Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

MilkShape 3D does what it wants. With no EULA.

By Trystan in Technology
Tue Apr 08, 2003 at 04:13:29 PM EST
Tags: Technology (all tags)

What can a program do on your computer without your permission?  What do you view as a violation of trust in matters like this?  Why are copy protection schemes so prevalent despite their uselessness and the standard geek's resistance to them?

I've recently come across a situation with MilkShape3D that I think brings to light several problems with technology and standard (read: non-geek) end users.

MilkShape3D (http://www.swissquake.ch/chumbalum-soft/) is a low cost, high performance modelling program used by lots of different mod teams and budding modellers throughout the world.  When I say low cost I mean it - $25.00 a copy.  Compare this to discreet's product line (http://www.discreet.com/products/3dsmax/) or Alias Wavefront's product line (http://www.aliaswavefront.com/en/products/maya/index.shtml); 3DS Max student copies start at $450.00 USD.  Maya student copies start at $600.00 USD.  MilkShape allows you to produce models with no commercial usage limitations.  The student copies which I compare it to have stringent commercial usage limitations.

MilkShape does not do everything that 3DS Max and Maya do.  To claim that is folly.  It does allow a user to get comfortable with the interface, and it does allow the user to understand modelling concepts without the requirement of pirating or purchasing thousands of dollars in software.

Now that I've extolled the values of MilkShape3D, let me begin to explain to you why I have a problem with it.  I use MS3D for one purpose only.  That purpose is to decompile existing Half Life models and import them into other 3D programs for analysis and recreation.  In the particular case I'm referring to I was working on a port from a Half Life mod (http://www.valvesoftware.com) to Unreal Tournament 2003 (http://www.unrealtournament2003.com).  The original mod team did not have the original files available for all the models I wanted to play with and so I began the decompilation process.

During the course of this process I noticed my copy of MilkShape3D was expired.  I am a rabid fan of shareware and supporting it so I decided that despite the fact that MS3D's model decompilation process didn't require registration (Use Tools -> Half Life -> Decompile Normal Half Life Model instead of Tools -> Kratisto's HL MDL Decompiler) that I would support this program and I would register it.

And my problems began.  I am a self sufficient geek.  I do not use tech support services of any sort if I can avoid it.  When I attempted to register MS3D with my registration code it wouldn't take.  It informed me that I should run MS3D for one to two minutes and try again.  So I did.  No go.  The first thing to do IMHO on the Win32 platform is to start over.  So I uninstalled MS3D and reinstalled it - yet the error remained.

At this point I was becoming curious.  I opened up the fabulous tools from SysInternals (http://www.sysinternals.com) Filemon and Regmon to see what activity was taking place.  I started up MS3D.

Regmon disappeared.  Huh?

Start Regmon again.  Thirty seconds later it was gone.

I've had MilkShape on my system long enough that I didn't know what the terms of the end user license agreement were.  So I decided to check.  I reran the installer to see what I had, inadvertently, clicked through to see if I had granted MilkShape3D the right to shut software done on my computer.

There was no EULA.

I installed it again and checked the program directory.  There is no EULA there, either.

MilkShape3D was shutting software down on my computer and I had not given it permission to do so.

What else does this software do?  What information, if any, does it report to the programmer?  What happens if I type in my code wrong five times; do I get a formatted hard drive?

Why does this matter?

Consider a situation fairly common in the free (1)software world.  A programmer decides that he doesn't like Microsoft or their products so he decides that he wants to uninstall competing software.  Or, a more common scenario, the installation of adware uninstalls AdAware or similar components.  These programs do these actions with an EULA that we are required to supposedly read and click through.

MilkShape doesn't even put forward that pretense.  It just does what it likes to protect it's intellectual rights.  In one way MilkShape3D gets it right - without an EULA the only laws protecting it are copyright laws, the ones that forbid distribution of a product soley based on the fact that you only own one copy of it.  That's a Good Thing.  To decide to shut down running software on another person's machine, however, without notification to that individual (not even a message box stating that MilkShape3D doesn't want that program running) is in my book opening Pandora's Box.

At this point in time I admit I became somewhat of a zealot and an idiot.  I posted in the official forums about my problem.  The responses astounded me.  I was accused of trying to crack the software ($25.00 is roughly one half hour of work for me.  I assure you it's not a worthy endeavor once you do a cost-benefit analysis), that the closure of Regmon was just a bug, a paranoid fantasy of mine, to receiving threats of being email bombed by the forum goers.

Their responses were along the lines of "Why do I care?"  This is the response of a standard end user who doesn't see long term.  One poster even went so far as to say "I'll care about copy protection when they copy protect my food and drink."  These individuals are the reasons why the RIAA and Microsoft can do as they will; they are mindless drones who refuse to think on their own.  How will you live long enough to protest the action?  You won't.  Another response was "No one forced you to download MilkShape."  No, you're correct.  In the end my friends and I came to the consensus that not a single person there understood the point I was trying to get across.  They simply assumed that I was a criminal attempting to get access to the information that MilkShape stores.  (As a side note I now own 11 copies of MilkShape, copies purchased to attempt to get the people there to understand my point that this was an argument based on principle, not based on lack of money or the intent to commit criminal activity.)

This type of activity cannot be condoned by the technological community.  It must be stopped, protested.  You have no idea what MS3D does on your computer - you trust that it behaves responsibly.  Actions like this show that it will not do so.

For those who think this may be a bug a simple project:  create an empty Windows form project, no code, with a title matching "Registry Monitor - Sysinternals:  www.sysinternals.com".  Run MilkShape3D and watch it go away.

Copy protection is a waste of money.  If you protect it others will come and find a way to break that protection.  There is no viable reason to protect your software in my mind.  There is, also, a difference between protecting your software and activities that can be construed as destructive to protect your software.  Cracks for MilkShape3D exist all over; you can hexedit Regmon and change the window name and it runs fine; you can compile Regmon from old source and change the title and it runs fine.  To me the refusal to remove this sort of protection only points to the definitive possibility of additional protections having been implemented, and hidden.

My test project is available for those of you with the .NET framework at http://www.tdsfa.org/trystan/setup.exe.  It is extremely simple, source code is included for those who think I've contrived a method for the program to shut itself down.  (Basically, there IS no source.)  Again, this program requires the .NET Framework 1.0+ to run.

(1) I use the term "free software" to mean any software publicly available but without source code.  "Open source" software would allow you to see what goes on under the hood and could be examined at any time by any user to determine that there was no malicious actions.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o http://www .swissquake.ch/chumbalum-soft/
o http://www .discreet.com/products/3dsmax/
o http://www .aliaswavefront.com/en/products/maya/index.shtml
o http://www .valvesoftware.com
o http://www .unrealtournament2003.com
o http://www .sysinternals.com
o http://www .tdsfa.org/trystan/setup.exe
o Also by Trystan

Display: Sort:
MilkShape 3D does what it wants. With no EULA. | 170 comments (134 topical, 36 editorial, 0 hidden)
Copy protection? (4.00 / 8) (#1)
by mstefan on Tue Apr 08, 2003 at 11:16:18 AM EST

I'd call that stupidity. Particuarly given that enumerating top-level windows and using their titles to determine if an application is running is... well, not clever.

Why stupidity? (3.66 / 3) (#6)
by Viliam Bur on Tue Apr 08, 2003 at 11:25:30 AM EST

Fast to write, and it works! Perhaps it does not work in 100%, but 90% is good enough. That is a good result for a simple code. Much better than employing a "anti-Regmon specialist".

[ Parent ]
It does NOT work. (3.50 / 2) (#12)
by Ranieri on Tue Apr 08, 2003 at 11:29:55 AM EST

Anyone bright enough to have a use for regmon knows how to circumvent this crude measure. Its efficiency is nowhere near 90%.
Taste cold steel, feeble cannon restraint rope!
[ Parent ]
It doesn't matter - its unethical and damaging. (4.00 / 2) (#28)
by lukme on Tue Apr 08, 2003 at 11:50:10 AM EST

Some manager/pointy haired boss there came up with a brilliant idea - they could just close windows with arbitary names.

I bet some programmer was told to do it this way, and since the programmer was working for beer money, he just did it.

To close a different executable does cause harm. The only executable any program should stop is its self.

It's awfully hard to fly with eagles when you're a turkey.
[ Parent ]
Absolutely. (none / 0) (#65)
by Ranieri on Tue Apr 08, 2003 at 02:40:39 PM EST

I am with you 110%. This is unacceptable behaviour. My beef was with the "good enough" argument, I did not intend to condone this conduct in any way.
Taste cold steel, feeble cannon restraint rope!
[ Parent ]
Because... (4.00 / 2) (#46)
by mstefan on Tue Apr 08, 2003 at 12:52:14 PM EST

As a so-called copy-protection scheme, it is trivial to defeat. As Ranieri points out, if you're clever enough to run regmon, you're clever enough to bypass that check. "Good enough" with copy protection generally means that it's a complete waste of your time.

Let me correct that. Copy protection period is a complete waste of a developer's time. I've learned that the hard way. It's better to spend that time focusing on improving your product and providing the best support that you can for it.

