Archie-osu
commented
2 years ago After I conducted some research, I found a library that can create a process with the DLL preloaded. To do this, the library does this:
- Starts the process with CREATE_SUSPENDED (which we do)
- Modify PE import table to include our DLL as the 1st one
- Resumes the process
This probably isn't possible considering the launcher's written in C#, so I'll start considering a potential rewrite into C++.
Early Launch refers to injecting into the game before the runner even starts execution inside
WinMain, which allows for hooking insanely early. This gives YYTK an edge on RNG initialization, which is currently impossible to manipulate.There are several issues with this currently. First is that not even Process Hacker launched with admin rights can inject - we'd need to investigate why.
The second is an even bigger problem - YYToolkit would crash due to calling game functions before the hooks are even set-up, so we'd need some Pre-Init state, in which the tool waits before the runner initializes.