Jump to content

Sign in to follow this  
Michael Withstand

Shellcode warning when trying to run OA

Recommended Posts

  Günter Severloh said:
What are you running that gives you that message?

As the pic states Combined operation: arma2oa.exe

With ACE2 add on and mando missile add on.

Not running the game with add-on would also result in the same warning.

The beta would not give the warning though

Detection is done by COMODO CIS(COMODO Internet Security)

Share this post


Link to post
Share on other sites

Topic: "tried to execute shellcode as a result of possible buffer overflow attack"

From Ronny at Comodo forum:

  Quote

Hello Amy,

The new version of CIS 3.9.x (Still beta though) has a few fixes to prevent false alerts.

I can't tell from this info if yours is a false positive, but if you like you could try 3.9.x beta and see if the alert is gone.... i have to say you should probably only be using beta software if you feel confident.

You could if you have time, export your "old" 3.8 configuration, uninstall the 3.8, install the 3.9.x beta and see if the problem still exists or not, remove 3.9.x beta, install 3.8 latest and import your settings back so you are "back to where you started" only you know if the alert is still there in the latest version.

And from LostAmy that had the problem:

  Quote

Hi Ronny,

i've downloaded and installed the Beta version and everything seems to be working fine.

thanks for your help!

It's a good idea to use google to search after error from applications ;)

Share this post


Link to post
Share on other sites

I did google it but found nothing...well I didn't look past the first page or maybe I was googling the wrong keyword.

Any link to those?

Besides it's already version 4.0 now those quotes are irrelevant.

Edited by Michael Withstand

Share this post


Link to post
Share on other sites
  Michael Withstand said:
I did google it but found nothing...well I didn't look past the first page or maybe I was googling the wrong keyword.

Any link to those?

Besides it's already version 4.0 now those quotes are irrelevant.

But try a newer version or latest beta from Comodo and see if you still run into same problem.

To me it's seems to be more like a Comodo bug or something.

Version 4.1 is the newest i think.

http://forums.comodo.com/help/tried-to-execute-shellcode-as-a-result-of-possible-buffer-overflow-attack-t35795.0.html

http://tinyurl.com/32t86e8 :D :)

Comodo Internet Security v.4.1 (free version)

Edited by MJK-Ranger

Share this post


Link to post
Share on other sites

no i meant running as is it the game giving you this message or another progam, like an anitvirus or something.

Share this post


Link to post
Share on other sites
  MJK-Ranger said:
But try a newer version or latest beta from Comodo and see if you still run into same problem.

To me it's seems to be more like a Comodo bug or something.

Version 4.1 is the newest i think.

http://forums.comodo.com/help/tried-to-execute-shellcode-as-a-result-of-possible-buffer-overflow-attack-t35795.0.html

http://tinyurl.com/32t86e8 :D :)

Already using latest version.

  Günter Severloh said:
no i meant running as is it the game giving you this message or another progam, like an anitvirus or something.

It's a security app COMODO Internet Security. The warning comes out whenever trying to launch Combined operation.

launching beta version of Combined Operation would not result in the warning being shown.

Share this post


Link to post
Share on other sites
  Michael Withstand said:
launching beta version of Combined Operation would not result in the warning being shown.

Interesting, hmm Are you running Steam Version of ArmA2/OA/CO?

You are not running the game in Sanboxie from Comodo?

I'm not familiar with Comodo products at all, but I can not remember having seen others in here with same issue.

Edited by MJK-Ranger

Share this post


Link to post
Share on other sites
  MJK-Ranger said:
Interesting, hmm Are you running Steam Version of ArmA2/OA/CO?

You are not running the game in Sanboxie from Comodo?

I'm not familiar with Comodo products at all, but I can not remember having seen others in here with same issue.

No Im not using COMODO sandbox

It's OA retail(boxed) version merged with ArmA 2 retail version

Share this post


Link to post
Share on other sites
  Günter Severloh said:
what if you turn that program off and then try the game,

will it work then?

Yes it would work I assume but according to COMODO Internet Security some hidden program would also be run that would enable some people to take over my machine :rolleyes:

Running the app when the security app is telling you it's potentially dangerous would make using the security app kind of pointless . . . . .

Edited by Michael Withstand

Share this post


Link to post
Share on other sites

dont think they would if you dont have your remote services enabled, plus if you got a firewall on.

