It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussiongames should disclose whether they have drm or not.(90 posts)(90 posts)
(90 posts)
Pages:
1
2
3
4
5
6
This is my favourite topic
Posted October 01, 2021
avatar
.Ra: Interesting, where can I learn more about this galaxy.dll issue? Also can you give a scenario/example of a security issue that might get the galaxy.dll blocked on an os level? Also what about the steam.dll, is that a similar issue?
avatar
AB2012: There is no issue at the moment (at least for non XP users, though we could soon see a repeat of that for W7-10 if galaxy.dll's end up compiled for W11), just another potential "point of failure" for future retro rigs that's really completely unnecessary for offline installers to have in the first place.

avatar
BrianSim: people are here for the offline installers - we know why we're here and what we're here for without defining definitions - and for many people the reason isn't wanting GOG to become a 2nd rate Steam or making excuses for butchered single player games.
avatar
AB2012: Exactly. Game preservation is all about extending the life of a video game by removing as many potential "blocks" and dependencies for the future as possible. This includes 1. DRM, 2. Middleware (eg, game clients or launchers that 'need' an OS version higher than the actual game does and run on an older system). The fewer "points of failures" the less likely it is for a game to have any future compatibility issues (outside of the game code). Personally I'm at that stage where I simply don't care if people want to sit around all day playing word games over 1. and 2. as "completely different things". In reality, the lifespan of a game is extended by removing as many of both as possible, not swapping one set of issues for another then arguing over theoretically "perfect definition" labels to eternity (that never really existed in the first place).
Unless I am missing something, wouldn't the galaxy.dll just be inert?
Posted October 01, 2021
avatar
.Ra: Unless I am missing something, wouldn't the galaxy.dll just be inert?
Galaxy typically runs with elevated permissions, and certainly has system services that are elevated as well. This opens room for a possible bug or exploit to be found that could be used by malicious attackers to infect systems. Games that use it could potentially similarly be exploited. Some of these could be remote exploits, too, since Galaxy is built with Internet connectivity in mind.
Posted October 01, 2021
low rated
avatar
richlind33: You might think that's your argument but it falls flat on it's face because you believe a "technical" definition is the only one that matters -- in spite of the fact that you previously acknowledged that intention is relevant to determining what is or isn't DRM. Your "argument" is shot through with inconsistency. A "technical" definition is mostly relevant to how DRM is implemented, not what it is or isn't.
No I believe that the only definition that matter is the one that Gog uses because that's the one that uses to decide is the game is DRM-Free or not for them.
avatar
mqstout: Galaxy typically runs with elevated permissions, and certainly has system services that are elevated as well. This opens room for a possible bug or exploit to be found that could be used by malicious attackers to infect systems.
Yes but here we are not talking about Galaxy itself but about games that have the Galaxy.dll in their install folder that's two different things.
Post edited October 01, 2021 by Gersen
Posted October 01, 2021
avatar
.Ra: Unless I am missing something, wouldn't the galaxy.dll just be inert?
avatar
mqstout: Galaxy typically runs with elevated permissions, and certainly has system services that are elevated as well. This opens room for a possible bug or exploit to be found that could be used by malicious attackers to infect systems. Games that use it could potentially similarly be exploited. Some of these could be remote exploits, too, since Galaxy is built with Internet connectivity in mind.
Is this the same for steam.dll?
Posted October 01, 2021
avatar
.Ra: Is this the same for steam.dll?
The same is true of anything, yes. But especially things designed for online connections and interact with expectation that user might elevate it to run with admin permissions (like installing updates). And things that are used on more systems (like such hooks) are lucrative targets since one bug could infect lots of systems.
Post edited October 01, 2021 by mqstout
Posted October 01, 2021
high rated
avatar
.Ra: Unless I am missing something, wouldn't the galaxy.dll just be inert?
GOG Games with Galaxy integration are hard-coded (inside the game's .exe) to make Galaxy API calls with the expectation it will be running. This is unfortunately true even of offline installers. Eg, say a game "pings" Galaxy to unlock an achievement via the Galaxy API. If Galaxy is running an achievement will unlock. If it isn't then the galaxy.dll in offline installers acts like a "fail safe" allowing the game to continue without crashing upon receiving no expected response (from a client that isn't running). They're definitely not inert and the error message I showed earlier is what happens to Divinity Original Sin (GOG version) when galaxy64.dll is renamed / prevented from running, the game instantly refuses to start long before any Galaxy features (achievements, etc) are used.

