- Make a DLL called "injected.dll". It doesn't need any exported functions, just DllMain.
- Then use this trek.exe patch:
Code: Select all
NAME: DLL Injection
DESC: Injects a DLL named "injected.dll".
AUTHOR: QuasarDonkey
# DLL name (injected.dll)
>> 0x173ed0 43 61 6e 6e 6f 74 20 66 69 6e 64 20 74
<< 0x173ed0 69 6e 6a 65 63 74 65 64 2e 64 6c 6c 00
# Overwrite CD check code with code to load DLL.
>> 0x0480 53 51 52 56 57 55 81 EC 00 06 00 00 68
<< 0x0480 68 D0 60 57 00 E8 4C 21 17 00 33 C0 C3
# Make sure No-CD patch doesn't disable this DLL code:
>> 0x1362 E8 19 F1 FF FF
<< 0x1362 E8 19 F1 FF FF
The only caveat is that you can't overwrite some code in trek.exe's WinMain function, since that's where we load the DLL from (Main_CheckCD actually).
Here's how the patch works in case you're wondering:
First overwrite the NoCD string (5760D0 / 0x173ed0) with the DLL name: "injected.dll\0". The CD-checking code is overwritten with this:
Code: Select all
00401080 68 D0605700 PUSH trek.005760D0 ; "injected.dll"
00401085 E8 4C211700 CALL <JMP.&KERNEL32.LoadLibraryA>
0040108A 33C0 XOR EAX,EAX
0040108C C3 RETN