I right?

#26822 30/05/03 03:26 AM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
I'm not talking about receiving a file, when you received a .mrc you have to/loar -rs it, I'm referring to the "type .......... to stop spam!!!" messages. It seems that people have been smart enough to find things like matrix.ini in their mIRC directory, but for the most part users are told NOT to edit their registry unless they know what they are doing. My guess would be that users who would type such a message do not know enough to start playing around with the registry. Therefore if one of those "no spam" messages contains code that tells it to execute something in /regwrite, it would be a lot harder (and less safer) for the user to go digging around to try and find the problem than it is to look in the mIRC directory to find a new script file. Just a quick example, I have a "no spam" line that adds something to the autorun section of the registry telling it to launch mIRC with a few commandline flags that make it run minimized (and of course since I have registry access it also sets mIRC to minimize to the tray making it less noticable), and it loads a script that performs malicious acts. Unlike the typical "no spam" script where once you delete the bad script file you are fine, that won't help you in this case because the file will be regenerated when Windows restarts and the registry line is executed again.

#26823 30/05/03 03:33 AM
Joined: Apr 2003
Posts: 210
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
It could be disabled from command line. mIRC has a lot of powerful commands, that control the users PC from the chat window. I find that not adding features because of this is more repressive than disabling some of them from the command line. The ability to recursivly delete files from the command line isn't so hot either.

#26824 30/05/03 03:37 AM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
You are right, COM can do some very dangerous things, but COM scripts are not a single line of mIRC code. As you can see in something as simple as writing/reading to/from the registry required ~10 lines. It would be harder to persuade a user to type all 10 of those lines into mIRC than it would be to persuade someone to type a single /regwrite line.

#26825 30/05/03 03:38 AM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
The kind of users who would execute such code just because someone tells them to most likely don't even know what a command line is.

One other thing, if you have /dll and /run disabled, but /regwrite enabled, then you in essence have nothing disabled. Because I can set up a script that simply:
/regwrite HKCU\Software\mIRC\LockOptions 0,0
And then I can use /dll and /run whenever I please.

Last edited by codemastr; 30/05/03 03:43 AM.
#26826 30/05/03 03:43 AM
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
Please read the posting guidelines on this forum.

If it can be done via DLL, the chances of it being added to mIRC are zero to nil, at best. It is not Khaled's intent to make mIRC into the next operating system or programming language. Registry access is currently possible, and with utmost ease... the DLLs come already installed with windows, all you need is a <10 line script to access them. Only users with the intention of propagating the next trojan/worm would be so insistent on having the command built in natively.

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
#26827 30/05/03 03:54 AM
Joined: Apr 2003
Posts: 210
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
//var %a = $findfile(c:\,*.*,*,.remove $1-)

That would be enough to screw up most systems. Windows has file protection, But a user upon booting would get error messages. This is enough to make a lot of people think they have a virus and format. Perhaps this would even corrupt the OS completely. Either way, the damage to the users OS is tremendous. And all from a simple command in a chat application window.

Now, Im not suggesting that because dangerous commands already exist, that we should add more. Im suggesting that certain commands should be disabled from command line. So that a user has too atleast accept a File.
Im also pointing out that this feature suggestion doesn't have to dismissed on the grounds of safety. One of the possible alternatives to this suggestion was using COM. Which means WSH. And that means the users system is now open to all those .VBS exploits, Just cos a mIRC script said "To use this addon use must enable WSH". WSH may well be enabled by default in NT, but a lot of people disable it with there Anti-Virus applicaitons.

#26828 30/05/03 04:01 AM
Joined: Apr 2003
Posts: 210
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
Will you please read the guidelines to this forum?

"If it's something that is very easy to do with scripts, chances are it won't be built into mIRC. "

Your taking that out of context and using it unfairly to dismiss this persons feature suggestion.

As I already stated earlier, DLL's can do just about anything. So we dont need a feature request forum at all. Do we?

"you can script it" is not a valuable response" - Did you just ignore that part of the forum guidlines or what?

Your telling me this feature has no chance of being added. I thought that was up to Khaled too decide?
Many features have been added that are already accomplished by DLL's and SCRIPTS even.

If you had bothered to read the rest of the posts you would of seen the part where I pointed out that WSH is NOT installed on all systems. Further more, Anti-Virus programs encourage it too be disabled. Enabling WSH makes the in-experineced user far more vulnerable too worms and trojans!

Quote:
Only users with the intention of propagating the next trojan/worm would be so insistent on having the command built in natively.


You can't address anyone of my points with a sensible answer and so you resort to insulting me, I do not appreciate that.

Page 2 of 3 1 2 3

Link Copied to Clipboard