[ Parent ]
Let's review (1.37 / 27) (#2)
by jayhawk88 on Tue Apr 08, 2003 at 11:19:19 AM EST

1. I had a problem with the registration of a shareware program.
2. I had another problem getting another program to start properly on my computer.

Conclusion: Teh st00pid pr0g si haxoring by b0x3n! WTF!!?!?!!

Please don't take offense to this. I'm sure you "know all about computers", and have determined beyond a shadow of a doubt that there is no possibility these two problems are not related, and could individually be traced back to a seperate problem with the operating system or hardware.

Why, then, should we grant government the Orwellian capability to listen at will and in real time to our communications across the Web? -- John Ashcroft
I have a limited number of boxes. (5.00 / 4) (#15)
by Trystan on Tue Apr 08, 2003 at 11:31:53 AM EST

I supplied a test program.  It is easy to recreate in other languages.  I can put together a Visual Basic or Visual C++ version of said if you'd like.

My tests so far have been conducted under Windows 2000 and Windows XP.  My machines are mostly clean installations with mostly development tools on them.

Please test for me. If I am wrong then so be it.

[ Parent ]

Interesting problem (3.90 / 11) (#3)
by marcos on Tue Apr 08, 2003 at 11:19:48 AM EST

I don't support their actions, but I am curious, does closing software that is running on your computer constitute a breach of your rights? And in what way? It has not taken anything away from you.

And, alright, the software has not got a license. By turning the software on, you are saying that you want to use the functionality of the software, and the functionality is not defined ANYWHERE. So part of the functionality is to close that particular program, but without changing it.

So if you see that it has functionality you do not want to use, how about simply shutting it down?

I'm no advocate, like I said, but I fail to see how their actions are legally wrong.

They are not legally wrong. (4.60 / 5) (#9)
by Trystan on Tue Apr 08, 2003 at 11:27:50 AM EST

It is not legally wrong.

In my mind it is ethically wrong.

We expect software authors to notify us of their actions, what they expect to do.  And when it comes to any sort of destructive or semi destructive method, I expect them to notify me [b]specifically.[/b]

To expect less is inviting disaster.

[ Parent ]

Good distinction. (4.80 / 5) (#23)
by aphrael on Tue Apr 08, 2003 at 11:40:04 AM EST

I think the parent comment to yours indicates a common, and frustrating, problem in political discourse: the theory that if it isn't illegal it must be OK. Where did the idea come from that there is no legitimate check on behavior other than the law?

[ Parent ]
I think that society tends to ignore those .. (5.00 / 3) (#26)
by Trystan on Tue Apr 08, 2003 at 11:45:35 AM EST

who don't commit atrocious crimes at this point.

So many people use the anonymity of the Internet to do things they would never consider in real life.  A recent Userfriendly cartoon had it right - they're not practicing their right of free speech, they're practicing their right to be free of my fist in your face.

Ethics, morals, principles.  You can see it in some of the replies to this post - vote with your dollars.  But who wins?  How would you know this software did this?  Where do ethics and principles step in?  I bought 11 copies to demonstrate that I'm not trying to rip the programmer off; I'm simply trying to stop what I view as atrocious behavior.

People don't understand how or why I'd do that.

People put money first in their lives, and anything else second.  I seem to be one of the few who honestly puts their ethics first, family second, and money third.  (Why is ethics first?  Over family?  Because my son, if he were to do something ethically wrong, would be criticized by me just as harshly and just as strongly.)

It's the problem with society in general.

[ Parent ]

But is it ethically wrong (4.00 / 4) (#36)
by marcos on Tue Apr 08, 2003 at 12:30:51 PM EST

Seen from the software authors viewpoint, someone is possibly trying to steal his software. So he takes steps against that. Nothing gets harmed, and possibly, a theft is prevented.

Where is the ethically wrong behaviour?

[ Parent ]

If the author wanted to protect his investment.. (4.66 / 3) (#43)
by Trystan on Tue Apr 08, 2003 at 12:47:05 PM EST

..a messagebox stating "Regmon is running.  MilkShape3D will not run while Regmon is running." and shutting itself down is more appropriate, ethically, than shutting down Regmon.

First, you've got an informational message.
Second, if you and I disagree violently on something, and you make me feel threatened what's the better move?  To remove myself, or to remove you?
[ Parent ]

Alright you win (4.50 / 2) (#50)
by marcos on Tue Apr 08, 2003 at 12:56:44 PM EST

The application is wrong to shut down sysinternals software. I was just looking at the situation theoretically.

[ Parent ]
are you serious? (4.66 / 3) (#45)
by pb on Tue Apr 08, 2003 at 12:50:49 PM EST

Ok, let's say I write a shareware image viewer. You love my program so much that you download and install it as soon as you install windows. You load it up, and go to c:windows to browse through your collection of windows backgrounds. Then you notice that this new version of windows has annoying features like a bouncing click here to begin arrow. So you find out how to disable it, load up regedit, and...

What's that you say? Regedit closed? Your windows installation starts behaving strangely? Some of your precious image files start disappearing? Hmm. Could I have gotten a virus? No, I just installed Windows. And the only other thing I installed was this wonderful shareware program... Maybe I should send an e-mail to the author and tell him that his program might have a virus.

User: Hi, I'd like to tell you that your program might have a virus in it or something. I just installed it, and then I loaded up RegEdit, and...
Author: Why did you do that? Were you trying to steal my program?
User: No, no, I'd never do that, I love...
Author: If you love it so much, why don't you register it? It's people like you that are the problem.
User: What do you mean?? I'm just trying to report a bug...
Author: [Hmm, I guess my copy protection isn't good enough. Maybe I should add in some virus-like code in the next version. Then I can make sure that no one steals my intellectual property! And I could have it report to me if they do...]
Author: Actually, I'm working on a new version, I'll send you a pre-release copy as soon as I finish it, and you can help me test it!
User: Gee, thanks, that's really nice of you!

"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall
[ Parent ]

A big step (none / 0) (#103)
by The Dark on Tue Apr 08, 2003 at 11:20:29 PM EST

It seems a bit of a leap to go from this case (shutting down a monitoring tool during installation) to a program stopping a system tool at all times and deleting random images - where did that come from?
I'm not defending them, I think its a terrible thing to do, mucking around with other programs, but at least we should be annoyed at what actually happens and not make stuff up to be annoyed about.
On another note, I'm not sure giving them $275 worth of license money is the best way to discourage this kind of behavour.

-- Sig's not here.
[ Parent ]
not a big step at all. (none / 0) (#126)
by pb on Wed Apr 09, 2003 at 11:34:27 AM EST

Once you concede that a program should be able to defend its intellectual property, or indeed do anything beyond what it is supposed to do, you open the door to all sorts of things. As I've mentioned, this is no different from a trojan horse; it claims to do one thing, when in actuality it has other hidden "features" that are only activated when you do something the author of the program doesn't like.

As for the extra 10 licenses, I believe that offer was made to encourage the developer to remove these "features"; but someone else posted a link to their discussion, so you can read that for yourself. Personally, I agree, though; I wouldn't use the software at all after finding out that its programmers apparently know nothing about ethics, the law, common courtesy, etc., etc...
"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall
[ Parent ]

Where did the idea come from? (4.00 / 1) (#40)
by Filthy Socialist Hippy on Tue Apr 08, 2003 at 12:43:24 PM EST

Nixon?  Enron?  Worldcom?

Every politician, and every boardroom, and every law school in the free world?

leftist, you don't love America, you love what America with all its wealth and power can be if you turn it into a socialist state. - thelizman
[ Parent ]

UK: Computer Misuse Act (4.00 / 5) (#59)
by pjc50 on Tue Apr 08, 2003 at 01:38:41 PM EST

Basically, this act states that modifying any data on a computer without the permission of the owner is a criminal offence. As such, it's very broad. It's also very infrequently used.

See <a href="http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm">the text here.</a>

[ Parent ]

Breach of Rights (3.66 / 3) (#60)
by bodrius on Tue Apr 08, 2003 at 01:38:57 PM EST

It seems to me that the described behavio is a breach of rights, and can in some circumstances be illegal.

Apparently there is no EULA (no contract implicitely giving this right). And no restriction of use, which means the product could be used in a commercial or pseudocommercial environment. And no documentation of this behavior.

Shutting down other programs you're using stops whatever you're doing with those programs, interrupting your work and potentially incurring damages. Like say, 3 hours of waster production time trying to figure out if your workstation has a virus or what exactly happened, and more if substantial work was lost.

The problem is that when another program chooses to control or shut-down other processes in your machine that it didn't start itself, it's making some big assumptions on what you're doing with your own machine, and overriding your decisions.

In this case, it's assuming you're doing something bad, and stops the activity. In this case, it also expects you to make some other big assumptions of what IT is doing in your machine (i.e.: nothing nefarious). Yet this software is acting on your property (your machine) with your resources (memory, cpu) and with your time.

Imagine if Gator or some other adware shut down packet sniffers and similar tools without warning, AND without documenting this on the EULA (or at least the Readme or somewhere else).

Why? Packet sniffers are obviously used only by hackers and crackers, and they're just interrupting obviously nefarious activity. You can't monitor your network activity now? You don't say. You can't find the source of all that unknown network activity? My, what could it be...

