disorder 344 Posted August 18, 2012 (edited) OH cool! Thanks very much. I just noticed this.. Do you want to merge the 2nd thread with this one?I will update the main page. Edited August 18, 2012 by disorder Share this post Link to post Share on other sites
Dylon 8 Posted August 18, 2012 (edited) . Edited August 18, 2012 by Dylon Share this post Link to post Share on other sites
disorder 344 Posted August 18, 2012 (edited) Just a bug on the parsing;Players with ASCII characters in their name are causing the reporting component to die... e.g.™ ♥ ♫ etc etcOk I just triggered it with those chars. I will try and sort it out.Here is the thing that is confusing me, the basic log format is ANSI so these chars don't display properly in notepad anyway right? Edited August 18, 2012 by disorder Share this post Link to post Share on other sites
disorder 344 Posted August 18, 2012 New version is out, anyone who has got access violations please test it thanks. Share this post Link to post Share on other sites
senior_hombre 1 Posted August 18, 2012 The link in the first post is still leading to the old version (the zip file says 13b) and the error is still there. Share this post Link to post Share on other sites
disorder 344 Posted August 18, 2012 (edited) Ok I get laggy forum sometime and it doesn't update. I did the link again so it should be up to date (tested ok)BTW You were using the wrong log, so I should point out to everyone again. It only searches your scripts.log file. The file should contain the following formatted line.. this is basically what it's parsing for :DATE TIME: USERNAME (IP) GUID - #ID TEXTFor example27.07.2012 14:04:12: BIllybob (123.456.111.222:2304) 062346bcefe58f2e235236236d7c8747454 - #27 awn player_alertZombies;"blah""moreblah"If it doesn't contain a line that looks like that ^ then its the wrong file. Edited August 18, 2012 by disorder Share this post Link to post Share on other sites
Torndeco (DayZ) 46 Posted August 18, 2012 Noticed a ban report based of cheatfinder, so i updated & have afew suggestions....U really should add back in the line number u find the cheat at, and remove the reports of players GUID'sBy doing this people are forced to look @ code flagged as cheating to get the GUID and they can double check....Atm cheatfinder doesnt appear to have any logic to it & is just doing a simple string search...As a result it is flagging people as cheating + since u supply the GUID aswell, some people are banning without double checking.Cheatfinder is flagging people as cheaters if there name contains the matching stringi.ePlayername = unholyReported as cheat = unAlso0.1 fadeSound 0;Harmless script code when someone spawns flagged as cheat = un Share this post Link to post Share on other sites
(OCN)Vortech 65 Posted August 18, 2012 (edited) Just a bug on the parsing;Players with ASCII characters in their name are causing the reporting component to die... e.g.™ ♥ ♫ etc etcOk I just triggered it with those chars. I will try and sort it out.Here is the thing that is confusing me, the basic log format is ANSI so these chars don't display properly in notepad anyway right?As a generally North American server we simply deny access to players with ASCII characters by way of BEC.Noticed a ban report based of cheatfinder, so i updated & have afew suggestions....U really should add back in the line number u find the cheat at, and remove the reports of players GUID'sBy doing this people are forced to look @ code flagged as cheating to get the GUID and they can double check....Atm cheatfinder doesnt appear to have any logic to it & is just doing a simple string search...As a result it is flagging people as cheating + since u supply the GUID aswell, some people are banning without double checking.Cheatfinder is flagging people as cheaters if there name contains the matching stringi.ePlayername = unholyReported as cheat = unAlso0.1 fadeSound 0;Harmless script code when someone spawns flagged as cheat = unI was about to mention the same thing, I decided to give this parser a try and it spits out anyone with matching the strings..<ID>GUIDGUIDGUIDGUIDa10GUID</ID><Aliases>USER</Aliases><IP>#.#.#.#:####</IP><Logs>X:\scripts.log</Logs><cheats>A10</cheats></ID> Edited August 18, 2012 by (OCN)Vortech Share this post Link to post Share on other sites
disorder 344 Posted August 18, 2012 (edited) U really should add back in the line number u find the cheat at, and remove the reports of players GUID'sI took line numbers out because people were mentioning/complaining about trying to find it in logs with way too many lines. So once I made it display the GUID I thought that would work better at tracking down people than line numbers.Ok yeah don't ban everyone just yet.Tis my fault, I was Testing a smaller Database which had a lot of info removed (which was a quick way of making the test go faster for debugging problems).Try copying this to the programs folder and overwriting the current file. I'll update the main zip again.OLD DB http://www1.zippysha...90260/file.html Edited August 18, 2012 by disorder Share this post Link to post Share on other sites
