Quote Originally Posted by Skarma View Post
The method I want you to float your mind around is dll injection. Not only can you inject the dll whenever you want, but you can also eject it whenever you want without having risk of crashing Halo because it would no longer have a loaded d3d9 module to use. This will also make it easier to debug and test code, without having to keep opening and closing Halo to load the dll over and over. External injection can also be very noob friendly, just like a proxy would. It can be as simple as opening an executable that has no interface controls and loads it automatically when it finds the game. Building your own custom dll injector sounds awesome anyway, to me. You brought up the point of modifying Halos executable code to load your dll, but this is not necessary since injection from an external source is possible without needing to touch Halo's code. Therefor there would be no need to lug around patched executables, only an injector and your dll.

As far as changes to your own dll code, it would be significantly small and very little work. There are many different ways to hook Direct3D, but I will propose what I think is the most logical method in this situation, which would have to be VMT pointer modifications. Instead of detouring or creating an old fashioned jmp hook, you just replace Halo's VMT pointers with the addresses of your own functions. This has some advantages. The return can be a call to the original d3d9 function, so programs like xfire, gamecam, fraps, gcc can all still be hooked and running properly. Also, unhooking is just as easy as hooking and you don't have to unwrap the entire interface, only hook and unhook individual functions freely. There is a lot more flexibility here and the only thing you will need to keep track of is Halo's device pointer, which is global and static, but I'm not sure if it changes between CE versions or not. I bet you already have the version checking code, so you would just need to add this variable under that check. You could also pattern scan for the CreateDevice call, which returns the device pointer and grab the address from a relative offset, so a version check is not even needed. Alternately a less viable method is to inject immediately when Halo starts and hijack Direct3dCreate9 and then CreateDevice, but that shouldn't be necessary.

There are some downsides to this method, just like any method, but I think it's more reasonable than the current one. You will have to lug an injector around, but this is not a bad thing. It can be used universally to inject any dll into any process and only needs to be downloaded once. Injectors are all over the place, so if one does not work, there is one that will, they all have the same basic method of entry. So, like I said, keep an open mind as will I. I didn't bash your method to break your heart, but as constructive criticism to think about other possibilities. There seems to be many problems hovering around this proxy method and I am just offering my advice and will help where I can.
Dll injection wouldn't work with how Yelo works. Yelo has to process the game's code before it actually starts running any of its subsystems. There isn't a sure bet way of injecting before any of these systems become initialized to my knowledge.

Dll injection still runs the risk of crashing the game as much as a dll hook as its still the same code being ran. So if the code in a dll hook crashes the game, so will one which is just injected. If I wanted to support unloading the DLL, I would also have to write rollback functions to turn the game back into its original state.
Dll injection is invaisive compared to a behind the scenes dll hook. The user has to run an extra step to get the extension running. Anytime you increase the amount of steps a user must perform, you increase the complexity. Someone could easily forget to load it.

VMT modification only helps in the DX area. However, if I modify the DX vtables, then any hooks from other apps (xfire) are rendered null and could potentially crash due to some data not being gathered.

The only problem associated with the dx hook is with sapien, and thats only if they have the HEK installed to their game directory. Like I said earlier, I know how to adjust for this.