It doesn't take that much to cover this ethically and/or legally. Just ask for permission. Document it. Don't make the user waste a lot of time finding out what's going on.

Telling the user what you're doing and why would be nice too in the next version: it's not like an Alert window is an extraneous feature to add to a 3D modelling software.

Heck, you don't even need an EULA. Just check for the Evil Regmon before doing anything and if it's there, tell the user nicely what you're doing and why and give him a nice alert window and let him/her save whatever work will be lost.
Freedom is the freedom to say 2+2=4, everything else follows...
[ Parent ]

I think (2.36 / 11) (#29)
by starsky on Tue Apr 08, 2003 at 11:54:52 AM EST

this is an interesting article, but I'm not arsed about any of the /. EULA ranting. It's just a fun software anecdote hence +1 FP. You guys take life too seriously - if you don't like what it does, don't use it.

I've seen that one before .... (3.16 / 6) (#30)
by Stavr0 on Tue Apr 08, 2003 at 12:03:53 PM EST

This little card game pulls the same kill-9 REGMON.EXE too.
- - -
Pax Americana : Oderint Dum Metuant
Hmm (4.62 / 8) (#31)
by KittyFishnets on Tue Apr 08, 2003 at 12:04:48 PM EST

Many of the comments so far seem to be belittling your concerns. While this does seem like a small fish in a small pond, I feel you've established your complaint well and have the right to be peeved. Lord knows I've gotten more upset over far less.

So, um, peeve away brother! I'm with ya!


Not just MilkShape 3D (3.50 / 4) (#33)
by jt on Tue Apr 08, 2003 at 12:25:15 PM EST

I've come across other programs that do this; I think that Tag&Rename is one.

Get a real OS (1.77 / 9) (#39)
by chupacabra on Tue Apr 08, 2003 at 12:40:46 PM EST

Toys break.

Too many skeletons in other peoples closets..

Where did that baby goat go?

Sure. ;) (5.00 / 1) (#41)
by Trystan on Tue Apr 08, 2003 at 12:43:44 PM EST

Point me to the Blender plugin that lets me decompile a Half Life model and I'll stay in Linux. ;)

Until then - just like everyone else - I have to use Windows for somethings.
[ Parent ]

And linux would solve this how (3.50 / 4) (#52)
by eht on Tue Apr 08, 2003 at 01:04:19 PM EST

Suppose the guy ported it to linux, and he hates openoffice and staroffice for whatever reason, you're working on a paper when you decide to take a break and load up this program and all of the sudden openoffice closes losing your work because this program kill -9'd it. Windows is no more a toy OS than linux/freebsd/cpm/warp is, I use windows for my desktop because it works best for me, I use FreeBSD for my firewall and server because it works best for me. Calling someone's OS a toy is a sure sign you haven't a clue what you're talking about.

[ Parent ]
Your OS is a toy /nt (1.25 / 4) (#54)
by jt on Tue Apr 08, 2003 at 01:15:30 PM EST

[ Parent ]
Simple (4.00 / 1) (#69)
by leviramsey on Tue Apr 08, 2003 at 03:11:56 PM EST

Yes, there's nothing stopping software like this from pulling these tricks the first n times before you figure out that it's kill -9'ing other programs. After that, however, you have a variety of means to prevent it from doing that. Windows (not even 2k or XP, afaik) lacks any way to do that.

[ Parent ]
Hmmm.... sure about that ? (4.00 / 1) (#74)
by Chep on Tue Apr 08, 2003 at 03:44:45 PM EST

Reading your post, I think there is a way to make Windows XP a copy-protection circumvention device.

Create a secondary user. Don't give it any privileges. Log in as that user.
Using the "fact user login change" thingy, log back in as administrator (normally, the secondary session remains on). Run regmon, keep it logging into a file.
Switch back to secondary. Run that milkshape thing.
Switch back to admin. Normally, there is no way a vanilla-user milkshape would have been granted the right to kill an administrator-owned regmon.
(It's possible OTOH, that regmon is blind to the other session's registry traffic. YMMV, I still don't use XP except in case of emergencies (in-laws begging for help)).


Our Constitution ... is called a democracy because power is in the hands not of a minority but of the greatest number.
Thucydide II, 37

[ Parent ]

Possible in Win2k and XP even easier (none / 0) (#109)
by ErikOsterholm on Wed Apr 09, 2003 at 02:10:36 AM EST

Hold left-shift (or left-control, I always forget which so I hold both down) and right click on an executable. You'll see "Run as" as an option. Choose it, and you can run the program as an administrator. Running Regmon like this should prevent it from being killed and there should be absolutely no problem with it seeing the registry. Of course this is just a solution to the symptom, not the actual problem.

[ Parent ]
yep, forgot about that one /nt (none / 0) (#113)
by Chep on Wed Apr 09, 2003 at 03:36:52 AM EST


Our Constitution ... is called a democracy because power is in the hands not of a minority but of the greatest number.
Thucydide II, 37

[ Parent ]

Sandbox it and debug it (5.00 / 1) (#75)
by czth on Tue Apr 08, 2003 at 04:01:14 PM EST

He could create a temporary user with minimal access, and run the program as that user (granted that can be done in Windows too - I think).

Also, a ptrace/strace type program could be used to see exactly what it's doing (not sure what sort of logging Windows lets you do at that level).

Finally - and I don't think Windows will let you do this at all - it may be possible to provide a wrapper to the program that intercepts the kill syscall and pretends to return success. (This is one of the main reasons Microsoft wants Digital Restrictions Management - a closed source OS is an OK barrier to people intercepting syscalls, but it's not bulletproof, and they think DRM will be.)


[ Parent ]

"May be possible" (4.00 / 2) (#76)
by czth on Tue Apr 08, 2003 at 04:11:18 PM EST

To offset attacks on "may be possible" as waffling/content-free - it is possible. If nothing else, you can always modify the kernel, but you probably don't need to go quite that far. It depends on how much effort you want to put in. Having hacked up a kernel module for a practical joke once, I'd do it if necessary.

Ooh... a little googling of freshmeat (heh) comes up with system call tracker. Is there such a utility for Windows?

(Flames for replying to own comment ignored....)


[ Parent ]

Yes (5.00 / 1) (#93)
by ghjm on Tue Apr 08, 2003 at 07:43:41 PM EST

There is an API call logger in Debugging Tools, which is a free download from Microsoft. It is available at: http://www.microsoft.com/ddk/debugging/

It took me 12 seconds on Google to find this. I could have done it faster but I sneezed halfway through.


[ Parent ]

Ah, but can it stop/intercept calls? (none / 0) (#131)
by czth on Wed Apr 09, 2003 at 12:30:45 PM EST

I assumed Windows had some debugger equivalent to ptrace, and wasn't that interested in finding out what it was called (I can use google too). I was only in doubt about whether it let you intercept system calls, which would be somewhat un-Microsoftly.

The syscalltrack program can match a syscall (e.g. "kill process X" "unlink file /path/to/Y") and suspend/kill/debug/log the process, or execute an action and return a specified value for particular calls (return "success" for any kill attempts, but don't kill anything), etc. Will the Windows debugging tools let you do the same? For any/all processes (as long as you have the Administrator permissions)?


[ Parent ]

Try Renaming Regmon.exe (4.00 / 1) (#44)
by n8f8 on Tue Apr 08, 2003 at 12:47:08 PM EST

Try Renaming Regmon.exe to somthing else and trying again.

Sig: (This will get posted after your comments)
Window title (4.00 / 1) (#51)
by mstefan on Tue Apr 08, 2003 at 12:58:26 PM EST

It sounds like it's looking for a specific Window title, so its either using FindWindow or EnumWindows to search for a matching title (or part of a title) among all of the top-level windows. Changing the executable's filename won't typically affect this (unless the program calls GetModuleFileName and puts it in the title).

[ Parent ]
Changing executable name does nothing. (4.50 / 2) (#56)
by Trystan on Tue Apr 08, 2003 at 01:20:52 PM EST

Running a program (my setup.exe, for instance) with a window title matching regmon's causes that program to shut down.
[ Parent ]
Then, hex-edit it (4.00 / 1) (#57)
by Chep on Tue Apr 08, 2003 at 01:21:05 PM EST

Use the dummy project to find a name with the same length as the frowned upon window title, which doesn't trigger the protection anymore, and then modify regmon's executable with a hex editor to change the window title. (the anti-virus might yell)

If the software in question checks both the window title and the module file name, well, rename regmon.exe as well.

Unless this program actually tries to detect regmon's tricks, it'll survive about 5 minutes.


Our Constitution ... is called a democracy because power is in the hands not of a minority but of the greatest number.
Thucydide II, 37

[ Parent ]

If you're going to get the hex editor out.... (4.80 / 5) (#61)
by squigly on Tue Apr 08, 2003 at 01:41:00 PM EST

Might as well search for the relevent string in the milkshape executeable.  That's the application that is misbehaving after all, and it's more interesting to look at what else it may be killing.

[ Parent ]
definitely (4.00 / 1) (#63)
by Chep on Tue Apr 08, 2003 at 01:50:41 PM EST

.... might be interesting to see also if they bothered to protect the integrity of the executable.