Are you in mp when you play or try too, or are you just in the game sp, and editor?

Share this post


Link to post
Share on other sites

I play MP most of the time, firewall wouldn't help against this kind of attack I think.

Shellcode is taking advantage of vulnerabilities in app to take control of the target machine. It's very risky.

I hope some other people are also experiencing this as well and hopefully it's a false positive.

Running the game using admin right is stupid however. OA would make you to run it on admin rights when battleeye is used in game.:(

Now I can't even run the game. I may have to exclude the app from bufferoverflow detection

Share this post


Link to post
Share on other sites

My 2.5 Cents: First you need to understand what a 'shellcode' is. Lots of information available but here's one for ya ---> LINK

Next, educate yourself on what a Buffer Overflow is. ---> LINK

Now, I'm more then positive that this is alarming for a lot of people. So it would behoove you to investigate it. However; Something else you have to take into consideration that most to all games need internet access whether you're in SP or MP.

With that said; Some AV's will erroneously report such behaviors in some games. Including applications as well. If you are positive that you don't have ANY virus's, malware, spyware and all that crap then maybe it's COMODO being to paranoid. But I suggest you scan your entire computer again using different programs of your choice.

Hm...what else thinking.gif...Try a different one first. well I'm sure we'll all get this figured out but patience is key but we need to keep our cool and try not to go off the deep end about this...

EDIT:

Oh...I am in no way disrespecting the COMODO program and I have no reason to doubt it as I have never used it. However, you might want to think about getting a different AV if you have had this before (This issue). Or better yet, just try one from a reputable vendor. I personally use Kaspersky 2011 Internet Security

Edited by Encrypted_God

Share this post


Link to post
Share on other sites
  Encrypted_God said:
My 2.5 Cents: First you need to understand what a 'shellcode' is. Lots of information available but here's one for ya ---> LINK

Next, educate yourself on what a Buffer Overflow is. ---> LINK

Now, I'm more then positive that this is alarming for a lot of people. So it would behoove you to investigate it. However; Something else you have to take into consideration that most to all games need internet access whether you're in SP or MP.

With that said; Some AV's will erroneously report such behaviors in some games. Including applications as well. If you are positive that you don't have ANY virus's, malware, spyware and all that crap then maybe it's COMODO being to paranoid. But I suggest you scan your entire computer again using different programs of your choice.

Hm...what else thinking.gif...well I'm sure we'll all get this figured out but patience is key but we need to keep our cool and try not to go off the deep end about this...

I understand that most games would need internet access and I have no objection to that and I play other games as well that need internet access and have no problem with shell code or buffer overflow attack.

I asked to know whether this is a false positive or a true positive.

Last time I scanned it was all clean. I'll scan everything again.

Share this post


Link to post
Share on other sites

Understood sir. And believe me, I wasn't belittling you. I am here (like many others) for you if you need help. We'll get this figured out. Oh..I do have to ask this; Does your computer "act funny". I mean do you notice strange things that would indicate virus' or that other junk?

Reason why I ask is because within the last week My own rig has been acting funny. Long story short I was forced to Re-Format because sometimes it's better to start over from scratch then spend hours and hours trying to figure it all out. Plus...headaches igiveupll1.gif

Share this post


Link to post
Share on other sites

Umm no nothing funny at all. everything seems to be fine.

I didn't feel you were belittling me either.

I'm suspicious that the disc checking is what's causing this. The beta won't check for disc. the server exe won't either.

I think whatever causing it may have stemmed from the disc checking.

I hate having to have the disc in the tray. BI please give us no disc patch ASAP.

And if some hacker found exploit in arma2oa.exe and inserted some nasty shellcode injection especially because the exe is demanding to be run with admin rights then we would not be able to tell because of the disc checking also resulted in the same warning. Running game with admin rights is just STUPID.

---------- Post added at 10:27 AM ---------- Previous post was at 10:19 AM ----------

  Encrypted_God said:

EDIT:

Oh...I am in no way disrespecting the COMODO program and I have no reason to doubt it as I have never used it. However, you might want to think about getting a different AV if you have had this before (This issue). Or better yet, just try one from a reputable vendor. I personally use Kaspersky 2011 Internet Security

Yea man COMODO is like the best firewall and internet security suite out there and it's free too. No kiddin. Official tests have concluded that COMODO security suite is the best one out there. I think it's you who may need to switch. :D

No kiddin. ;) Google it

http://www.matousec.com/projects/proactive-security-challenge/results.php

yea the test was on proactive security but the firewall and Anti virus are also very very good.

