Hello all,

im doing some kind of research about how to insert/inject a piece of my own code into a running 3D application...

The ideia is to execute a piece of code, right after a 3D screen refresh completes...

I have this 3d app running, i start my inject application that will load into memory, find my app address,
and then find the update routine/call, and then inject a piece of code, that will be executed right after the main call ends

I dont know how to locate that call, and how to inject the code ( if that can be done... )

Once i tried using the base Windows draw/write on screen without the injection ideia... it works.. but the draw keeps flashing because its not synchronized with the 3d application....

Sounds strange, any idea would be great!


(sorry my english!)
Posted on 2008-04-09 20:31:32 by GR33d
I'm afraid your question falls outside of what we can discuss on this forum.

And I dunno if doing something like you're suggestion can be done automatically - most likely, you'll have to do some manual reverse engineering of the particular application you want to control, and that's certainly off-topic here.

What is it you're trying to accomplish? Perhaps there's a simpler way that doesn't involve code injection and RE :)
Posted on 2008-04-10 06:48:01 by f0dder
For both OpenGL and D3D, its quite common practise to create one or more 'stub DLLs' and place it/them in the same folder as the executable.
This is usually done for debugging purposes, and requires no particular reverse engineering.
For OGL, that gives you access to everything.
But for D3D, since most of the useful functions are implemented as interface methods and are not exposed to the export table, you're quite limited in what you can trap this way, however it's enough if you know a bit about COM.
Posted on 2008-04-10 23:38:41 by Homer
Well, there are legitimate applications that do that sort of thing. I've seen some people who created programs that would display extra info when playing MMORPGs by drawing directly to the game's screen.
Posted on 2008-04-11 23:30:38 by Bobbias

Well, there are legitimate applications that do that sort of thing. I've seen some people who created programs that would display extra info when playing MMORPGs by drawing directly to the game's screen.
That probably isn't legitimate - while it might be in your country (through a "reverse engineering for interoperability" claim), the game EULA will very likely forbid this... especially fascistgames like World Of Warcraft.
Posted on 2008-04-12 12:10:43 by f0dder
Good point about the EULA. That might put a kink in that sort of thing. I'm not sure how much actual reverse engineering that sort of thing really takes though, if you do it properly. If you were to use stub DLLs or some other process to insert that code without actually reverse engineering, you might be able to escape some of the more illegal aspects, though most EULAs do still forbid modification of the game, or any files distributed as part of the game.

Of course, doing something like, say, integrating personal messages into a game like quike/doom/whatever by drawing onto the game's buffers would be a slightly better example of something like this being legal.

Of course, I'm not always the best person to ask for advice about whether you should do something like that or not, because I am extremely opposed to the control companies have over how you treat their software (though I am also opposed to cheating/botting etc.) Corporate America has too much control over our personal lives as it is :/
Posted on 2008-04-12 16:10:39 by Bobbias
Since I'm from the Starcraft "hacking" scene...

Game hacking is not illegal, it forfeits your eula to use the program. Since you still own the cd and the computer/hard drive it runs on, they really *can't* stop you from playing singleplayer/lan... They can keep you from using their end for multiplayer support (aka cd-key's being banned from meta servers ect..) They can't press charges though. Though this should be considered "shady" enough that it can't be discussed here. aka forms of automated debugging which could possibly involve virus writting being closed... oh well, not my forums, I'll abide by the rules ;) I appreciate the good information here :D

For starcraft though... They have banned hundreds of thousands of cd-keys from battle.net for running these third party programs. Never the less, Starcraft 2 has many of these "Hacks" listed as features. And has been using the hacking community to solve many glitches and malicious hacks which completely ruin the game. Starcraft in the US is still here because of the hacking scene.

For a legal addin look at XFire. But they do not edit the game, instead they just overlay their interface. Because of this non interaction with the game they can keep it legal, but even looking up in game names to chat to would cross the line to breaking the eula.
Posted on 2008-04-12 23:07:54 by jakor
All quite true, nice to see someone else who knows what's going on.

Though it makes me sad that certain topics are very sketchy on here, I do understand why you guys don't like reverse engineering and such.

I did think that breaking an EULA forfeit all rights to use the program at all. I thought that an EULA was a legally binding contract between the "End User" and the creator/publisher of the game which governed the user's rights on what they can and cannot do with the game, online, as well as offline. Take world of Warcraft for example. Many people have been banned for breaching the EULA even for trivial things, and banning someone from using WoW is essentially banning them from playing the game at all, without further modifying the fies to allow them to connect to private servers.

But you do bring up the point of XFire, which is hard evidence (against my rather flimsy anecdotal evidence) that there is a program that inserts it's own graphics over the graphics of a game in a legal and non infringing way.
Posted on 2008-04-12 23:23:03 by Bobbias
It's unfortunate that certain topics can't be discussed here, but it's both to protect SpooK from legal trouble as well as not helping scriptkiddies do their mischief. I know, the scriptkiddies can get their info elsewhere, and that leaves people with (more or less? :)) legitimate RE-related stuff with less places to go. It sucks, but that's the way it is.

How do a thing like xfire work? I doubt it modifies gamecode in any way, so it must be doable using an overlay surface or something?
Posted on 2008-04-13 06:43:53 by f0dder


Actually, if anything, the people who actually write something malicious with help from places like this are beyond scriptkiddies, lol. Every real cracker has to start somewhere :/ A scriptkiddie would be someone using the program that that cracker created. (I refused to call those guys Hackers, because it degrades the name of something that is not inherently bad.)

Anyway, I'd like to know how XFire works as well, I think I'll do a little research/googling and see what I can come up with.
Posted on 2008-04-13 10:22:39 by Bobbias
Imho, it's exactly as illegal as using these 4 lines in your code:
HDC hDesktop = GetDC(0);
const char* str1 = "The time now is 15:37h";

Or as illegal as the PrintScreen key.

The OpenGL version - you provide a stub DLL with. The DX version - you also provide a stub, but it's much easier to make: You just need to copy a vTable, and patch the IDirect3DDevice9::EndScene.
Only if you look at what and when the game calls of that ID3DDevice object - it can be illegal, I think.
Posted on 2008-04-13 11:30:23 by Ultrano

Or as illegal as the PrintScreen key.

but if an demo 3dapp has PrintScreen key disabled, is it illegal to enable it?
Posted on 2008-04-14 01:57:52 by daydreamer
If the author made it so (it's not default), then I guess it's something the author didn't want to be done :)
Posted on 2008-04-14 02:32:46 by Ultrano
The thing is, it can't be illegal because ram is yours. And because ram changes so constantly you may make changes to ram and it will not constitute illegal action. You may use print screen to copy part of your ram, but selling it may be against your licensing agreement.
Posted on 2008-04-14 12:18:28 by jakor