-
Notifications
You must be signed in to change notification settings - Fork 4
Technical Details
The loader IEex.exe will inject the IEex.dll into the Infinity Engine (IE) game.
The IEex.dll loads the lua52.dll and fetches the addresses of specific Lua functions. The IEexLuaInit function located within IEex.dll is called which initializes a new Lua state, registers some internal Lua functions and loads an M__IEex.lua file found in the override folder and executes it.
The IEexLuaInit function registers the Lua IEex_Init function with the Lua state and sets it to globally visible.
The Lua IEexInit function in turn registers and sets global visibility to other Lua functions defined in IEex.dll. These Lua functions are then available for usage from within IEex Lua files and game script files. The M__IEex.lua file initially calls the Lua IEexInit function.
- Check game executable exists
- Verify game executable
- Check other files exists
- Launch game executable
- Inject IEex.dll
IEex.exe is the loader. It loads the game executable and injects the IEex.dll. It can be ran from a command console or by double clicking on the IEex.exe file.
IEex.exe checks if a known Infinity Engine (IE) game executable can be located in the current directory. It looks for one of the following: BGMain.exe, IDMain.exe, IWD2.exe or Torment.exe. If none are found a message is displayed to the user and the program exits.
Once the IE game executable is located, it's Product Version is compared to determine if it is the latest known version. If it is not a message is displayed to the user and the program exits. The Product Version can be viewed by right clicking on the IE game executable, selecting properties and the details tab.
Additional checks are done to verify if IEex.dll and M__IEex.lua files exists. If any are not found a message is displayed to the user and the program exits.
The IE game executable that was previously found, is launched using the CreateProcess, but with the dwCreationFlags parameter set to CREATE_SUSPENDED.
CREATE_SUSPENDED- The primary thread of the new process is created in a suspended state, and does not run until the ResumeThread function is called.
By creating the IE game process in a suspended state we easily obtain the process handle for the IE game process and prevent it from running until we are finished with it.
A small size of memory is allocated inside the suspended IE game process using VirtualAllocEx - exactly enough is allocated for the length of the full path and filename to the IEex.dll file. The address of this allocated memory is stored for later use. The full path and filename is written into the IE game process memory (at the location allocated) using WriteProcessMemory. For example: C:\Black Isle\BGII\IEex.dll
The address of the LoadLibraryA function is obtained and stored for later use.
A new remote thread is created to run inside the IE game process using CreateRemoteThread with the lpStartAddress parameter being set to the address of the LoadLibraryA function and the lpParameter parameter being set to the address of the full path and filename to the IEex.dll file (which was allocated and written to the IE game process earlier).
When the remote thread is executed in the IE game process it will allow for the LoadLibraryA function to be called with it's parameter being the address of the full path and filename to the IEex.dll file. This will then load the IEex.dll into the IE game process.
ResumeThread is then called to continue the IE game process that was suspended earlier (via CreateProcess with dwCreationFlags set to CREATE_SUSPENDED)
The IE game continues as normal, calling the DllMain in IEex.dll via the LoadLibraryA call created by the CreateRemoteThread
Execution begins once the IE game process calls DllMain in IEex.dll.
Options are read from the IEex.ini. If no IEex.ini file exists a new one is created with default values for the options it contains. The IE game type is detected and the addresses of some exported functions in the IE game are obtained and stored for later. Basic game information is logged to the IEex.log file.
Some detailed information about the IE game executable is collected and logged (for debugging purposes). Information is also collected relating to the address of and size of the .TEXT section in the IE game.
IEexLuaInit is a cdecl function that is stored in the IEex.dll and is executed next from within IEex.dll
IEexLuaInit uses the imported lua52.dll and its functions to create a new Lua state and saves this to a g_lua global variable for use in all the other Lua functions. It also opens all the base Lua libraries and registers a custom Lua "print" function l_log_print along with a Lua function: IEex_Init, which are located in IEex.dll.
The "print" function that is registered allows IEex to log output to the console and to the IEex.log file.
The M__IEex.lua file is then loaded by the luaL_loadfilex function and is executed with a call to the lua_pcallk function. These functions are imported functions found in the lua52.dll file).
When the IE game's Lua state encounters an IEex_Init function in the M__IEex.lua file as it is being executed, it will call the IEex_Init Lua function - which was previously registered and is located in the IEex.dll
IEex_Init is a cdecl function that registers additional Lua helper cdecl functions for the IEex project: IEexExposeToLua, IEexWriteByte, IEexCall and IEex_AddressList. In addition IEex_Init also allocates an additional block of memory via VirtualAlloc and returns the address pointing to this block of memory on the Lua stack. This memory is used by the IEex project for various means.