Our Constitution ... is called a democracy because power is in the hands not of a minority but of the greatest number.
Thucydide II, 37

[ Parent ]

Not that easy (none / 0) (#101)
by frankwork on Tue Apr 08, 2003 at 10:28:21 PM EST

They've evidently gone to some effort to conceal this:

[frank@localhost MilkShape 3D 1.6.5]$ strings * | grep -i registry
<vmpregistry version="1.0">

Descending into the VET, MTSDefaults, and skeletons directories doesn't bring up anything either.

[ Parent ]

oooh, .net stuff, I see now /nt (none / 0) (#112)
by Chep on Wed Apr 09, 2003 at 03:36:04 AM EST


Our Constitution ... is called a democracy because power is in the hands not of a minority but of the greatest number.
Thucydide II, 37

[ Parent ]

Definately Packing (none / 0) (#139)
by OneEyedApe on Wed Apr 09, 2003 at 02:44:17 PM EST

I'd say they are most likely using a packing program. file might be able to tell you what packer they are using.

[ Parent ]
err... no... (none / 0) (#123)
by pb on Wed Apr 09, 2003 at 10:37:13 AM EST

It looks like ms3d.exe uses some sort of executable packer, and it isn't obvious which one it is, but in any case, you won't be able to simply search for a string in the file without at least unpacking it first.
"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall
[ Parent ]
OK (none / 0) (#163)
by squigly on Sat Apr 12, 2003 at 06:49:23 AM EST

It was just a thought.

[ Parent ]
So, you gave them $275 to prove them wrong? (4.18 / 11) (#49)
by Filthy Socialist Hippy on Tue Apr 08, 2003 at 12:56:40 PM EST

Wow, I guess that showed them.  They won't be making that mistake again.

You're right, but at the same time, you're an idiot.  I'm torn with admiration for your tenacity, and scorn for your expectation that people are basically good rather than being basically bastards.

leftist, you don't love America, you love what America with all its wealth and power can be if you turn it into a socialist state. - thelizman

Why is this dumb? (3.00 / 1) (#92)
by Redoubts on Tue Apr 08, 2003 at 07:32:07 PM EST

He was responding to those people who thought he was trying to crack the program. It's not like he couldn't afford it, or that his kids are starving because of it.

[ Parent ]
The only "people" that matter (5.00 / 1) (#116)
by Filthy Socialist Hippy on Wed Apr 09, 2003 at 05:28:42 AM EST

Are the developers.  What's he going to do, keep giving them money until they cave in?

If he'd offered to purchase 11 copies if they removed the regmon killer it might have made sense.  Influence is bought with the promise of future reward.  You don't hand over the cash and then ask the question.

Damn fuzzy minded liberals.  You don't even understand how bribery works!

leftist, you don't love America, you love what America with all its wealth and power can be if you turn it into a socialist state. - thelizman
[ Parent ]

Heh. (none / 0) (#122)
by Trystan on Wed Apr 09, 2003 at 10:24:29 AM EST

I did offer that.  They responded with further accusations of me trying to steal it.

/me shrugs.

[ Parent ]

a scary link... (4.33 / 6) (#53)
by pb on Tue Apr 08, 2003 at 01:15:17 PM EST

Apparently there's a free program out there called ShareGuard that exists to "eliminate reverse engineering", and it does this by killing off other programs that it suspects of being used for reverse engineering.

Yup, sounds unethical to me. I'd like to mention that reverse engineering is perfectly legal; however, circumventing copy protection isn't (under the DMCA), and any sort of destructive or malicious behavior on the part of a shareware program shouldn't be either--I don't see how this "software" is any different from a trojan horse, where the payload involves killing off specific running programs.

So, shareware authors: if you want to protect your intellectual property, put a notice on your software outlining your policies on registration, and clearly state that cracking your software is illegal under the DMCA as it circumvents whatever cheesy copy protection scheme you have in place, like XOR encryption (don't laugh, I've seen it in commercial software products...) and therefore can pursue legal action; don't resort to vandalism, however, unless you want to get sued by your users instead.
"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall

DMCA doesn't apply everywhere (4.50 / 4) (#62)
by Chep on Tue Apr 08, 2003 at 01:48:59 PM EST

and the EUCD hasn't been transposed everywhere either, and there are also still plenty of places under the juridiction of neither.


Our Constitution ... is called a democracy because power is in the hands not of a minority but of the greatest number.
Thucydide II, 37

[ Parent ]

Getting around lack of a DMCA (none / 0) (#99)
by pin0cchio on Tue Apr 08, 2003 at 09:38:19 PM EST

How about this:
The disclaimer of warranty, the limitation of liability, and the prohibition of reverse engineering constitute the economic bargain through which the author can allow you to obtain a copy of the Software. If laws or regulations in effect in your jurisdiction do not allow you to enter into a binding contract that disclaims an implied warranty, limits the author's liability, or prohibits you from reverse engineering the Software, then you agree not to use the Software and to destroy all copies that you own.

Would that work?

[ Parent ]
No, that wouldn't work either (5.00 / 1) (#106)
by HoserHead on Wed Apr 09, 2003 at 01:04:33 AM EST

There are sane places which explicitly grant you the right to reverse-engineer, which also involves I believe invalidating any part of a contract or license which disallows this. The UK is one such place IIRC.

In such a place your hypothetical license would probably be read without the "prohibits you from reverse engineering" phrases. Of course, IANAL.

[ Parent ]

Then you can't use the Software (none / 0) (#132)
by pin0cchio on Wed Apr 09, 2003 at 12:47:00 PM EST

your hypothetical license would probably be read without the "prohibits you from reverse engineering" phrases.

Then why wouldn't it be read with the "you agree not to use the Software and to destroy all copies that you own" part?

[ Parent ]
First sale? (none / 0) (#162)
by squigly on Sat Apr 12, 2003 at 06:48:18 AM EST

Or whatever the equivalent is in the local legal system.

You can't use copyright law to force people to destroy legally acquired copies, or to prevent people from using the software.  

[ Parent ]

Check out Blender (3.00 / 3) (#55)
by Sze on Tue Apr 08, 2003 at 01:19:09 PM EST

When I was in a similar situation, I went looking for free/low-cost alternatives. I found Blender, an open source, multi-platform, free, and well-supported program. It couldn't do what I needed at the time, but I'm thinking (now that you reminded me) that I should go back and see how far they've come. AFAIK, there's a way to read .3ds files into Blender.

Blender also doesn't decompile Half Life models. (4.33 / 3) (#64)
by Trystan on Tue Apr 08, 2003 at 02:18:18 PM EST

My primary use for MS3D.

I've got 2.2.5 here. :D  Sweet program though.  But I'm more a programmer than a modeller.  My models are.. lacking. ;)
[ Parent ]

Lacking? (none / 0) (#149)
by arose on Wed Apr 09, 2003 at 08:39:34 PM EST

Meybe you are just lacking the right modeller, try Wings 3D.
Dzīvot ir kaitīgi, no tā mirst.
[ Parent ]
So what? (3.33 / 3) (#68)
by zipper on Tue Apr 08, 2003 at 03:00:06 PM EST

Protection schemes have used tricks to get around disassemblers and debuggers (notably Softice and w32dasm) for ages. Why is this news, and why should I care?

The correct response here is to complain to the developers, ask for a refund, ask for help... If you were so unhappy about it, why did you buy 10 more copies?

This account has been neutered by rusty and can no longer rate or post comments. Way to go fearless leader!
A Pity (4.80 / 5) (#71)
by Cloaked User on Tue Apr 08, 2003 at 03:17:21 PM EST

I've recently started using Milkshape, as I've been teaching myself DirectX in my spare time. I needed a way to create appropriate models, so I googled and found it.

It's worked great so far - although clearly not "commercial quality", it certainly sufficed for my needs, at least so far (I'm hardly a pro, and have only been using it for a couple of weeks). In fact, come payday, I'd have been registering it, if it weren't for this.

I fully understand the desire to create and protect a revenue stream. I'm a professional programmer, and appreciate that I am lucky to get paid to do something I enjoy. (Yeah, my job sucks at times, and no, I don't necessarily get to do what I want, but it's not bad, all things considered.) What I can not and will not support, however, is this sort of thing. When I install and run software on my PC, I expect it to manipulate its environment - that's the nature of software. However, I do not expect it to shut down other software simply because it dislikes it. Had I seen that in an EULA, I probably wouldn't have installed it. As it is, I have not been informed - there is no agreement that this can happen, even implied.

In fact, here in the UK, there might be a case for that sort of behaviour being illegal. As far as I am aware, the Computer Misuse Act makes it an offence to use computing resources without authorisation. While it's a stretch, I did not authorise it to shutdown regmon; that might qualify as "unauthorised use" of my computer.

Whatever, whether legal or not, it's certainly not moral. Oh well, back to google it is, then.
"What the fuck do you mean 'Are you inspired to come to work'? Of course I'm not 'inspired'. It's a job for God's sake! The money's enough and the work's not so crap that I leave."

Blender (none / 0) (#154)
by gte910h on Thu Apr 10, 2003 at 05:33:50 PM EST

Now I have only looked at bit at it, but isn't blender GPLed and pretty powerful? I know it works to make animations, but I haven't really tried too much on the import/export field of models.

