You may have to turn "Word Wrap" on in Notepad to read this document.

OK, so you're wondering why I spent two weeks modifying an old game and producing hardly any noticable new features.  I did it to demonstrate how to design for security in Windows XP and Windows 2000.  Many new games, in fact far too many new applications, do not work as a restricted user or limited user, requiring you to use the application in an insecure fashion.

Quake II was one such application, originally designed for Windows 95 and never intended to run in a secured environment.  It took me two weeks off-and-on to learn the Quake II source code, determine where it stored its files, and write replacement code to allow limited users to store those files.  If I can modify a seven-year-old Windows game to work in a secured environment, any developer can design for security.

1) What does "Designing for Security" mean?

It means the application has to run as a Limited User in Windows XP, and as a Restricted User in Windows 2000.  People logged on with these types of accounts can't accidentally break the computer by, for example, erasing critical operating system files.  They also can't "accidentally" install spy ware and other garbage found out on the Internet, and it's the last and best defense against malicious software like viruses - especially viruses that get past "conventional" after-the-fact anti-virus software.

It means the application has the fringe benefit of per-user personalization.  Each user can have their own settings and keep their own documents without interfering with each other's settings and documents.  It also means the user's settings and documents can follow them around a network, if the network supports roving user profiles, and it allows an administrator to replace a computer without losing the user's documents and settings.

For the home user, it means leaving your computer to your kids without fear of them installing any garbage you don't want.  It means the older sister can hide her files from her younger brother.  It means if they make a mistake that could wreck the computer, it won't wreck the computer.

Designing for security means designing for idiots and for fallable hardware.  The original Quake II and Quake 3 Arena were not designed for security.

2) So what is "Quake II XP?"

"Quake II XP" is an attempt to demonstrate how to design for security.  It's also a lame name I came up with due to a lack of a better imagination. :-) The "XP" moniker suggests it is designed for Windows XP even if it doesn't have Microsoft's blessing.  If I wanted to pursue the Designed for Windows XP Logo program, there's a good chance it would pass.

Aside from changes to accomodate Windows XP security, "Quake II XP" is otherwise id Software's Quake II 3.21, with the same gameplay experience.

3) You mean Quake II didn't work in XP before?

Well, yes it did.  Quake II 3.20 was the last supported release from id Software and it works fine in Win2K and XP, as long as you were running with Power User or Administrator privilege.  The Mission Packs also worked, but you couldn't load saved games unless you hacked the game DLLs to use a different base address.

"Quake II XP" runs under XP and Win2K without modifying any security settings, or requiring Power User or Administrator privilege.  And the Mission Pack DLLs were fixed.

4) What do I need to play?

You need:

* A Windows computer - Windows 95 or later.  Designing for security doesn't mean alienating older users.
* An original Quake II CD-ROM.
* A CD-ROM drive to install the original game data.
* Optionally, Mission Packs One and Two from Xatrix and Rogue Entertainment.
* 32 MB memory for Windows 95 or NT 4.0, 64 MB for Windows 98 or ME, 128 MB for Windows 2000 or Windows XP.
* Recommended: an OpenGL compatible display adapter and a MCI or DirectSound audio adapter.

5) Someone told me "program files/etc etc" isn't where you put Quake II

Applications designed for Windows XP go there because Limited Users at least have read-only access to it.  By comparison, limited users don't have any access to the root of Drive C by default.

I had to make adjustments to how Quake II searches for files and handle long file names to accomodate this design requirement.  Fortunately this was easy.  id Software should be thanked for designing for expansion, if not for security.

Install in Program Files unless you have a good reason not to, such as running out of space on that drive.  The game will work.

6) I don't have the CD-ROM. What do I do?

You can skip that part and insert the CD-ROM before you play the game.  Quake II XP will look there for game data if it isn't installed on the computer.  Alternately, copy pak0.pak from id Software's Quake II 3.14 Demo to the baseq2 folder.  You'll need Administrator access to copy that file, or for that matter, to install the game.

7) Hah-hah, you said I didn't need Administrator access

...to play the game.  You need Administrator access to install it.  That goes for any software designed for Windows XP.

Don't worry though - it doesn't make any Registry changes or replace any critical system files.  Quake II was remarkably self-contained, only requiring Winsock, which is installed in every version of Windows since Win95.

8) Where's config.cfg?  My models?  My skins?  My maps?

When Quake II XP creates or saves a file, it saves the file in your current user's profile folder.  On Windows 2000 and XP this is C:\Documents and Settings, followed by your username.  In NT 4.0 it's C:\WINNT\Profiles, and in Win9x/ME it's in C:\WINDOWS\Profiles if you have User Profiles enabled.

The full path is this:

%userprofile%\Application Data\id Software\Quake II XP

...followed by the name of the game directory (baseq2, ctf, etc).  When you download maps and other files from a Quake II server, it saves them here, in the appropriate folder.