hytekk@gmail.com 0 Posted August 18, 2012 (edited) I scanned my scripts.log and got this in CheatFinder 1.5;------------------------------------------------------------------------------------------<ID></ID><Aliases>NAME</Aliases><IP>7.39.224.192:2304</IP><Logs>C:\Program Files (x86)\ArmA 2\bliss\BattlEye\scripts.log</Logs><cheats>RU UN CH US</cheats><ID></ID><Aliases>NAME</Aliases><IP>7.36.45.109:2304</IP><Logs>C:\Program Files (x86)\ArmA 2\bliss\BattlEye\scripts.log C:\Program Files (x86)\ArmA 2\bliss\BattlEye\createvehicle.log</Logs><cheats>RU SCAR UN CH US</cheats><ID></ID><Aliases>NAME</Aliases><IP>7.39.70.13:2304</IP><Logs>C:\Program Files (x86)\ArmA 2\bliss\BattlEye\scripts.log</Logs><cheats>RU UN CH US</cheats>-----------------------------------------------------------------------------------------------------------------------------------------------How do I even identify what the ID means? Are there any lists that contain ID's that I can base the results from CheatFinder off of? Thank you in advance! Edited August 18, 2012 by hytekk Share this post Link to post Share on other sites
disorder 344 Posted August 18, 2012 (edited) OK no one should be banning for reports generated with the last 2 versions (1.4 > 1.5), as they contain lots of false positives. Also nobody should be throwing out bans anyway, I think they need to be checked with dayz server mods/admins.Also the ID is the players global ID and shouldn't be posted here. The one I posted was fake. Can you edit your post please.1.6 Will be put up in a short while.- Line Numbers are back- Extra formatting to the XML to split lines up Edited August 18, 2012 by disorder Share this post Link to post Share on other sites
beginner 4 Posted August 19, 2012 Hey, love this tool. I'm pretty new to arma scripts & I'm getting a ton of Ikarus_TK_CIV_EP1 popping up, how can I tell if it's a script?if (!isDedicated) then {_config = configFile >> "CfgLoot";"15.08.2012 06:20:12: XXXX (XXXX) XXXXX - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXX (XXXXXXX) XXXXXXXXXXXXXX - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXXXX (XXXXXXXX) XXXXXXXXXXXXXXXXX - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXX (XXXXXXX) XXXXXXXXXXXXXXXXXXc - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXXXXX (XXXXXXXXXX) XXXXXXXXXXXXXXX - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: DXXXXXXXXXX(XXXXXXXXXXX4) XXXXXXXXXXXXXXXXXX - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXXXXXXXXX (XXXXXXXXXXXXXXX) 1XXXXXXXXXX4 - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXX (XXXXXXX4) XXXXXXXXXXXXXXX - #20 "if (isServer) then {_object = createVehicle ['Ikarus_TK_CIV_EP1', [2273.29, 2121.28, 0], [], 0, 'C"15.08.2012 06:20:12: XXXXXX (XXXXXXXXX) 5XXXXXXXXXXXXXX - #41 "de\compile\object_vehicleKilled.sqf";object_setHitServer = compile preprocessFileLineNumbers "\z"15.08.2012 06:20:12: XXXXXXXk (XXXXXXXXXXXX) XXXXXX- #130 "ddons\dayz_code\init\compiles.sqf"Any of this not legit?CheersIt's not legit but be careful with multidetections. AJ and TGS hacks will not detected in logs so when you see a lot of ppl with the same vehicle spawn keep in mind that they are not guilty. 1 Share this post Link to post Share on other sites
(OCN)Vortech 65 Posted August 19, 2012 It's not legit but be careful with multidetections. AJ and TGS hacks will not detected in logs so when you see a lot of ppl with the same vehicle spawn keep in mind that they are not guilty.The only legit things are the 06:20:12 enteries, the rest are spawned. createVehicle should be a red flag. Share this post Link to post Share on other sites
disorder 344 Posted August 19, 2012 I'm not aware of all known scripts yet but I'm learning as I develop this.If you see lots of people spawning to the same place then I think this is everyone getting moved to thunderdome type areas.31.07.2012 11:05:30: Dude 1 (x) y - #35 player setVariable['lastPos',0]; player setposatl [6646.12,2586.48,36.4538];31.07.2012 11:05:30: Dude 2 (x) y - #35 player setVariable['lastPos',0]; player setposatl [6646.12,2586.48,36.4538];31.07.2012 11:05:30: Dude 3 (x) y - #35 player setVariable['lastPos',0]; player setposatl [6646.12,2586.48,36.4538];31.07.2012 11:05:30: Dude 4 (x) y - #35 player setVariable['lastPos',0]; player setposatl [6646.12,2586.48,36.4538]; Share this post Link to post Share on other sites
AusDayZ (DayZ) 14 Posted August 19, 2012 It's not legit but be careful with multidetections. AJ and TGS hacks will not detected in logs so when you see a lot of ppl with the same vehicle spawn keep in mind that they are not guilty.That's what I figured, is there anyway to differentiate between innocents and scripter or is it relatively useless info? Share this post Link to post Share on other sites
