I managed to compile a dll and, using a hack method explained below, get *some* code to run without crashing the game. Unfortunately, the only thing I can really do without crashing the game is display a message box to show me that my code ran. As soon as I try to call any of the functions from outpost2.exe it crashes.
I'm really starting to think it's something not in the code section that causes the crash. I gutted one of the regular DLLs and it still works. I started off by removing the DLL entry point completely (i.e. setting the entry point pointer to null) and overwriting the first few bytes of all the important functions (those functions op2hacker had in his .def file) with simple RETs (and setting EAX with appropriate return values where needed). The DLL still runs perfectly. Mind you, it makes for a very boring game since all you can do is stare at the map and scroll around.
I even gutted the Export table and reduced it to only the important functions. (Say, anyone know a better way to do this than using a hex editor?
) It was at this point, that I decided to modify the Export Table entry for InitProc and forward it to an InitProc in a DLL that I compiled. The code ran and the game didn't crash. I got a message box to display fine but any calls to the outpost2.exe functions still cause a crash. Perhaps I'm overlooking something with this export forwarding idea.
Anyways, I plan to NOP the entire code section (except for dummy function area) of the DLL just to make sure I'm not missing something hidden. I also plan to do the same sort of thing to the data section except for the needed exported data. My guess, is that it will still run fine and I won't actually know any more. <_<