I've written a little application in managed C# that allows you to pick a DLL to inject into SH5. You can also remove injected DLLs and remove currently loaded DLLs from the SH5 process. I call this application 'SH5 Injector'. This is a scaled down version of my 'DLL Injector' (DLL Injector can inject/remove DLLs into/from ANY process running on your computer)

This app is a 64bit application and thus will not work on 32bit OSs. It is also targeted at the .NET 3.5 framework or higher.

This application is very handy for injecting custom DLLs into SH5 to monitor, replace, extend, or modify in-game code or variables. It can also be used to create DLL hooks on modules loaded into the game (through code in a custom DLL injected into the SH5 process). There are many uses for this :yep: Due to the way that I do the injecting and removing of the DLLs it's very hard to detect and counter (SH5 has no idea that anything happens at all!). Shouldn't trip any anti-virus software either.

As this does not modify the SH5.exe or any game files it is completely legal :up: What it does is inject the dll selected into the current SH5 process or removes the selected DLL from the SH5 process. This is all done using the Win32 API which is part of Windows for those that are not familiar with it.

The UI for the application is very intuitive and easy to use :yeah:

This is the first step to extending, modifying, and/or creating new code for the game :D

In a future release I plan on adding the ability to inject straight code into the SH5 process. I plan on letting you type assembly instructions right into the UI and then the app will compile those into machine code and inject into the process (in it's own memory space :smug:).

To use:
- fire up SH5
- fire up SH5 Injector

32bit version: http://www.gamefront.com/files/20051079/SH5Injector32_exe

64bit version: http://www.gamefront.com/files/20049984/SH5Injector64_exe

http://www.subsim.com/radioroom/picture.php?albumid=446&pictureid=3716

Sounds like the next step . I think and hope this game will be around for a long time .

dude awesome!

Thank you Sir :salute:

This looks like a huge breakthrough for this game, the next gen in modding the game. :rock:

fantastic:woot:

maybe it is the time for somebody to start to think how to add snow in the sh5 now

manny thanks TDW:salute:

If I understand correctly this means you could potentially change core game features to a large extent! :rock:

Choosing my words carefully here... : How would one go about creating a new dll for SH5.exe injection?

I don't understand a word, but sounds great! :D

Will it be possible with such an injections to do/mod, for example:
- snow
- independent control of engines
- complex your own sub damage/trim system
- further IRAI improvements
- .....?

By the way, TDW, how much time have you actually just played the SH5?
Take a break, you are unlocking doors faster then people enter :DL

If I understand correctly this means you could potentially change core game features to a large extent! :rock:

Choosing my words carefully here... : How would one go about creating a new dll for SH5.exe injection?

Yes one can change core game features to a large extent and one can add new features to the game. It's not as easy as it sounds though. Your new content would be in the dll to inject and you hook into the game to have it execute your new code. You add the hook via code in your dll.

I use Visual Studio 2008 C# or C++ to do my programming and my DLL creating. One could use Visual Basic if they wanted to. A DLL is an exe with one bit changed in the PE header to 'make' it a DLL. Any computer language can be used as long as you can compile the source code into a dll.
I'm going to make a sample dll file and include source code so that you can see what this app can do for SH5 :up:

nice!

but what does this injection method make possible?

nice!

but what does this injection method make possible?

Anything that you can code in. You can create hooks, replace code, add code, view code, etc. It's just a matter of writing the .dll and injecting it in.
When a dll is loaded into a process the windows loader automatically calls the DLLMain function of the dll. This means your dll is 'run' as soon as it's injected into the process :yeah:

nice!

but what does this injection method make possible?

I think an extreme example would be that should you have unlimited time, desire and resources to apply to such an undertaking you could use this DLL method to write a whole new Silent Hunter 6 using the existing core 3D engine. This example is far fetched but it helps explain the power now available to the community with this break through. We could be seeing proper un-official patches to the core game engine -however, it will require some highly skilled expert coders. This really is very exciting for Silent Hunter 5!

Not sure if this solves the importing of new 3D models though?

one could write a .dll to replace an entire function in the sh5.exe by using dll injection. The hardest part is deciphering the assembly language and figuring out what it's doing in the game.
Using OllyDebug you can attach to the SH5 process and suspend the game and 'look inside'. There you can figure out what you want to change/replace/add and write a .dll to replace the code wanted (make note of the RVA so you can modify the correct code!)
I'll try and make a dll (with source) that hooks into the main sh5.exe code and executes a function in that dll. Basically what this dll would do is:
- modify the ingame code to 'jump' to your function and execute it
- once the function in the dll is complete it 'jumps' back to the ingame code like nothing ever happened.
- As this new function is now part of the game code it will be called everytime the code comes to that spot

This is prolly lame , but with this could you click on a button in game and bring up google earth and look at your navmarks on google earth while playing the game .