Normally that folder's hidden from view.  You can view it by showing hidden files, a Windows Explorer setting (Tools / Folder Options).  Normally there's no need to edit anything in there.

If an Application Data folder mysteriously appears in the root of Drive C or in the Windows folder, this means you don't have User Profiles enabled.  The game will still work.  Other applications that rely on the %userprofile% environment variable behave similarly.

9) Why does each user have to redownload the same maps and other files?

I wanted to consider storing such files in a common location, such as the "All Users" profile found in Win2K and XP.  The trouble is, this construct doesn't exist in other versions of Windows, nor is there a similar construct in Linux.  I'm only trying to get a point across, so I kept it simple.  Had I pursued a common storage area, I'd have restricted this game to running only on Win2K and XP.

Designing for security doesn't have to mean forcing your users to upgrade.

10) How do I install and use a mod?  Such as the Eraser Bot?

You can install mods the same way you installed them with Quake II 3.20: Create a folder in your installation folder and dump its files there.  You'll need Administrator access to install mods.

Don't expect the mod to work on the first try, however.  A lot of mods don't take long file names into account, or won't appreciate not being allowed to write to gamedir, and will promptly crash Quake II XP.

That being said, if you're a mod author there's an easy way to fix the mod and still work with Q2 3.20.  I exposed two new CVARs: usergamedir and userbasedir, which point to where you can write files.  Stick with usergamedir unless you're writing out a player model, skin or sound though.  Also, use a larger MAX_OSPATH setting of 250 - the maximum path allowed for Windows 95 - and accomodate spaces in paths.  Longer paths are a certainty.  With a username like "supercalifragalistic" - using the maximum number of characters allowed in Windows XP - you'll typically see 140 character paths.  If the machine is a member of a domain, you can potentially see "supercalifragalistic.somelongdomainname" which happens when a domain user logs on with the same username as a user on the local machine.  Since Quake II XP is supposed to run on Win95, we can use Win95's MAX_PATH value of 250.

Do not expect to have write access to gamedir or basedir, but you could put files there as part of the mod's installation process.  Use Quake II's built in search path to search for files, which in Quake II XP starts with usergamedir and works backward from there.  Type "path" at the console to observe the path behaviour.  Look for usergamedir to tell if you're running on Quake II XP or the original Quake II, and act accordingly.  If you invoke Quake II's saved game features, Quake II XP automatically stores the saved game slots in the user's folder for you.

As for the Eraser, I can't find the original source anywhere.  Impact Development no longer has a website.  But I understand AnthonyJ at Planetquake has a modified Eraser called Eraser Ultra.  If you're reading this AnthonyJ, give these suggestions a try and let me know how they work out.  I'd be glad to include "Eraser Ultra XP" in this kit.

11) OK, hotshot.  Now go fix Quake 3 Arena.

Just watch me.

Nothing stops you from trying the same thing, however.  And nothing stops Raven Software or anyone else who used the Q3A engine from doing the same.

12) OK so how was it done?  Just the quick version.

If you're not a C programmer or a mod author you might not understand the following.

The majority of the game code uses the same set of functions to locate files and to store new files:

FS_NextPath() - Returns the next folder in the Q2 search path, FS_NextPath(NULL) returns the start
FS_Gamedir() - Returns the game directory to store saved games, screen shots, etc
FS_ListFiles() - Lists all files in a given folder, used with FS_NextPath() a lot

First I created two new functions:

FS_UserGamedir() - Returns the current user's game directory
FS_ListAllFiles() - Lists all files in both the game base directory and the user's base directory

I then replaced function calls throughout the code where necessary.

FS_UserGamedir() mostly lets Quake II save games, save downloaded maps, etc in the user's game directory instead of the system game directory.

Then I added the user's game directory to the beginning of the Q2 search path, so FS_NextPath(NULL) would return that first, followed by the rest of the search path including PAK files.  I expose the user's game directory as a cvar named "usergamedir" so mods can store stuff.  "userbasedir" is also available to store models and other stuff not specific to a particular game directory.

I modified FS_InitFilesystem() and FS_SetGamedir() to insert the user folders into the path.  You can observe the new path behaviour by typing "path" at the Q2 console.

Searching for player models and skins was much harder, as Q2 only looked in one place (basedir/baseq2/players) for these files.  I cloned FS_Dir_f() and called it FS_ListAllFiles() so it would search the entire path for any folders named "players." This worked fine unless you had the game CD-ROM inserted, when it would list the models on the CD-ROM as well as installed on the computer.  D'oh.  So I rewrote this new function to only return folders from userbasedir and basedir.

The end result was Q2XP stores its files in the user's profile folder instead of the installation folder, and searches the user folders before the installation folders and PAKs for files.  This lets limited users play the game and also lets each user have their own set of files.

[end]