[ Parent ]
Yes and no. (none / 0) (#155)
by WWWWolf on Fri Apr 11, 2003 at 12:27:50 PM EST

Blender is very good and I really really love the interface, except that at the moment the import/export facilities are pretty nonexistent.

Blender supports scripting - it would be possible to make some script to load or save models. Or, it would be possible to make an external tool to import/export Blender files or some format other it does support (I suspect VideoScape3D is too damn simple to be used as an intermediate format for Half-Life models though).

I certainly hope I will one day get started with the NeverBlender (Bioware .mdl import/export script =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...

[ Parent ]
"While it's a stretch..." (none / 0) (#170)
by Gromit on Tue Apr 22, 2003 at 04:32:50 AM EST

As far as I am aware, the Computer Misuse Act makes it an offence to use computing resources without authorisation. While it's a stretch, I did not authorise it to shutdown regmon; that might qualify as "unauthorised use" of my computer.
Frankly, it doesn't sound like a stretch to me. Sounds like a perfectly straightforward application of the law, if it's as you describe it.

Software authors (and I am one) need to respect the limits of what they are allowed to do with users' machines, and must inform users of what their software is going to do if it is at all unusual and especially if intrusive. It's not okay to shut down other programs because you think they may be used to "hack" your program. I may well have perfectly legitimate reasons for running regmon which have nothing whatsoever to do with running Milksop or whatever it is.

"The noble art of losing face will one day save the human race." - Hans Blix

[ Parent ]
List of such programs? (4.00 / 1) (#78)
by jt on Tue Apr 08, 2003 at 04:24:12 PM EST

Anyone know if a list of programs that do this exists anywhere?  I've heard the term 'malware' bandied about, but I don't recall if anyone took it upon themselves to compile a list of 'malware'...  if none such list exists, I'd be up for it.

Here's one (4.00 / 1) (#135)
by hardburn on Wed Apr 09, 2003 at 01:31:39 PM EST


malware list on Google should bring up a lot of other results, too.

while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }

[ Parent ]
Ok, let's get geeky (3.00 / 2) (#79)
by Silent Chris on Tue Apr 08, 2003 at 04:48:14 PM EST

Did you actually run a process-management tool to check if the program was actually shutting down the other program?  Could it be that starting program 2 crashes (not closes) program 1?  

For example, I'm messing around with the Office 2003 beta.  One bit of bizarre behavior I've come across is installing Publisher 2003 disables calendar, contact and task syncing on my Pocket PC.  I've tested this -- no other program install in the suite does this.

So, am I to believe MS created a program that deliberately breaks another of their programs (that aren't even in the same software category)?  Of course not.  It's an atypical (or typical, depending on your viewpoint of life) problem where a program will render another useless.

Before going nuts on the non-EULA'd program, I'd take a second, closer look to see what exactly it's doing.  By the way, I never hand out any EULA in my programs.  Part of this is laziness, and part of this is because I don't agree to any of the major licensing schemes.  That doesn't mean my program has a right, or will, go haywire over your computer.

Yes, let's (4.25 / 4) (#81)
by ephelon on Tue Apr 08, 2003 at 05:49:09 PM EST

The author of this story has both created an nonfunctional program with the same window caption, and changed the window caption of the regmon program.  He found that his empty program got shut down, and the actual program with an altered caption did not get shut down.

Seems pretty clear to me.
-- This is not my home; the cats just let me stay here.
[ Parent ]

Again, though, no solid evidence (1.50 / 2) (#85)
by Silent Chris on Tue Apr 08, 2003 at 06:43:33 PM EST

That's proving that the second program, regardless of its contents, gets closed as long as it has a certain name.  That much I believe.  However, that still doesn't verify that the first program is deliberately closing the second, or is just inadvertantly crashing the second.

For example, I can write a demonstration program that will "inadvertantly crash" whatever windows have "Explorer" in their title.  It would crash all programs with that title, regardless if they're actually part of Windows Explorer.  If I say, however, that this wasn't the intended behavior (and for whatever reason, I really didn't think it would happen) that absolves me of some guilt.  It's like the difference between unintentional and premeditated manslaughter.

That's not to say any of this is good code practice.  It's not.  A good program crashes nothing: not the OS, not other programs, not itself; just as a good driver doesn't kill anyone on the road.  Accidents happen.

[ Parent ]

No evidence? (5.00 / 5) (#90)
by Crono on Tue Apr 08, 2003 at 07:29:25 PM EST

"Registry Monitor - Sysinternals: www.sysinternals.com" is a rather distinct string. And crashing a window with a set title is a rather difficult thing to do accidently. How do you think this might happen "naturally" ie, from a bug? Honestly, this sounds like premeditated manslaughter. Oh, and to my knowledge manslaughter can't be premeditated or its murder.

[ Parent ]
Ok, here's a (dumb) example (1.00 / 2) (#97)
by Silent Chris on Tue Apr 08, 2003 at 09:27:42 PM EST

I'm writing the 3D program.  I decide everytime it's loaded, I'll be stupid and initiate a shell open command on a URL on my website.  This will tell my website that that IP is using the software.  In the process, I don't want the user to know, so I spawn an invisible window going to the URL and quickly tell the system to kill it.

Dumb?  Definitely.  But bad code is bad code.  It's still not "wrong", though.

[ Parent ]

Example for what purpose? (3.00 / 2) (#117)
by Crono on Wed Apr 09, 2003 at 07:52:11 AM EST

Why would you name your invisible window "Regmon - etc, etc" and not something more discreet?

[ Parent ]
You're not getting it (1.00 / 2) (#120)
by Silent Chris on Wed Apr 09, 2003 at 09:43:26 AM EST

The window in question reads "Registry Monitor - Sysinternals:  www.sysinternals.com".  What if my program spawns an invisible URL window, then tells the system to close anything with ".com" in the titlebar (I meant to close, but end up closing others).  Admitally, like I said, dumb code.  But inadvertant.

[ Parent ]
Okay, Ha got me. Far fetched, but a possibility. (none / 0) (#150)
by Crono on Wed Apr 09, 2003 at 11:29:13 PM EST

[ Parent ]
Slightly more realistically (none / 0) (#161)
by squigly on Sat Apr 12, 2003 at 06:44:28 AM EST

The software detects a monitoring utility.  It decides to close itself.  Because of a muddle with pointer names, and a really bizarre wasy of detecting other windows, it closes the other window rather  than itself.

Still seems a bit of a stretch.  

[ Parent ]

I can confirm this (5.00 / 4) (#86)
by Cloaked User on Tue Apr 08, 2003 at 06:46:34 PM EST

I have Milkshape 3D, trystan's dummy program, and regmon all installed at the moment. Both regmon and trystan's do nothing code are shut down if running on start up and shut down of Milkshape.

Also, I altered trystan's code, so that the created window had a different title (just the word "TEST"), and repeated the test. The window remained open during start up and shut down of Milkshape.
"What the fuck do you mean 'Are you inspired to come to work'? Of course I'm not 'inspired'. It's a job for God's sake! The money's enough and the work's not so crap that I leave."
[ Parent ]

So what are you verifying? (1.00 / 3) (#88)
by Silent Chris on Tue Apr 08, 2003 at 06:49:49 PM EST

That the author is right or wrong?

[ Parent ]
that the author isn't deliberately lying? (none / 0) (#105)
by Prophet themusicgod1 on Wed Apr 09, 2003 at 12:05:34 AM EST

he's repeating an experiment, and the same results occur. this means there is a causal relationship, although as posted above in this thread, what exactly is going on is yet unclear [but it definitely has something to do with MS3D and the Reg tools...]
"I suspect the best way to deal with procrastination is to put off the procrastination itself until later. I've been meaning to try this, but haven't gotten around to it yet."swr
[ Parent ]
So don't allow it! (none / 0) (#95)
by jovlinger on Tue Apr 08, 2003 at 08:15:16 PM EST

Why should you allow one program to shut down another program? Just run the ill-behaved program as an unpriveledged user, and it should be unable to do anything to the observing program.

Alternately, run the observing program as superuser.

[ Parent ]

At first I wondered about crashing... (4.50 / 2) (#83)
by NoMoreNicksLeft on Tue Apr 08, 2003 at 06:08:01 PM EST

But after having read his rant, if it closes a window with that title no matter what the actual executable is, then that rules out any sort of crashing I could think of.

ALso, consider that he's not claiming that it shut down his palmpilot sync software, but a debugging/monitoring app.

Still, he could be a fool or a liar... but for now, he has the benefit of doubt from me.

Do not look directly into laser with remaining good eye.
[ Parent ]

IANAL (3.50 / 2) (#80)
by suntzu on Tue Apr 08, 2003 at 05:38:03 PM EST

so it'd be nice if one could comment on this idea. but...

i was always under the impression that the majority of EULA's served the purpose of disclaiming any implied warranties of merchantability. that is, EULA's are included to exculpate the software vendor/creator from any consequences that involve it fucking up your system. so, would it stand to reason that not including a EULA actually leaves the implication that the software is of a certain quality, since all merchandise is legally required to do what it says it will do unless explicitly disclaimed? it seems that it would, but i could be wrong. it'd be nice to get an expert opinion on this.

