Author Topic: Dll Mystery :-(  (Read 4251 times)

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4751
Dll Mystery :-(
« Reply #25 on: March 14, 2004, 09:25:00 PM »
In case anyone is interested, I modified a DLL (CES1.dll) to basically cut out the DllMain function (first command changed to a ret) and the level still ran. Although, the computer's base was gone so I guess I cut out something semi important.

As for why dll's I compiled with Hacker's import library crash on me, I can only assume that's something to do with GetSaveRegions and InitProc which are the only other functions that run before the crash.

Is knowing this any use to anyone?
 

Offline BlackBox

  • Administrator
  • Hero Member
  • *****
  • Posts: 3101
Dll Mystery :-(
« Reply #26 on: March 16, 2004, 04:04:51 PM »
No, those functions aren't even called yet... In fact, the CRT startup code has yet to call DllMain before the exception occurs.

It's in the CRT startup somewhere, I think dynamix made their own version of the CRT.....

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4751
Dll Mystery :-(
« Reply #27 on: March 16, 2004, 11:30:59 PM »
Ok, I just checked the dll I compiled again.

I put a call to MessageBox in DllMain and GetSaveRegions and they both showed up before the crash. Although, InitProc didn't run before it crashed.

Or am I still way off base?

Offline Hooman

  • Administrator
  • Hero Member
  • *****
  • Posts: 4751
Dll Mystery :-(
« Reply #28 on: April 04, 2004, 05:41:51 AM »
I managed to compile a dll and, using a hack method explained below, get *some* code to run without crashing the game. Unfortunately, the only thing I can really do without crashing the game is display a message box to show me that my code ran. As soon as I try to call any of the functions from outpost2.exe it crashes.

I'm really starting to think it's something not in the code section that causes the crash. I gutted one of the regular DLLs and it still works. I started off by removing the DLL entry point completely (i.e. setting the entry point pointer to null) and overwriting the first few bytes of all the important functions (those functions op2hacker had in his .def file) with simple RETs (and setting EAX with appropriate return values where needed). The DLL still runs perfectly. Mind you, it makes for a very boring game since all you can do is stare at the map and scroll around.

I even gutted the Export table and reduced it to only the important functions. (Say, anyone know a better way to do this than using a hex editor?  :(  ) It was at this point, that I decided to modify the Export Table entry for InitProc and forward it to an InitProc in a DLL that I compiled. The code ran and the game didn't crash. I got a message box to display fine but any calls to the outpost2.exe functions still cause a crash. Perhaps I'm overlooking something with this export forwarding idea.

Anyways, I plan to NOP the entire code section (except for dummy function area) of the DLL just to make sure I'm not missing something hidden. I also plan to do the same sort of thing to the data section except for the needed exported data. My guess, is that it will still run fine and I won't actually know any more.  <_<
 

Offline BlackBox

  • Administrator
  • Hero Member
  • *****
  • Posts: 3101
Dll Mystery :-(
« Reply #29 on: April 05, 2004, 07:27:54 AM »
Good work Hooman.

I sorta figured it had to do with the startup code...... so it doesn't call DllMain or the CRT startup at all?

Another thing you should take into consideration is that the OP2 Dll's have an extra section (an idata section) where the IAT and INT are stored, instead of VC++'s normal way of merging this stuff into the rdata. (And there is no linker option to force it to create an idata.... other than maybe editing the obj's manually..)

Hmm, now I'm talking to Cynex on IRC and he thinks the problem may lie in that since I made a lib, you have to keep in mind that it doesnt directly call into the functions, it uses a jumptable that Win32 patches before the module's loaded.