This is prolly lame , but with this could you click on a button in game and bring up google earth and look at your navmarks on google earth while playing the game .

I wouldn't say it's not possible but it would be hard to do. It could be done though. You could do this easier with a game's .py file :yep:

I wouldn't say it's not possible but it would be hard to do. It could be done though. You could do this easier with a game's .py file :yep:
You can already look at your sunk ship icons on google earth if you go on the official silent hunter 5 site . Not while playing the game though .

Could this be done to earlier Silent Hunter games as well? Or would it be possible to take features missing/taken out of SH5 that were in 3 & 4 and put them back in?

(New Ships?? Switch over from GR2 Files??)

Could this be done to earlier Silent Hunter games as well? Or would it be possible to take features missing/taken out of SH5 that were in 3 & 4 and put them back in?

(New Ships?? Switch over from GR2 Files??)

I can make it work with any application. I have a version I made that allows one to inject DLLs into ANY process (plus it does a lot more than that ;)). So yes I can make it work for SH3/4

Anything is possible when you are able to inject DLLs into a running process. The DLL being injected defines what the new features are or removes some functionality or ??? Really you can do anything with it that you can code.

So theoretically you could link 2 diffrent games up together . I could be playing SH5 , walk thru a door in the bunker and be instantly playing COD 5 entering a village . Walk thru a door in COD 5 that was coded in and be back in the SH5 bunker . Just a lame example .

So theoretically you could link 2 diffrent games up together . I could be playing SH5 , walk thru a door in the bunker and be instantly playing COD 5 entering a village . Walk thru a door in COD 5 that was coded in and be back in the SH5 bunker . Just a lame example .

Theoretically yes but that would be hard because you'd have to share process memory between the two apps (games). That is beyond me currently :DL Maybe someday in the future but currently I'm not able to share memory between processes.

Yes one can change core game features to a large extent and one can add new features to the game. It's not as easy as it sounds though. Your new content would be in the dll to inject and you hook into the game to have it execute your new code. You add the hook via code in your dll.

I use Visual Studio 2008 C# or C++ to do my programming and my DLL creating. One could use Visual Basic if they wanted to. A DLL is an exe with one bit changed in the PE header to 'make' it a DLL. Any computer language can be used as long as you can compile the source code into a dll.
I'm going to make a sample dll file and include source code so that you can see what this app can do for SH5 :up:

Amazing :DL

could be possible then make a surface warships game or more complex submarines or weapons

Amazing :DL

could be possible then make a surface warships game or more complex submarines or weapons

whatever you code your dll to do and how you hook it into the game will define what changes/additions/removals are incurred in the game :yep:

:D Dam.. I could see the CWSS guys making good use of this in the SH4 Mod Workshop

:D Dam.. I could see the CWSS guys making good use of this in the SH4 Mod Workshop

have them contact me and I'll make a version of this injector for SH4 :up:

What most people don't know is that a .exe file is mapped in memory by the Windows loader when the process is started. By copying these memory blocks one can assemble their own .exe file. So after injecting your .dll you could have it save the memory regions to a file (with an appropriate PE header) thus creating a new version of the sh5.exe file (a patched version if you will with your changes). Sounds easy to do but it's rather involved (but doable).

DarkWraith,
I think Jhapprich can make good use of this for CWSS, (Cold Warriors: Steel Sharks). which is supposed to bring SH4 into the Cold War!
i posted a reply on the CWSS thread found
here:
http://www.subsim.com/radioroom/showthread.php?t=161396
i said that i would recommend this program and to ask for a 32bit version for SH4:rock::up:
ill shoot him a PM aswell.
Yamato_NF

DarkWraith,
I think Jhapprich can make good use of this for CWSS, (Cold Warriors: Steel Sharks). which is supposed to bring SH4 into the Cold War!
i posted a reply on the CWSS thread found
here:
http://www.subsim.com/radioroom/showthread.php?t=161396
i said that i would recommend this program and to ask for a 32bit version for SH4:rock::up:
ill shoot him a PM aswell.
Yamato_NF

I'll start work on making a 32bit SH4 version then :up:

32bit version released for SH5. You'll have to tell me if this works or not (on a 32bit OS) as I run Windows 7 64bit and this whole WoW (Windows on Windows) stuff screws me up big time :shifty:

You can already look at your sunk ship icons on google earth if you go on the official silent hunter 5 site . Not while playing the game though .

This is just awesome and I cannot understand why Ubi not implemented this map in the game now that we have to be online to play. I really miss something like this, it would be so cool to see your activity history on map and also see other players/captains location and recent activity.