No idea why they bother (none / 0) (#160)
by squigly on Sat Apr 12, 2003 at 06:42:24 AM EST

I mean warnings and disclaimers aren't that strong in a legal setting.  "Warning - Brakes may fail" on a car would not excuse the manufacturer for a design flaw that caused the brakes to fail.  Working brakes is something that a typical person would expect of a car.  

Of course, if it said "Maximum capacity 2 tons", then I guess it's would be unreasonable to sue the manufacturer if the car broke when this load was exceeded.  Since I'm no legal expert, I'm not sure how accurate this is, but it sounds right.

[ Parent ]

Flamewar (4.00 / 3) (#84)
by CaptainSuperBoy on Tue Apr 08, 2003 at 06:19:53 PM EST

Well.. I looked at the forum and your post there was a little inflammatory. The responses you got were un-called for but not surprising. People just don't like it if you come into their community and start making accusations, even if they are true. What happens when a first-time K5 poster writes a meta article on how to fix the mod queue? They get flamed. It happens.

jimmysquid.com - I take pictures.
little??? (5.00 / 1) (#89)
by needless on Tue Apr 08, 2003 at 07:25:12 PM EST

I think you're being a bit easy on him.

Trystan Said:

You're a fucking idiot.
You're a fucking clueless idiot.
People that think like you do are inanimate objects. You are mindless, clueless fucking morons.
Now take your attitude and fucking shove it.
GOD DAMN why is this pissing me off so much? You know what you make me want to do? You make me want to put a 7.62 into another person's fucking skull you fucking moron.

Wondered why he didn't link to the forum post mentioned... ;-)

[ Parent ]
Heh (none / 0) (#91)
by CaptainSuperBoy on Tue Apr 08, 2003 at 07:31:05 PM EST

Yeah, I only read his first post. I guess it just goes downhill from there.

jimmysquid.com - I take pictures.
[ Parent ]
Hold on now (3.00 / 3) (#104)
by Mr.Surly on Tue Apr 08, 2003 at 11:33:21 PM EST

Your use of ellipses takes his statements out of context

Certainly the manner of his comments (threats, language, personal attacks) aren't apprpriate, but indeed the person he's referring to is an idiot.

Essentially, he spelt out in his initial post that he had paid for the software, and the person he is calling an idiot accused him of trying to pirate the software.

In the case of this one particular comment, he's not that far out of line.

[ Parent ]
Yes... (5.00 / 1) (#136)
by needless on Wed Apr 09, 2003 at 01:32:47 PM EST

While that individual may have been an idiot, there are more sane ways to deal with such an person. My point is that if you're complaining about people being rude, and then act like that, you really have no justification. Anyway, my use of ellipses was not to quote him out of context (I did provide a link that displays the quoted text he's replying to), but to give a little buildup to the mac daddy of his statements regarding putting bullets into people's skulls.

Sorry, but that's a little creepy.

[ Parent ]
In that case ... (none / 0) (#141)
by Mr.Surly on Wed Apr 09, 2003 at 03:51:43 PM EST

From a 'demonstration of creepiness' standpoint, you're spot on.

[ Parent ]
Another thing to check (4.00 / 2) (#87)
by Silent Chris on Tue Apr 08, 2003 at 06:48:14 PM EST

Along with my other post, I've thought of one other thing to check before jumping to your conclusions:

Try running the two programs at different privledge levels.  First, turn auditing on for your Windows security log.  Next, run the monitor utility as, say, an Administrator, and the 3D utility as a regular user.  If the 3D utility is actually trying to close the other program, you should get faults in the security log.  Moreover, you might get an actual error on-screen ("Process 3d.exe is attempting to close higher-level process monitor.exe", or something to that effect).  Either way, I'd still be really surprised if this is deliberate on the part of the 3D program.

I'd be surprised if it isn't (4.50 / 2) (#110)
by Ranieri on Wed Apr 09, 2003 at 02:38:08 AM EST

Either way, I'd still be really surprised if this is deliberate on the part of the 3D program.

Given the evidence presented here, including the confirmation by other people, I would be very surprised if it's not deliberate.

One thing to consider is that this is quite a common practice in malware. In a dark and distant past, i have tried my hand at some of the dark arts myself, the self-replicating kind. I can assure you that detecting and shutting down TSR scanning software and deleting checksums was a major part of basic survival strategy back in the first half of the nineties.

For the textbook introduction to messing with other software, i suggest you go to this source archive and look at the commented disasm for the lockjaw virus.
Taste cold steel, feeble cannon restraint rope!
[ Parent ]

You're correct, but I think you're overreacting (3.00 / 2) (#94)
by Eater on Tue Apr 08, 2003 at 08:10:07 PM EST

MilkShape is a great program, and for this reason it is understandable that many of the people on their forums, many of whom probably didn't bother to test your claims, would be angered by what you were saying. Perhaps a better course of action would be to e-mail your objections to this to the program's author (perhaps you could also ask him about why your key is not working). After all, when it comes down to it, MilkShape is a business, and a business has no interest in such information about it getting out.
As for the issue of software manipulating data on your computer, closing applications, and so on, I think this is more of a client-side security issue. After all, tools like firewalls already exist to prevent software from contacting a server over the internet without the user knowing. Perhaps it is time for wider use of software the blocks programs from messing around with stuff on your computer, other than empty space or files directly pertaining to that program (of course, such files would need to be defined). I'm not entirely sure, but I believe some form of this already exists...


filemon and regmon, d'oh! [n/t] (none / 0) (#115)
by maluke on Wed Apr 09, 2003 at 05:23:00 AM EST

[ Parent ]
They only monitor it... (none / 0) (#144)
by Eater on Wed Apr 09, 2003 at 06:28:52 PM EST

I don't think filemon or regmon can actually be used to BLOCK a program from interacting with another program.


[ Parent ]
Pretty basic (3.20 / 5) (#96)
by der on Tue Apr 08, 2003 at 09:00:21 PM EST

This is a simple example of why proprietary software is a Bad Thing(TM).

Go ahead, make a descent rebuttal. Flames and anything containing the word "zealot"; keep to yourself.

Re (5.00 / 1) (#98)
by djotto on Tue Apr 08, 2003 at 09:29:06 PM EST

Argh. Can't help myself.

Commercial software offers us Maya, 3D Studio Max, etc. while the Free movement offers us Blender (originally a commercial codebase) and POVRay (last updated 1972).

Maybe your blanket assertion that "proprietary software is a Bad Thing" is a little simplistic?

[ Parent ]
Totally irrelevant (none / 0) (#100)
by der on Tue Apr 08, 2003 at 09:47:16 PM EST

I never said the functional quality of every piece of proprietary software is bad, nor that every piece of Free software is functionally great. That would be a retarded statement to make (as would the opposite).

You don't know that those programs you mentioned aren't scanning your data for personal information (say, credit card number) and sending it to the company's database for later exploitation. Or maybe even randomly closing programs (like the article), or deleting YOUR data. And that is "what is wrong" with proprietary software.

(No, I'm not saying these programs ARE doing that. But they COULD be.)

P.S. Commercial != Proprietary.

[ Parent ]
thats absurd. (none / 0) (#140)
by ph0rk on Wed Apr 09, 2003 at 02:52:08 PM EST

Do you read and understand every line of every piece of open software you use?

I agree that having it open helps, lots of eyes and all that, but few people if any go through every line of code on every system they run with a fine-toothed comb.

[ f o r k . s c h i z o i d . c o m ]
[ Parent ]

However, (none / 0) (#166)
by Happy Monkey on Mon Apr 14, 2003 at 12:51:25 PM EST

With OSS, if you notice something suspicious going on, you can track it down in the source, and remove it.
Length 17, Width 3
[ Parent ]
Nope. But someone somewhere does. (n/t) (none / 0) (#168)
by der on Thu Apr 17, 2003 at 08:21:58 AM EST

[ Parent ]
I agree, but POV-Ray... (none / 0) (#137)
by gilrain on Wed Apr 09, 2003 at 01:35:21 PM EST

I don't know why you think POV-Ray hasn't been updated in decades. POV-Ray 3.5 was released in July of 2002, and the next release is being worked on constantly as new bugs are found and new features put forward.

POV-Ray is still widely recognized as one of the most physically accurate raytracers available. If you are interested in seeing some recent work done in POV-Ray, I recommend checking out the Internet RayTracing Competition (http://www.irtc.org) which is run every month.

Next time you want to make a claim about POV-Ray's status, please take the time to visit http://www.povray.org and get the latest news on development.

[ Parent ]

LOL - "descent rebuttal" (none / 0) (#169)
by Gromit on Tue Apr 22, 2003 at 03:37:02 AM EST

Brilliant take on what frequently happens to the level of discussion...

(Not following me? descent)

"The noble art of losing face will one day save the human race." - Hans Blix

[ Parent ]
We trust software way too much (4.00 / 3) (#102)
by QuantumG on Tue Apr 08, 2003 at 10:59:59 PM EST

Basically we shouldn't trust anything we download. It's not even very good to trust stuff you have compiled yourself (even if you inspected the code) because you still need to trust your compiler and you need to trust yourself not to have missed anything important. Personally, I would have asked for a refund for Milkshape and demanded that they remove the feature before I went and blabbed to The Register.

