Ai4rei Posted December 28, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 425 Reputation: 359 Joined: 11/11/11 Last Seen: Yesterday at 11:40 AM Share Posted December 28, 2013 (edited) Simple DLL Loader for RO Clients About If you expect some super simple application, let me disappoint you, there is none; everything is already part of the RO client. Consider this post as a proof-of-concept. There are also certain catches that you should be aware of, before you start jumping for joy. All you need to do, is to give your library a .asi, .m3d or .flt extension instead of .dll and it will miraculously get loaded by the client when it starts up and is unloaded once it shuts down. While you can load pretty much any dynamic library this way, there is a major catch: when your DLL gets loaded, most of the initialization is already complete and the window is already visible, DirectX is not initialized at that point. So while this might be ideal for a client plug-in, that messes with the window or the client runtime, it's probably less usable for hot-patching of the initialization code. Another catch is, that the client will load fine when your DLL is deleted. Summary: While the process of loading a DLL with the extensions .asi, .m3d and .flt is simple, the point at which it gets loaded might be unsuitable for certain uses. Since it's not intrusive, it might be of use for client plug-ins. Demo: The linked demo consists of a pre-build DLL with source, that displays a message when loaded and unloaded for convenience of testing this PoC.Edit: Another issue noticed by @Cataclysm: If "Sound Mode" in RO setup is set to "No Sound", DLLs will not be loaded. Downloaddemo QA How does this work? Your DLL is loaded as a driver for the Miles Sound System (mss32.dll), but since it does not register with it, it does not interfere with it in any way. This work is licensed under a Creative Commons Attribution 3.0 Unported License. Edited February 7, 2018 by Ai4rei Broken formatting. 1 Quote Link to comment Share on other sites More sharing options...
Jonne Posted December 28, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 153 Reputation: 33 Joined: 12/24/11 Last Seen: September 30, 2024 Share Posted December 28, 2013 (edited) So does that mean I can inject my code via any custom made DLL, but I can not intruse existing code or change when it is loaded, just add it? Also, why would the client start my pre-defined functions? Do I either have to know function calls in the client to have them loaded or do I overwrite old function calls by the client? Edited December 28, 2013 by Jonne Quote Link to comment Share on other sites More sharing options...
Ai4rei Posted December 28, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 425 Reputation: 359 Joined: 11/11/11 Last Seen: Yesterday at 11:40 AM Author Share Posted December 28, 2013 Non-intrusive was meant in that way, that you do not need to patch the client to load your DLL. You are still free to hot-patch* any client-code at will. To make the client call your DLL functions, you have to hot-patch* the client when your DLL is loaded. *) basically applying hexes/patches in client's memory. Quote Link to comment Share on other sites More sharing options...
Jonne Posted December 28, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 153 Reputation: 33 Joined: 12/24/11 Last Seen: September 30, 2024 Share Posted December 28, 2013 Non-intrusive was meant in that way, that you do not need to patch the client to load your DLL. You are still free to hot-patch* any client-code at will. To make the client call your DLL functions, you have to hot-patch* the client when your DLL is loaded. *) basically applying hexes/patches in client's memory. I see. So I alter the binary code to call my functions, since it has laoded the DLL? Quote Link to comment Share on other sites More sharing options...
Ai4rei Posted December 28, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 425 Reputation: 359 Joined: 11/11/11 Last Seen: Yesterday at 11:40 AM Author Share Posted December 28, 2013 Yes. 1 Quote Link to comment Share on other sites More sharing options...
Jonne Posted December 29, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 153 Reputation: 33 Joined: 12/24/11 Last Seen: September 30, 2024 Share Posted December 29, 2013 So I can only call my code. Which means I can't open RO client-side windows, right? But I could for example do some anti-hack protection and send out packets or the like as far as I understand that. Sorry for being a bit of a nuisance Quote Link to comment Share on other sites More sharing options...
Ai4rei Posted December 31, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 425 Reputation: 359 Joined: 11/11/11 Last Seen: Yesterday at 11:40 AM Author Share Posted December 31, 2013 You can, if you find the respective functions in the client. You can also mess with the RO Window by using GetWindowThreadProcessId and EnumWindows functions from your DLL. The only limitation is, that you cannot alter client code, that ran before your DLL was loaded (such as 1rag1 check). Quote Link to comment Share on other sites More sharing options...
Daegaladh Posted December 31, 2013 Group: Developer Topic Count: 30 Topics Per Day: 0.01 Content Count: 238 Reputation: 147 Joined: 11/21/11 Last Seen: 11 hours ago Share Posted December 31, 2013 What's the difference between this and StudPE? 1 Quote Link to comment Share on other sites More sharing options...
Ai4rei Posted December 31, 2013 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 425 Reputation: 359 Joined: 11/11/11 Last Seen: Yesterday at 11:40 AM Author Share Posted December 31, 2013 You do not need to edit the client to add a DLL, the functionality is available out-of-the-box. Quote Link to comment Share on other sites More sharing options...
Daegaladh Posted January 1, 2014 Group: Developer Topic Count: 30 Topics Per Day: 0.01 Content Count: 238 Reputation: 147 Joined: 11/21/11 Last Seen: 11 hours ago Share Posted January 1, 2014 And that's better because...? ._. Quote Link to comment Share on other sites More sharing options...
Cataclysm Posted January 4, 2014 Group: Members Topic Count: 1 Topics Per Day: 0.00 Content Count: 8 Reputation: 1 Joined: 08/20/13 Last Seen: July 29, 2018 Share Posted January 4, 2014 Yes this is really cool and simple but there is a little problem: You can't set sound off on setup because the thread will not going to run properly. 1 Quote Link to comment Share on other sites More sharing options...
Ai4rei Posted January 5, 2014 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 425 Reputation: 359 Joined: 11/11/11 Last Seen: Yesterday at 11:40 AM Author Share Posted January 5, 2014 Yes this is really cool and simple but there is a little problem: You can't set sound off on setup because the thread will not going to run properly. This is bad, thanks for noticing. Setting "sound mode" to "no sound" really disables this feature. Quote Link to comment Share on other sites More sharing options...
Secrets Posted February 5, 2018 Group: Developer Topic Count: 36 Topics Per Day: 0.01 Content Count: 588 Reputation: 436 Joined: 01/26/16 Last Seen: Yesterday at 03:36 PM Share Posted February 5, 2018 I made a simple patch to skip the "No Sound" check. Although untested, from looking at the disassembled code, it should be enough to make the client load drivers for MSS. I'm not sure about undesired side effect, however. https://github.com/secretdataz/NEMO/commit/d59973476ed1c599ab52bc89485a7ad658068783 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.