Hellspoodles
Recruit
Hi All,
I recently got into modding Bannerlord and it seems somewhat unsafe to use dll files for scripting mods instead of a custom scripting language that most games have. Are there any safety measures in place from the engine which prevent modders from doing malicious things? I am in no way close to a expert on malware and malicious programs, but I conducted a rudimentary test to see what is possible to do from a simple Bannerlord mod.
I made a "MyFirstMalware.exe" program, all it does is stay alive so that I can spot it from the task manager. I encrypt this file to prevent anti-virus checks that most file hosting sites from spotting that this is a malicious file. Not a very good encryption but good enough for a simple test. I put this encrypted file in my mod and had the mod decrypt the file, and then place it in my root directory (C: drive in this case) and then run the file. I loaded up my mod, ran the game, closed it out from the main menu, and checked task manager. My program was running in the background. If this had been a keylogger running in the background, I would probably have no idea.
Obviously, this isn't a terribly stringent test of anything. A good anti-virus software should be able to pick up on the malware once it starts running and kill it. Tale worlds shouldn't rely on end users having a good anti-virus though. There is a lot you can do from the C# interface as well, you might not even need an external program do do malicious things. There is a lot of things I can do and some of these things are really hard to detect if you don't know it's there especially for the %99.999 of people who don't have the skills or knowledge to look.
My test did not push the bounds of what is possible with Bannerlord malicious modding. Is there anyone with more experience in these things that knows the limits of what is and isn't possible?
I recently got into modding Bannerlord and it seems somewhat unsafe to use dll files for scripting mods instead of a custom scripting language that most games have. Are there any safety measures in place from the engine which prevent modders from doing malicious things? I am in no way close to a expert on malware and malicious programs, but I conducted a rudimentary test to see what is possible to do from a simple Bannerlord mod.
I made a "MyFirstMalware.exe" program, all it does is stay alive so that I can spot it from the task manager. I encrypt this file to prevent anti-virus checks that most file hosting sites from spotting that this is a malicious file. Not a very good encryption but good enough for a simple test. I put this encrypted file in my mod and had the mod decrypt the file, and then place it in my root directory (C: drive in this case) and then run the file. I loaded up my mod, ran the game, closed it out from the main menu, and checked task manager. My program was running in the background. If this had been a keylogger running in the background, I would probably have no idea.
Obviously, this isn't a terribly stringent test of anything. A good anti-virus software should be able to pick up on the malware once it starts running and kill it. Tale worlds shouldn't rely on end users having a good anti-virus though. There is a lot you can do from the C# interface as well, you might not even need an external program do do malicious things. There is a lot of things I can do and some of these things are really hard to detect if you don't know it's there especially for the %99.999 of people who don't have the skills or knowledge to look.
My test did not push the bounds of what is possible with Bannerlord malicious modding. Is there anyone with more experience in these things that knows the limits of what is and isn't possible?