Gun fire is the sound of freedom.
Yep.. (3.00 / 2) (#107)
by cooldev on Wed Apr 09, 2003 at 01:39:02 AM EST

It looks like they play some tricks to make it harder to stick a debugger on it, but I found it does explicitly does a FindWindow on both FileMonClass and RegMonClass (and, in the same code, OWL_Window.)

I didn't bother investigating further; I'm not out to help anybody crack this. Looks like a decent shareware program on the surface, well worth $25. (Although I already own Lightwave, so MS3D is... DELETED!)

You should have tempered your responses in the forum, the partipants were understandably upset, but you're spot on that if software is going to do that kind of stuff it should disclose it up front. BTW: Aside from crufty EULAs, in an ideal world how do you think apps like this should disclose what they do on your system (or whether they have zero impact)?

Disclosure of Actions (none / 0) (#124)
by Cheetah on Wed Apr 09, 2003 at 10:43:30 AM EST

BTW: Aside from crufty EULAs, in an ideal world how do you think apps like this should disclose what they do on your system (or whether they have zero impact)?

From my perspective, the well-behaved thing to do is, if it detects certain undesirable applications running, to just pop up a window and say something like "This program will not run if reverse engineering tool FOO is running at the same time. Please close FOO if you wish to use this program."

That would achieve the ends of the author and still be well behaved.

And, as an aside to the original story author, why the hell when the code didn't work the first time didn't you just send a response back saying "Hey man, this didn't work, what's going on?" or such? Even if the software author is an ass when it comes to not wanting people to reverse engineer the software, he/she's not likely to be an ass when it comes to someone who just bought the software being unable to get their key to work.

[ Parent ]

CloneCD does this as well (4.50 / 2) (#108)
by gusnz on Wed Apr 09, 2003 at 01:49:22 AM EST

Sometime last year I was playing around with my new CDRW drive, and had heard nice things about CloneCD. A bit of background -- this was on a Win98 box that hadn't been reinstalled for several years, and had a LOT of cruft in the registry, and the objective was to back up some game CDs to take flatting (where I am now, as I don't want to take the originals travelling hundreds of kilometres).

The trial version took ages to start up. Curiously, I fired up RegMon. Even more curiously, CloneCD shut it down immediately as it started. What I saw it doing (in the brief interval RegMon was running) was scanning through essentially all of HKEY_CLASSES_ROOT (the cause of the delay). I assume this was because somewhere in there it keeps its initial install date.

So, is this fair? It's hard to say; it would be relatively simple to run RegMon and find out exactly where in the registry a program keeps its initial install date, and delete that to run shareware past its 30-day trial period. CloneCD, in this case, is employing a double-barrel approach -- scan through thousands of keys to make manual discovery unlikely, and also shut down the watching programs.

On the other hand, anyone competent enough to monitor the registry would have little trouble locating fake serial numbers, binary cracks, or similar warez to run their software, so it probably deters a very limited audience from keeping the software. I guess it's probably not worth the hassle and legal problems for programmers to shut down random running applications at will.

Since then I've reinstalled Windows and (having just checked) the startup time is much improved. However, as the article author says, this kind of activity is suspicious. I guess the copy of Nero that came with my drive is, after all, a pretty decent burner...

[ JavaScript / DHTML menu, popup tooltip, scrollbar scripts... ]

Tread lightly in this kind of situation... (4.85 / 7) (#111)
by coderlemming on Wed Apr 09, 2003 at 03:24:56 AM EST

First things first: I totally agree with you. You're right; this is not the kind of behavior we expect from software, and it is completely unethical without any kind of disclosure. I'm on your side.

But I think this episode can teach us all something important: even when you're justified, people tend to go on the defensive when they see righteous anger. I read your story... and I thought, wow, this is an important issue. And I also thought, hey, if this was in the moderation queue, I'd say something like this:

    -1 step back, relax, resubmit

    You have a reason to be angry, but it's getting in the way of communicating your story. I'd like your story a lot better if it didn't sound like a crusade. If you tone it down, but still get across the relavent information, you'll get a +1 FP from me.

Also, a point some people have made: you might have done better to go to the developers first. Make sure there's no misunderstanding. See if they'll change their ways to avoid you coming to the public. And if they won't, by all means, let them have it, get the story out here on kuro5hin.

The point is: you have been wronged, and the developer of this program has behaved unethically. However, you kind of went nuts on that bulletin board, and in my eyes, that hurt your position with the users of the program a lot. It's not easy to do, and I'm not necessarily sure I can fault you for how you acted (you were quite justified in being angry) but in a situation like this, it's really important to consider just how your audience might feel about your post, if they're not of the exact same mindset as you.

Then again, those bulletin board users weren't angels either. They really did ignore you, and they did challenge your honor, with no logical basis. But consider: you challenged the honor of the author of their program, first.

Go be impersonally used as an organic semen collector!  (porkchop_d_clown)
then recompile filemon, regmon (3.33 / 3) (#114)
by tetrode on Wed Apr 09, 2003 at 03:46:52 AM EST

the source is available from sysinternals, and change the window title

________ The world has respect for US for two main reasons: you are patriotic, you invented rock'n'roll (mlapanadras)

You missed the point (none / 0) (#128)
by whitemagic on Wed Apr 09, 2003 at 12:25:05 PM EST

There are plenty of things that he could do, but the point of the article is that the software is doing things that it should have no permission to do.

The more I see this sort of malicious behaviour, I wonder whether running each application in a configurable sand-box would be an idea. Basically you decide whether the application has permission to use a file or a socket and what actions it is allowed to do.

[ Parent ]

Missing the point (none / 0) (#151)
by tetrode on Thu Apr 10, 2003 at 04:49:13 AM EST

My comment was made out of my technical backgroud, just to work around the problem. You are right, the application is doing things that is should not do.

This is one example of many. Like media player silently stealing extensions from winamp? MSN serving corrupted pages to Opera?

It is good that he published it.

________ The world has respect for US for two main reasons: you are patriotic, you invented rock'n'roll (mlapanadras)
[ Parent ]

Use Blender (2.50 / 2) (#118)
by salsaman on Wed Apr 09, 2003 at 07:59:10 AM EST

Why not just use Blender instead ? It's free (as in beer and speech), and is a pretty well respected product.

read the article. (5.00 / 1) (#127)
by pb on Wed Apr 09, 2003 at 11:39:08 AM EST

All this guy wants to do is decompile Half-Life modules, which Blender doesn't do. In any case, he explains it in the article, and already has replied in the comments to other people saying inane things like "Use Blender" / "Use another OS" / "Use XXXXX" / blah blah blah. But hey, maybe you missed that.
"See what the drooling, ravening, flesh-eating hordes^W^W^W^WKuro5hin.org readers have to say."
-- pwhysall
[ Parent ]
It's not just about that (none / 0) (#159)
by squigly on Sat Apr 12, 2003 at 06:32:21 AM EST

It's about the bad way the software goes about what it does as well, and the fact that this is not mentioned anywhere.

Sure, you can use Blender, and it is nice that competition has an aspect of limiting impolite behaviour, but it would be nice to know beforehand that there was a reason not to use Milkshape.  

The "correct" thing to do is simply for the application to close (with an error box explaining why)

[ Parent ]

My favorite copy protection (3.50 / 2) (#121)
by hardburn on Wed Apr 09, 2003 at 09:57:37 AM EST

Most copy protection schemes are just stupid, but there are a few out there that astound me for their technical simplicity.

My first favorite was SpiriDisk (sp?) on old Apple II machines. Instead of the normal floppy disk layout, it played with the internals of the Apple's hardware to write the disk in a spiral. This had a side effect of boosting i/o performance, too.

My second favorite is the GameCube, which is brilliantly simple: the disk runs in the opposite direction of every other DVD/CD player on earth. I'm sure someone will eventually hack their own DVD player to get around it, but I enjoy this scheme on its own merits.

while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }

It's not that simple of a hack (none / 0) (#146)
by scheme on Wed Apr 09, 2003 at 07:29:48 PM EST

My second favorite is the GameCube, which is brilliantly simple: the disk runs in the opposite direction of every other DVD/CD player on earth. I'm sure someone will eventually hack their own DVD player to get around it, but I enjoy this scheme on its own merits.

Actually it's bit more difficult to modify a dvd player than just switching the direction of the motor. Since dvds are written in a spiral like cds, you'll need to change the electronics to switch the direction of the tracking as well.

"Put your hand on a hot stove for a minute, and it seems like an hour. Sit with a pretty girl for an hour, and it seems like a minute. THAT'S relativity." --Albert Einstein

[ Parent ]
nips - clever but not new (none / 0) (#152)
by akadruid on Thu Apr 10, 2003 at 11:18:29 AM EST

Actually this is not an invention of the GameCube. A company I used to work for has had a phone system for years that used a CD player like this for it's 'on hold' music. The excuse was that playing regular CDs was illegal, due to lack of public broadcast license. I guess it was actually an excuse to sell CDs for 10 times the regular price.

