IE Web Plugin and Data Execution Prevention (DEP)
by Guy Allard · in Torque 3D Professional · 01/22/2011 (3:49 am) · 3 replies
Myself and several others are having issues with internet explorer failing to launch the web game due to DEP on machines running Vista and Win7. This occurs for me with the plugins as shipped with T3D and also with our own game.
The issue arises when the game/plugin are installed into a directory outside of c:program files, which is necessary to do in order for user prefs, compiled shaders and streamed assets to be saved for users running windows with normal user-level permissions.
If Internet Explorer is running with internet protection enabled, the plugin cannot launch in this environment. We must assume the activex plugin is not DEP compliant as described by MS.
In the real world, the user cannot be expected to run the game with admin priviledges, and we also cannot expect users to disable internet protected mode in order to run a game.
It's possible that the problem stems from the dynamic loading and execution of the external game dll by the plugin at runtime, but that's just a guess.
The issue arises when the game/plugin are installed into a directory outside of c:program files, which is necessary to do in order for user prefs, compiled shaders and streamed assets to be saved for users running windows with normal user-level permissions.
If Internet Explorer is running with internet protection enabled, the plugin cannot launch in this environment. We must assume the activex plugin is not DEP compliant as described by MS.
In the real world, the user cannot be expected to run the game with admin priviledges, and we also cannot expect users to disable internet protected mode in order to run a game.
It's possible that the problem stems from the dynamic loading and execution of the external game dll by the plugin at runtime, but that's just a guess.
About the author
Recent Threads
#2
01/22/2011 (8:54 am)
Thanks again Manoel. Which part would need signing, the Activex part or the dll? 
#3
01/22/2011 (4:01 pm)
We haven't shipped yet, but the plan is to sign all DLLs: the plugins and the game DLL, as well as 3rd party DLLs we use and use the Win32 APIs for validating them before loading (so that the plugin cannot be used to load an unsigned game DLL, preventing our plugin from being used for malicious purposes). 
Associate Manoel Neto
Default Studio Name
Head over to Verisign, Comodo or Thawte and buy a Microsoft Authenticode code signing certificate. (If possible, use a XP machine or virtual machine to purchase the certificate, since you won't be able to export the private key to other workstations if you use Vista/7).
Unity's IE plugin does exactly the same as Torque's: it loads an external DLL (their IE plugin is just a wrapper that loads their Mozilla DLL).