Edited by Michael Withstand

Share this post


Link to post
Share on other sites

Yes!! there ya go!! Come to think of it, how about the SecuRom? Do you have to put the disk in every time? This is offtopic but I had to use the CD/DVD everytime I wanted to ArmA 2. Then a very good friend of mine (Gunter Severloh) told me that I only had to do it a few times. RE: SecuRom verifying the disk. Which I neglected to think about.

Share this post


Link to post
Share on other sites
  Encrypted_God said:
Yes!! there ya go!! Come to think of it, how about the SecuRom? Do you have to put the disk in every time? This is offtopic but I had to use the CD/DVD everytime I wanted to ArmA 2. Then a very good friend of mine (Gunter Severloh) told me that I only had to do it a few times. RE: SecuRom verifying the disk. Which I neglected to think about.

Hmm it was just a suspicion I wouldn't jump into conclusion because there's no way to verify that it's really the SECUROM since it could very well be a shellcode injection that's run at the same time Securom is checking for disc. And it's a bad programming if it is true. If the game wouldn't demand ADMIN rights in the first place I wouldn't be so worried.

Edited by Michael Withstand

Share this post


Link to post
Share on other sites

Agreed. But SecuRom is notorious for that stuff omgo.gif

---------- Post added at 11:04 PM ---------- Previous post was at 10:53 PM ----------

I'm sorry but I need to go. I got to get some sleep. goodnightx.gif

I wish you good luck my friend pals.gif. I'll check on this thread in the morning

Edited by Encrypted_God
Spell Check

Share this post


Link to post
Share on other sites

Lol Jaeger, (encryptd God) Hes close Buddy of mine for many years and we game together reguarly.

anyways, have you ever been able to play the game without the disc?

Personally i had only installed Arma 2 when it first came out, and then had the disc

in once i think to play and then after that maybe the patch i never

had to use the disc again, so I can just click on the icon and Im in.

I use AVG and I dont get any interference, but this is a stumping issue you have,

as Jaeger would say we need to go through a process of elimination,

basically strip everything down to the bare bones and the test things out and

see what response we get.

I think in a way you should start over, lose the antivirus, and any protection

and what not, maybe uninstall reinstall the game, and just start over, play it,

patch it, play it and final patch it, and then if the game works, go from there,

the next response after the game should give you or at least narrow it down to

what is possibly causing the inability to play, off course you have an idea already

but we dont really know for sure what it may be.

Just a thought.

Share this post


Link to post
Share on other sites

Well Encrypted God seems like a nice fellow :rolleyes:

I don't have any problem running the game just that my security apps is telling me of Shellcode injection. It was just matter of changing setting in the security app but still I'd like to know what was it about.

I'm still unable to accept that Battleeye requires the game to be run on admin rights which would make shellcode injection much more potent and would not surprise me that the game exe does have some exploits since it was probably never designed with customer security as priority. This is what concerns me: playing with admin rights and getting the shellcode injection warning at the same time and playing and hosting the game online :o

I need the have OA disc inserted except when playing BETA version

Edited by Michael Withstand

Share this post


Link to post
Share on other sites
  Quote
I'm still unable to accept that Battleeye requires the game to be run on admin rights

I have read about this admin thing so many times in the forums here yet

I have no idea what it is, does it have to do with windows 7? as I have windows xp.

  Quote
warning at the same time and playing and hosting the game online

I can see that being a concern, especially when hosting, not sure if it

would work that where one person computer can pass a virus or

something to yours while your hosting the game, I'm sure Jaeger can touch on that.

Share this post


Link to post
Share on other sites
  Günter Severloh said:
I have read about this admin thing so many times in the forums here yet

I have no idea what it is, does it have to do with windows 7? as I have windows xp.

When you play online some servers are using battleye that checks for game hacks in order to prevent people playing from cheating their fellow gamers. This battleye now since OA requires that the game be played on admin rights otherwise that player will get kicked out of the server.

Anyway it seems that the warning is not really about real shellcode injection

http://forums.comodo.com/defense-sandbox-help-cis/operation-arrowheadgame-triggered-buffer-overflow-warning-t60703.0.html

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×