Is no way to "suck" this data from g2w.ubi.com and make it available in the game?!

@TDW: Very interesting and promising thread.

Until now I directly injected Hex Code into sh3.exe and some .act files in order to do some realism changes and additions. See this thread for details:

http://www.subsim.com/radioroom/showthread.php?t=174225

I still stick on direct HexCode Injection because I am not very familiar to DLL based code injection.

My question to you is: Does DLL code injection also work for .act files, which are loaded into different memory locations every time a game is started because of address space layout randomization (ASLR) in newer 64 Bit systems?

By the way: In SH3, DLL code injection seems to be very easy, just place your .act file into the sh3 install directory and it will be loaded automatically by sh3.exe when it starts, regardless of it's name.

Thanks very much and good luck!
h.sie

My question to you is: Does DLL code injection also work for .act files, which are loaded into different memory locations every time a game is started because of address space layout randomization (ASLR) in newer 64 Bit systems?

By the way: In SH3, DLL code injection seems to be very easy, just place your .act file into the sh3 install directory and it will be loaded automatically by sh3.exe when it starts, regardless of it's name.

Thanks very much and good luck!
h.sie

Every Silent Hunter game will load ANY .act file it finds in it's root directory. What I'm not sure is whether those .act files have a DLLMain function in them (or something similar) and if they do whether it gets called or not by the game or the Windows loader. When the Windows loader adds a library (module) to a process it calls DLLMain on the module when it's loaded. DLLMain is used to initialize the dll (can be used to do other things also).

Your question about DLL code injection for .act files I don't understand. Maybe you're asking if DLL code injection places the loaded module at random memory locations everytime it's injected? If so, the answer is yes. The Windows loader determines where the module will be placed in memory. Now some will say well how can you inject new code if the memory address is always changing? The answer is simple. You hook into the main game code and point it to your code. You have DLLMain do the hook into the main game code (suspend the main game thread - add hook - resume main game thread).

The 32bit version of SH5 injector has a flaw in it. For those who have downloaded it please do not use! The problem with it is the incorrect RVA is given for the LoadLibrary and FreeLibrary functions in kernel32.dll.

Normally one calls the Win32 API function GetProcAddress to get the address of the function they want to call in a dll. I had problems getting that working correctly with 64bit OS so I found another way to do it. Since I know the base address of kernel32.dll I just add an offset to that base to get to the function(s) I want (I know this offset from using dumpbin on kernel32.dll). Now here's the problem: Win7 64bit uses WoW (Windows 32 on Windows 64) to enable 32bit apps to run in the 64bit environment. When in WoW mode, kernel32.dll is different from the 32bit version of kernel32.dll (there are two versions of it on 64bit). This means the offsets are also different for the functions I need :shifty: I'll be revising the 32bit version with the correct offsets here soon.

EDIT:

problem has been corrected. Now if someone can verify that the 32bit version works I would greatly appreciate it :up: I know the 64bit version works correctly as I run a 64bit OS.

All that sounds great!!!!

:up:

Please moderators, this post should be moved to "SH5 Guru Programming" subforum.

:rotfl2::rotfl2::rotfl2:

Excellent Tool for breaking OSI.exe
:03:
As I don't want to be brigged nor banned?
That's all I'll say on OSI
:haha:

EDIT:

problem has been corrected. Now if someone can verify that the 32bit version works I would greatly appreciate it :up: I know the 64bit version works correctly as I run a 64bit OS.


Keep getting an "SH5 Process not found!" error :06:
Is there an SH3 version :)

Sh5 is up and running. SH5Injector32.exe is in SH5 Directory.

Keep getting an "SH5 Process not found!" error :06:
Is there an SH3 version :)

Sh5 is up and running. SH5Injector32.exe is in SH5 Directory.

Do you have SH5 running when you try to run the app? If so, what version of the game do you have (steam, DVD, D2D,)?

I haven't made an SH3 version yet but I will.

Do you have SH5 running when you try to run the app? If so, what version of the game do you have (steam, DVD, D2D,)?

I haven't made an SH3 version yet but I will.


Yes SH5 is running and using DVD version patched to 1.2 :03: OS is Win7 32bit.

Yes SH5 is running and using DVD version patched to 1.2 :03: OS is Win7 32bit.

Did you try using the 64 bit version or 32 bit version of the app?

Did you try using the 64 bit version or 32 bit version of the app?

Using the 32bit version.