avatar
.Ra: Is this the same for steam.dll?
Yes, you'll see a similar error message if you blocked steam_api.dll from running for many Steamworks integrated games for the same reason. Amusingly Steam games have more of a backup plan in the form of Goldberg Emulator. It would certainly be amusing if in years to come someone had to write a Galaxy emulator crack to get the "DRM-Free" offline installer games here to continue to run...
Attachments:
steam_dll.jpg (19 Kb)
Post edited October 01, 2021 by AB2012
Posted October 01, 2021
avatar
.Ra: Unless I am missing something, wouldn't the galaxy.dll just be inert?
avatar
AB2012: GOG Games with Galaxy integration are hard-coded (inside the game's .exe) to make Galaxy API calls with the expectation it will be running. This is unfortunately true even of offline installers. Eg, say a game "pings" Galaxy to unlock an achievement via the Galaxy API. If Galaxy is running an achievement will unlock. If it isn't then the galaxy.dll in offline installers acts like a "fail safe" allowing the game to continue without crashing upon receiving no expected response (from a client that isn't running). They're definitely not inert and the error message I showed earlier is what happens to Divinity Original Sin (GOG version) when galaxy64.dll is renamed / prevented from running, the game instantly refuses to start long before any Galaxy features (achievements, etc) are used.

avatar
.Ra: Is this the same for steam.dll?
avatar
AB2012: Yes, you'll see a similar error message if you blocked steam_api.dll from running for many Steamworks integrated games for the same reason. Amusingly Steam games have more of a backup plan in the form of Goldberg Emulator. It would certainly be amusing if in years to come someone had to write a Galaxy emulator crack to get the "DRM-Free" offline installer games here to continue to run...
I see. before galaxy weren't their steam.dll files on gog anyways though?
Posted October 01, 2021
low rated
avatar
AB2012: GOG Games with Galaxy integration are hard-coded (inside the game's .exe) to make Galaxy API calls with the expectation it will be running.
The DLL is communicating with Galaxy, not with the Internet, same thing with the Steam one. So the risk of either representing any serious security risks on their own is infinitesimal.
Posted October 01, 2021
avatar
.Ra: I see. before galaxy weren't their steam.dll files on gog anyways though?
In a few games. Prior to Galaxy (the older installers) most GOG games were "clean" ie, didn't call any client at all. Same is true of other stores DRM-Free builds (eg, Humble).
avatar
Gersen: The DLL is communicating with Galaxy, not with the Internet, same thing with the Steam one. So the risk of either representing any serious security risks on their own is infinitesimal.
You're missing the point (as explained in 2nd paragraph of post #60) but never mind, I'm really not going round in circles on this on a Friday evening.
Post edited October 01, 2021 by AB2012
Posted October 01, 2021
avatar
.Ra: I see. before galaxy weren't their steam.dll files on gog anyways though?
avatar
AB2012: In a few games. Prior to Galaxy (the older installers) most GOG games were "clean" ie, didn't call any client at all. Same is true of other stores DRM-Free builds (eg, Humble).
avatar
Gersen: The DLL is communicating with Galaxy, not with the Internet, same thing with the Steam one. So the risk of either representing any serious security risks on their own is infinitesimal.
avatar
AB2012: You're missing the point (as explained in 2nd paragraph of post #60) but never mind, I'm really not going round in circles on this on a Friday evening.
I see, although considering how steam took off even if gog didn't introduce galaxy then the steam.dll would have been there at some point.
Posted October 01, 2021
avatar
rjbuffchix: I dare you to name one example where the offline installer is working for months and years, while Galaxy users have issues all that time. That type of reverse situation would never be allowed to happen, as everything is poured into this damn "mother of all clients".
avatar
Gersen: Why do you want me to give you example of something I never said or even implied ?
My point was for illustrative purposes. It's easy for many people to essentially write off these issues with the offline installers. I know you have repeatedly said it isn't acceptable and I thank you for that, but it still seems to me to ring a bit hollow because there is no urgency at all that we can see on GOG's end to fix the offline installers. We can say it's unacceptable all day but it doesn't seem to get through to GOG to fix the issues. That's what's bothersome, as if the situation was reversed, you know there is like no way they would stand for it.

avatar
Gersen: On of the reason why Galaxy was created was to be able to have patches and fixes faster than with the offline installer, if you don't remember or weren't there at the time but it was actually a big issue with Gog in the past where offline installers of newer games were routinely days if not weeks behind the Steam version.
But for offline installer-only users the problem is essentially the same (actually, I would say it's worse for several reasons, but I digress). Only difference is now the offline installers are out of date with both clients, lol.