[ Parent ]
It's a popular technique (none / 0) (#158)
by squigly on Sat Apr 12, 2003 at 06:26:46 AM EST

the disk runs in the opposite direction of every other DVD/CD player on earth.

Apparently there are reverse spin CD players - expensive ones for commercial establishments (bars and restaurants) which allow the company to play the music they have licenced, but do not allow the staff to swipe CDs, or bring their own music and play that.  

This is a bit of a problem for other consoles though.   People like them to be compatible with existing CDs (and DVDs in the case of X-box and PS2).  GC owners seem to only be interested in games for whatever reason.

[ Parent ]

My favourite (none / 0) (#167)
by chrisseaton on Wed Apr 16, 2003 at 07:27:56 PM EST

I once came across a piece of shareware that had a registion.ini file with "registered=false" in it.

[ Parent ]
MilkShape3D was shutting software down on my compu (2.07 / 13) (#125)
by turmeric on Wed Apr 09, 2003 at 10:44:28 AM EST

oh my god , someone call the fucking cops! what gives those fuckers the right to do that to you! ...

actually ill tell you what gives them the right. they were pre-empting your piracy. sure, you in particular were a civilian. you are collateral damage in the war against privacy. so shut up and sit down because we all regret unnecessary loss of your control-freak grip on every atom of your system, but keep in mind this whole thing is to liberate the programmeri people

Sheesh.... (1.00 / 2) (#142)
by khilghard on Wed Apr 09, 2003 at 04:53:33 PM EST

Some people are so un-intelligent... like yourself... it's amazing you can logon to a web-site.

"God gave us memories, that we might have June roses in the Decembers of our lives." -James Barrie

[ Parent ]

Some people don't understand sarcasm... (none / 0) (#147)
by loucura on Wed Apr 09, 2003 at 07:32:19 PM EST

[ Parent ]
Sarcasm eh? (none / 0) (#165)
by Sebb on Sun Apr 13, 2003 at 07:52:52 PM EST

No really, turmeric is just a twat.
'An asshole on the internet is an asshole in real life'
[ Parent ]
haha quite funny! (n/t) (none / 0) (#143)
by r1chard on Wed Apr 09, 2003 at 06:19:00 PM EST

[ Parent ]
And this is one good reason for OSS (4.50 / 2) (#129)
by Alhazred on Wed Apr 09, 2003 at 12:28:14 PM EST

As someone else pointed out. Why would anyone bother to have closed source software on their system when you have no idea what its going to do there? As long as developers have this mentality they can just suffer with getting NO return for their work (in dollars at least).

I guess my other response is 'why run an OS that has such poor security designed into it that it lets this kind of thing happen and you can't stop it?' Granted that even in Linux one program can signal another, but I can easily run my debugger or whatever as root and lets see some user level program mess with it... If it can then its a serious  problem and will get patched right quick!
That is not dead which may eternal lie And with strange aeons death itself may die.

Windows XP too (4.00 / 1) (#133)
by Eccles on Wed Apr 09, 2003 at 12:48:40 PM EST

Granted that even in Linux one program can signal another, but I can easily run my debugger or whatever as root

In Windows XP, you can right-click an app or shortcut to do "Run as...", and then run it with administrator privileges. Granted, lots of Windows stuff isn't designed to work with anything less than root privileges, but that might help with some of these problems.

In the long run, though, I'm more optimistic about seeing a truly secure Linux, with access controls for everything, and the ability to "bluff" programs as to what privileges and access they have.

[ Parent ]
To me this seems like an agrument for open source. (4.00 / 1) (#130)
by steveftoth on Wed Apr 09, 2003 at 12:29:19 PM EST

Software in it's current state is like playing with fire, eventuatly you will get burned.

Unless you can see the source and compile it yourself you can't be sure that the code won't have some sort of trojan in it.  There is no security built into the APIs that we use today.  Win32 has almost zero security features, users are left to the mercy of the programmer.  

The only system that I know of that has any code level security features is Java.  It allows the user to run programs in nice sandboxes that don't allow the programs to make unauthorized changes.  Like modifying files, making network connections and other nasty tricks that all programmers use to copy protect their software (boot record, CD-ROM, etc).  

You could probably add some functions to restrict the ability of user programs to call functions, shut certain ones off for processes, so that Milkshape couldn't call the functions required to shut down other programs.  

As users we just have to trust our software implicitly.  There are some technical solutions that can prevent abuses that should be taken, but just like in real life sometimes you just have to trust that the guy next to you won't just stab you in the back on the subway.

Other "sandboxes" (none / 0) (#134)
by hardburn on Wed Apr 09, 2003 at 01:06:04 PM EST

JavaScript is also sandboxed. Theoretically, any language that runs in the JVM can be sandboxed (and there are other languages that compile down to Java bytecode other than Java, though I'm too lazy to find the link to them right now).

Perl has 'taintmode', which is designed to stop you from doing stupid things (like opening a file based on user input). It's not as full-featured as the Java sandbox, but Perl isn't meant to be downloaded in an applet and run on a foreign system, either.

while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }

[ Parent ]
And even other sandboxes... (none / 0) (#138)
by azul on Wed Apr 09, 2003 at 01:47:24 PM EST

As has been pointed out, there exist interpreters for languages other than Java including sandboxes.

Another approach to sandboxing is to perform it at the kernel level by restricting the execution of system calls.  This has been implemented in GNU/Linux and BSDs (see ``systrace policies'').  This has the following advantages:

  1. It is not restricted to a single language; it can be used for programs specified in any languages.
  2. You don't need access to the source code of your programs (granted, there are other bytecode-based approaches such as Java's that don't require access to the sources).
  3. As the blocking is implemented at the system-call level, it tends to be much easier to audit for security problems (since it is much simpler).
You might want to check out an article on the topic that I wrote with Juan Pablo Morales (including code implementing one such approach in Linux 2.4).

[ Parent ]
The problem with unix apis... (none / 0) (#145)
by steveftoth on Wed Apr 09, 2003 at 07:29:44 PM EST

is that most programs are not designed with security in mind.  So that if you were to implement this and use it to stop programs, a lot of programs would stop working correctly.  Because they don't know how to fail gracefully.

Or did you not encounter that problem?  That's just what I see as wrong with that approach.

[ Parent ]

Uh (none / 0) (#153)
by azul on Thu Apr 10, 2003 at 12:40:04 PM EST

Uh, ``the problem with unix apis is that most programs are not designed with security in mind''?

Is that a problem with APIs or with programs?

I did not encounter this problem.  Basically, with the approach to sandboxes outlined in the article, you just block the programs from doing certain functions.  For instance, you make it so whenever the program attempts to open a file in write mode in a directory other than /tmp, it fails (the call to open returns EPERM).

Some programs might not ``know how to fail gracefully'' but hey, if they were trying to do forbidden things with my system, that I don't authorize, I really don't care.  However, most of the time, they would just report the error (or silently ignore it) and continue to run.

[ Parent ]

"unless you can see the source" (4.00 / 1) (#148)
by ZorbaTHut on Wed Apr 09, 2003 at 08:02:30 PM EST

You're right - every time I install an open-source program, I read over every single line of source to make sure it's not doing anything evil.

Now I'll cheerfully admit that it would be difficult for an already-established open-source package to add a back door or evilness of some sort without anyone noticing. diff is a pretty good tool when you can compare to the previous version. However, it would still be possible with some planning (spread the changes across half a dozen versions, plus obfuscation). And if it's an entire new software package - which, to anyone who hasn't been involved in the development, it is - it would be trivial to hide half a dozen holes in the source.

It's nice to be able to say "Well, I can read the source, so if there was something in there I could find it." It's another thing entirely to comb thousands of lines of unfamiliar source on the theory that there *might* be some form of evilness, especially if the original programmer attempted to hide it.

I guess what I'm trying to say here is, open-source is *not* a guarantee that the source is harmless, and pretending that it is is a bad idea at best.

[ Parent ]

Sheesh (none / 0) (#157)
by Verdeboy on Fri Apr 11, 2003 at 05:14:55 PM EST

For one, an OS should NOT allow other programs besides the OS to stop other running programs intentionally. Two, just out of curiosity, if you were running these program(s) on Windows XP or 2000, just give the offending program the lowest system access possible (e.g. run it from a guest account and run the other program from an admin account). If you're using UNIX or Linux, you shouldn't have this problem. Lastly, that is so unethical it makes my eyes hurt.

nice try (none / 0) (#164)
by sanketh on Sat Apr 12, 2003 at 08:15:05 AM EST

There's really no reason the OS should stop one process from killing another process. In fact, if the OS does this, it will have to distinguish command-line issues from other processes, which is one of the worst things to do.

Also, for your information, this could have happened in Linux too. There's really nothing Win-specific, except of course that a user-mode program could not have formatted the hard drive. But then, even in Linux, you do need to install stuff. Then you log in as root and suppose the install script has something like cat /dev/random > /dev/hda .... what do you do then? do you sit and read the whole code to find such stuff?

The problem is, this sort-of security is no business of the OS. The authors of the software are responsible for this. And the user, for trusting that exe file. And that's it. It is legally wrong, of course. But there's nothing an OS can do about it.

== Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.
[ Parent ]

MilkShape 3D does what it wants. With no EULA. | 170 comments (134 topical, 36 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!