Edit just restarted the PC and now it works - strange. But it works :)

This program does not work on 32bit ... should remove the link for download :salute:

This program does not work on 32bit ... should remove the link for download :salute:

Working ok for me on 32bit, just had to restart my PC as I think something was up with SH5 itself.
Now if I only know what to do with it :)

@TDW any chance up doing up an example dll that can show the process of dll injection ;)

yap, sign on that. please share your knowledge! as i wrote in sh3 section, many people do not know, what you know. so, be kind and share your knowledge in tutorials!!! any help for further modding is much appreciated. you know that...

:yep:

@TheDarkWraith: is there a way to use this tool to "fix" the steam SH5.exe like you do with the box version?
I suppose no, as for the box version you keep change directly the exe, but i am not very aware of that :03:

This is very exciting! Hopefully this will attract more modders to the game who will finally recognize the huge potential of SH5.:yeah:

You have DLLMain do the hook into the main game code (suspend the main game thread - add hook - resume main game thread).
oooo... naughty boy :) I thought you were doing this when I saw you on the Asm websites sometime ago. I wouldn't call it DLL injection, but DLL hijack/detour.

Maybe UBI's copyright infringement never went so far into these 'dynamics', then that's their problem....and I don't think they have the expertise to cover all windows's 'gaps'.

:)

oooo... naughty boy :) I thought you were doing this when I saw you on the Asm websites sometime ago. I wouldn't call it DLL injection, but DLL hijack/detour.

Maybe UBI's copyright infringement never went so far into these 'dynamics', then that's their problem....and I don't think they have the expertise to cover all windows's 'gaps'.

:)

Windows itself is flawed. Any DLL that comes with a piece of software can be hijacked quite easily. There are mutliple ways to do it but the most common ones are:
- having the software create a memory space for you. You then dump your code you want to run into that memory pool. You suspend the app, redirect it's EIP to the start of your code, ensure your code 'calls back' to where the app originally was when it's done, delete the memory pool it created for you, and you leave no footprints behind of what happened/who was there :yep:
- This is Window's biggest flaw: just because an app needs to use 'system' DLLs doesn't mean you can't intercept them. You can do it quite easily too. Windows first looks for any DLLs the file calls for in the local folder the app was started from. So if you make a DLL that has the same name as the DLL it's looking for it will load your DLL. You in turn have to ensure your DLL maps all the functions that the app needs. Then when the app calls out for a function in the DLL control is handed over to your DLL, you decide what you want to do with it, then call the original DLL passing the same parameters it passed you. The system and the app have no idea that you hijacked a DLL of it or that you may of intercepted some data that wasn't meant to be 'seen'.

I don't care how secure you think any piece of software is, it's not if it's running on Windows. Even if you inline every function call the app is still susceptible to 'detouring'. If you try and be sneaky and create another thread that tried to monitor something like this (by using a watchdog timer or the likes) I can suspend that thread too. You can't win in Windows. If there's some data that someone wants and they have the knowledge they will get it.

There are many other ways you can exploit software. Windows just makes it very easy to do :D

You can call it DLL injection, code injection, whatever. As one does not physically modify a binary image there's no law being broken. There is also no evidence left behind saying how the code got into the app in memory. Besides the app did it for you and it did it without any complaints. What a bargain :yeah:

There are those that use these methods for malicious intents (worms, trojans, etc.). I am just naturally curious and do it just to see if I can. I especially like dumping PE headers just to see if the app in question is using any of the crypto classes. If it is well it's game on. I just gotta know what they are trying to hide. It's like a game. A game where it's hard not to always win.

Ja, I know.... :)

no need DLL inject, just rename your dll file to *.act

Sorry TDW this post is just to let you know that links in post #1 aren't working anymore...could you provide new ones?
Thanks in advance!:salute:

Sorry TDW this post is just to let you know that links in post #1 aren't working anymore...could you provide new ones?
Thanks in advance!:salute:

I don't use DLL injection in the game. I instead physically alter the game's files with the Generic Patcher that I made. Any particular reason you're interested in these :06:

I don't use DLL injection in the game. I instead physically alter the game's files with the Generic Patcher that I made. Any particular reason you're interested in these

No not particulary...it was just to let you know that the link was dead in the case someone need it.

Sorry for this necro-quote/post but i was wondering ...

I can make it work with any application. I have a version I made that allows one to inject DLLs into ANY process (plus it does a lot more than that ;)). So yes I can make it work for SH3/4


Thus all the .py files have to be compiled at game start and this takes time to do.
The Python language supports pre-compiled files but SH5 doesn't

I just saw an article about shedskin (https://code.google.com/p/shedskin/)
This tool translate pure, but implicitly statically typed Python (2.4-2.6) programs into optimized C++ ( and dll if i'm correct )

Can we use this to improve the horrendous loading time and cpu usage of SHV ?
Is such a feat possible, if so where do I begin ?