(OCN)Vortech 65 Posted August 20, 2012 The logs are still messy.. GUID with a10 and other flagged strings appear at length. I also am encountering a bug where the output contains previously scanned logs until I close the program. It doesn't matter if I remove or clear the source files, the log just grows. I've been using your tool to look over my logs looking for a new method I read about. Here are my results:19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #106 "a\ui\scripts\handleGear.sqf'; _dummy; player addweapon "BAF_AS50_scoped"; player addMagazine "10Rnd_"19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #115 "yer addMagazine "10Rnd_127x99_m107"; player addBackPack"DZ_Backpack_EP1"; "The user is injecting spawned items into legit sqf files. So while still a wip your tool helped me identify this cheater. Thank you. Share this post Link to post Share on other sites
disorder 344 Posted August 20, 2012 (edited) The logs are still messy.. GUID with a10 and other flagged strings appear at length. I also am encountering a bug where the output contains previously scanned logs until I close the program. It doesn't matter if I remove or clear the source files, the log just grows. I've been using your tool to look over my logs looking for a new method I read about. 1) The accidental detection in names/ID's was removed in my current 1.7 code but something broke in changing something and I had to revert. I'm going to work on it today.2) The program keeps a persistent database while I am debugging, this is to see data before its converted to xml. Because the way the user database creates entries based on ID, this means you can use multiple logs and it will only add a new entry if its different. Unfortunately since its persistent, it can get jammed up a bit. This is also getting removed in 1.7 and temp files will go into your AppData and also get deleted when the program closes.If you want to stop the data overflowing, go into the programs install folder and delete the file called "tmpdb"1.7 is being uploaded now. Edited August 20, 2012 by disorder 1 Share this post Link to post Share on other sites
(OCN)Vortech 65 Posted August 20, 2012 (edited) 1.7 is being uploaded now.Sounds like a solid update. I just tried to run it and it's immensely slower parsing, I actually had to force close it as CF was intermittently not responding. In this condition 1.7 is unusable for us, the log in questions was only 4,977KB at 127k lines. CF 1.6 can parse the same log without issue in the same environment. Edited August 20, 2012 by (OCN)Vortech Share this post Link to post Share on other sites
disorder 344 Posted August 20, 2012 (edited) oh that's really strange, because I have a test file that is 170mb and its really fast and one around 4k was instant. Can you upload to zippyshare or something and then send me the link via pm. I want to see what is causing it.Something is definitely not working as I intended, will check it. Edited August 20, 2012 by disorder Share this post Link to post Share on other sites
disorder 344 Posted August 21, 2012 (edited) OK I checked out a few things and have hopefully resolved everything. Just testing now. Edited August 21, 2012 by disorder Share this post Link to post Share on other sites
TheWeedMan 132 Posted August 21, 2012 Latest hotfix version not working for me at all now...I get this:-The XML page cannot be displayedCannot view XML input using XSL style sheet. Please correct the error and then click the Refresh button, or try again later.End tag 'Entry' does not match the start tag 'ID'. Error processing resource 'file:///C:/Users/Admin/AppData/Roaming/CheatF...</Entry>--^ Share this post Link to post Share on other sites
disorder 344 Posted August 22, 2012 (edited) TheWeedManHave you got the latest Internet Explorer version for your OS?Update your IE and then Install Microsoft .NET Framework 3.5 SP1In either case it's not related to my program, it is actually to do with IE or one of its settings. See here also. http://www.ssw.com.a...x?KBID=Q1070124---A new version has been added too. Edited August 22, 2012 by disorder Share this post Link to post Share on other sites
TheWeedMan 132 Posted August 22, 2012 Certainly not my end thats the issue here....I reverted back to version 1.6 and everythings working perfectly. Share this post Link to post Share on other sites
disorder 344 Posted August 23, 2012 (edited) ok can you send me the log that's causing it (zipped)I do notice that if you press back during a scan that it does not close the tags properly, sometimes causing this error at the bottom. Right now I can't seem to duplicate the error, as I've changed some stuff for 1.9.---On another topic. I hate XML! It's really annoying and I think I should change to something more graphical and maybe go back to HTML reports. It seems to be causing more problems.What does everyone else think? Edited August 23, 2012 by disorder Share this post Link to post Share on other sites
AusDayZ (DayZ) 14 Posted August 23, 2012 I preferred the HTML, also it was good being able to have it display the results in order of the log as well as the line number. Perhaps a way to switch between the two if that isn't too hard? Loving the having the name and GUID in the report though. Keep up the good work! Share this post Link to post Share on other sites