How would you inject code into WE?

[Imp Midna]

Well, i recently stumbled across this incredibly awesome library with which i can just take my cheat engine script and pass it to that library to use it within a custom c++ program. F**** year.
So i thought i might just test it by turning my copy-slot hack (hack that allows you to copy multiple objects at once in the object editor) into a fancy executable. Well, and here is the problem I'm suddenly facing: how would i inject the code?
I personally see the following possibilities:
- hardpatching the exe, which is not actually a possibility, as the library doesn't support that, and that library is the only reason i want to write an exe at all
- Manually choosing the world editor from a list of processes, which would not deliver any additional comfort besides a fancy GUI
- Automatically searching for the world editor
-> by window name, which might change for different languages
-> by class name, which is called "Warcraft III"; make an educated guess what other window(s) might use that class name
- opening the world editor in my program and then injecting. That would have the awesome side effect that i would just click on the executable and it would open the world editor with additional features, like a patch, while still allowing me to open the original one. One the other hand, if i ever decide to translate other hacks (like my currently paused only-save-new-files-hack) into exes, they would collide and i could only use one of them at a time.

Any possibilities i missed? what would you do? i really dont have a clue right now

 

[PurgeandFire]

I've been interested in this myself. I can't give a good answer since I haven't found out yet. However, I'll at least advise you to look into the source code for TESH:
http://www.hiveworkshop.com/forums/warcraft-editing-tools-277/tesh-source-211434/

It hooks on to the trigger editor to enable syntax highlighting for JASS, so I assume that you might be looking for a similar method (except for the object editor). It is written in delphi, but should be readable.

Sorry for this crappy answer, I'll try to look into it a bit more. But for now, it'll at least give you a place to look.

EDIT: You'll want to look into Risc's colorizer as well. It hooks on to the object editor based off of the window's actual title. Look at:
http://www.wc3c.net/showthread.php?t=100850

See if it has anything of use to you.

 

[TheJH]

There is no kill like overkill, so why not, for every active process, look up the associated executable and scan the executable for some unique Warcraft strings?

 

[Imp Midna]

Thank you for the answers so far.
@Purge
I can not actually seem to find the source code of Risk's colorizer. The Link in your answer lets me download a set of dll's and a little example script (the one that is in the thread as well) doesn't seem to show the actual injection, but rather a set of callback functions.
As for the TESH, i never ever learned or wrote any kind of delphi (and tbh, it's not the most beautiful language imao), so it might be because i simply failed miserably, but in the source code, i can not find the position where he injects the code. The Only calls to OpenProcess are done in TLibaryInject.Add / Remove, but they don't seem to be called anywhere in the source (at least the search function told me so).
What i asume is that both the programs you linked are actually integrated into JNGP. I never had JNGP installed, but i know from pictures i've seen that it has a little dropdown list where you can activate and deactivate tools. Activating them probably makes JNGP calling some function and passing the PID over to it or something like this, removing the need to manually finding the editor (which is my main concern atm). At least it would explain the lack of any process listing syscalls in the TESH code.

@thejh:
hm. Seems like pretty hard overkill indeed. I probably could look for unique sounding function names or object names (e.g. .?AVCMapSizePane@@, which sounds pretty unique); but, in average we would have like 50 processes or more running, checking all those executable (providing they have one) would probably take some time. And with some time, i mean pretty much time (and resources oc). But, well, it seems like the safest possibility at the moment

 

[looking_for_help]

@thejh:
hm. Seems like pretty hard overkill indeed. I probably could look for unique sounding function names or object names (e.g. .?AVCMapSizePane@@, which sounds pretty unique); but, in average we would have like 50 processes or more running, checking all those executable (providing they have one) would probably take some time. And with some time, i mean pretty much time (and resources oc). But, well, it seems like the safest possibility at the moment

Try something like this:

internal Process GetWorldEditorProcess()
            {
                foreach (Process process in Process.GetProcesses())
                {
                    if (process.ProcessName.Equals("worldedit121"))
                    {
                        this.weProcess = process;
                        this.wndHandle = process.MainWindowHandle;
                        return this.weProcess;
                    }
                }
                return null;
            }

The process name is always the same, no matter which language. Once you have it you can loop through your wndHandle Childwindows. For me one function call like this takes less than one ms. So, as you only have to do that one time (on startup), it should be totaly fine in terms of performance.

lfh

 

[Dr Super Good]

I think the best would be to make your own editor as World Edit is frankly quite... rubbish...

How JNGP does it I think is by getting a process to start the World Edit process and then, as it knows the process started as well as having permission since it started the process, injecting the program code into it.

The main problem is lack of cross platform support and maintainability. If Blizzard releases any patches in the future (eg for a new OS or as part of a revive or port) then the injector breaks the process/fails due to the changed program structure. You also need separate patches for the Windows and Mac versions of the game. It might not work well in Windows emulators such as on Man and Linux.

 

[Imp Midna]

On The other hand, you would need a decent bunch of good programmers in order to even complete that editor before the release of wc4 (and i certainly aint one of that level)

I guess maintainability is not the biggest problem. I mean, i personally don't believe that blizzard is ever gonna shift another update to warcraft 3 at all. And even if, most of the hacks i've seen yet rely on replacing / rerouting windows library functions (such as peek message) to get their work done, so you only would need to update the ways to get the appropriate window handles, which wouldn't change all to much unless they decide to totally redo the world editors interface, which they didn't do since tft. (I actually had hard times finding most window handles in memory either; e.g, the popup window handles are stored as part of a class which is optained with a GetProp call with the window handle you clicked on as a parameter, which again comes from the WndProc; if they ever changed the locations of some variables, you wouldn't even notice, as its way easier to search for them with some calls to EnumChildWindows etc). Thing is, i just don't belive they would ever release an update large enough to break a hack in a way that not anybody with assembly and winapi knowledge could fix it in a week or so.

And cross platform compatibility is a fun thing. I mean, not even blizzard managed to do that for warcraft 3 (e.g the BLP stuff, and you often hear about "this native does xyz on mac computers"). It's just really hard to have a single program that is both efficient and cross platform compatible. And tbh, i would have to constantly barf on my keyboard if i had to write a new world editor using QT or Java. (And i would have to learn Open Gl; and i would really prefer learning Direct X over that one.)

Enough rant about blizzard and cross platform stuff though. What i currently have in mind to do:
-Enumerate through all the processes currently running, and getting the path to their executable
-Looking if they contain Game.dll and Storm.dll, because the we needs them
-If so, looking if i can find certain strings in that exe (Overkill ftw)
-If so, adding it to the list of potential world editors
-If it only contains one entry in the end, i choose it
(Probably with a command line switch to directly open it so you don't need to get Debug Privileges, as it is always something nasty to do)

*runs around crazily and delivers reps*
edit: *gets slapped right in the face as i still can not rep Dr Super Good and Purge (who i owe 3 reps now )