When the Deus Ex Mankind Divided DLC released locked behind Galaxy requirement until it was fixed, a user suggested GOG test the offline installers then Galaxy after that.

I say GOG should focus on making sure the offline installers are up-to-date within a day or two, and more importantly, not having anything locked from these "bugs" where Galaxy is required.

I get that Galaxy was made to push updates faster but for what it has done to the treatment of offline installers it is not worth it imo. Galaxy needs to prove its case from scratch, if you ask me.
Posted October 01, 2021
avatar
JimmySnuggleBear: im not entirely against putting games with drm on this platform
This is supposed to be a DRM free store, there is no room for compromise, compromise means removing the entire goddamn point of GOG's existence. This argument is the same as being ok with a vegan restaraunt serving 'a little meat on the side'.
Post edited October 01, 2021 by ReynardFox
Posted October 01, 2021
avatar
Gersen: Come on, here you are taking very specific and limited examples, Saint Rows 3, Necrobarista are bugs, it's not acceptable and it must be fixed and Gog is taking their sweet time to have them fixed (With of course their trademark lack of communication), but still, it remains two games out of 3000+ for the very vast majority including those using Galaxy implementation they work transparently with or without Galaxy, and still my point was not that all devs were able to implement Galaxy without screwing up, but that something you or me might consider as being DRM-free would be considered as being a DRM by others.
avatar
AB2012: As several people commented here in the past, if GOG went out of business, Galaxy would become abandoned and if a serious security issue was later discovered in non-updated galaxy.dll's that due to no-one being around to fix was serious enough to get blocked on an OS level, that would actually break many hundreds of "Galaxified" GOG games in a way it wouldn't have with pre-2014 installers. Obviously that's not a likely short-term issue, but as a wake up call to those who think it's outlandish, we've already seen it happen with SecuROM, Adobe Flash, etc, dll's get hard-blocked by W10. Fixing it would literally involve swapping out the galaxy.dll with a fake one exactly as pirates do to remove Steam's DRM. And the bottom line is, dealing with that 'exactly like DRM' crap isn't why people want actual DRM-Free installers regardless of what you want to personally call it.
So in theory, replacing the DLL with one that exports the correct functions but returns no data can be a solution?
Posted October 01, 2021
avatar
richlind33: You might think that's your argument but it falls flat on it's face because you believe a "technical" definition is the only one that matters -- in spite of the fact that you previously acknowledged that intention is relevant to determining what is or isn't DRM. Your "argument" is shot through with inconsistency. A "technical" definition is mostly relevant to how DRM is implemented, not what it is or isn't.
avatar
Gersen: No I believe that the only definition that matter is the one that Gog uses because that's the one that uses to decide is the game is DRM-Free or not for them.
They won't even acknowledge that there is a question as to whether or not Hitman is DRM-Free, so what makes you think DRM-Free has any relationship to a clearly defined definition that is unambiguous?
Posted October 02, 2021
avatar
AB2012: Amusingly Steam games have more of a backup plan in the form of Goldberg Emulator. It would certainly be amusing if in years to come someone had to write a Galaxy emulator crack to get the "DRM-Free" offline installer games here to continue to run...
Maybe a little bit offtopic, but since you used the word crack yourself: do you consider an emulator (like Goldberg) a crack, if it just replicates API calls? The creator of Goldberg compares his project with WINE and console emulators and denies any breaking of DRM. I've searched a bit, but I'm still not sure about it's legal status. And if it's so legit, since APIs aren't copyrightable as of now, then why you can't find a single mention of Goldberg on PCGamingwiki (which has a lot info about DRM)?
Post edited October 02, 2021 by russellskanne
Pages:
1
2
3
4
5
6
This is my favourite topic
Community
General discussiongames should disclose whether they have drm or not.(90 posts)(90 posts)
(90 posts)