SC4 DLLs: Next Generation Modding?

[simmaster07]

Last Updated: 9/6/10 @ 7:21 PM [UTC - 4]

Definitions
DLL - Dynamic Linked Library: A Windows-specific file that holds functions for use in other programs
DRiLL - Dynamic Runtime Linked Library: A DLL that performs an action and unloads before SimCity launches
DiStiLL - Dynamic Sticky Linked Library: A DLL that stays in memory as SC4 runs; a core functionality mod
C++ - A programming language
SDK - Software Development Kit
Process - Main application

So over the past two weeks or so, blue lightning, meister1235 and I have been analyzing memory and other game files, as well as older threads, to try to find more information on how SC4 works. After digging up several threads on how the game loads DLLs, we've created a DLL that the game loads and unloads successfully.

As the game loads plugins, it also checks for DLLs in the root directory (meaning no subfolders) of the Plugins folder. If it finds one, it checks to see if it has an entry point (DllMain), attaches the process to the DLL, and checks if it follows a certain architecture (for which we'd need an SDK: see below). If it does, it stays loaded in game. Otherwise, it's unloaded. Because we don't know what the architecture is, these DLLs can't do anything lasting.

The Extra Cheats DLL requires C++ headers in some type of SimCity SDK. These headers load libraries and define game-specific "types" (like "bool variable" means "variable" is either true or false - bool is the type). I talked to a customer support representative who said he would forward the idea of releasing the SDK to the Maxis/EA developers. We'll just have to wait and see.

The full source can be found in our ST thread, zipped up. The DLL is also attached to the ST thread. SC4 DLL (Beep) makes a high-pitched beep when loaded, and a low-pitched beep when unloaded. The other DLL opens Explorer when attached, and Task Manager when detached. All DLLs are loaded before the game starts, and the game waits for them to unload before continuing. This makes it possible to perform pre-game operations like switching plugins or, as blue lightning stated, real-time NAM controller compiling.

Because SC4 is written in unmanaged code (nothing too Microsoft-specific), the DLLs have to be unmanaged as well. Therefore, no DLL imports right now. The compiler also cannot optimize the DLL for speed because it's unmanaged.

So here's the code (provided under Creative Commons BY-NC 3.0).
stdafx.h

Code Select Expand


// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently,
// but are changed infrequently

#pragma once


SC4 DLL.h

Code Select Expand


// SC4 DLL.h
#define _WIN32_DCOM
#include <windows.h>
#include <comdef.h>
#include <iostream>
#include <stdio.h>
#include <stdlib.h>


SC4 DLL.cpp (main code)

Code Select Expand


// This is the main DLL file.
#include "stdafx.h"
#include "SC4 DLL.h"

// Define our class and functions
class cSC4DLLHandler;
static bool PreAppInit();
static bool OnStop();

class cSC4DLLHandler
{
public: // This is all accessible from outside the class's scope
static bool PreAppInit()
{
Beep(700, 350); // Beep at 700Hz for 350ms
return true;
}

static bool OnStop()
{
Beep(450, 350); // Beep at 450Hz for 350ms
return true;
}
};

BOOL APIENTRY DllMain( HANDLE hModule, // Application calling the DLL
                       DWORD  ul_reason_for_call, // Why it's calling the DLL
                       LPVOID lpReserved) // Don't know but it looks important
{
    switch (ul_reason_for_call)
    {
        case DLL_PROCESS_ATTACH: // When the process attaches...
cSC4DLLHandler::PreAppInit(); // Call this function
break;
        case DLL_PROCESS_DETACH: // When detached...
cSC4DLLHandler::OnStop(); // Call this function
break;
    }
    return TRUE;
}


Compiler Flags

Code Select Expand


/Z7 /nologo /W3 /WX- /Od /Ot /Oy- /D "WIN32" /D "_DEBUG" /D "_WINDLL" /D "_UNICODE" /D "UNICODE" /Gm /EHsc /RTC1 /GS /fp:precise /Zc:wchar_t /Zc:forScope /Yu"StdAfx.h" /Fp"Debug\SC4 DLL.pch" /Fa"Debug\" /Fo"Debug\" /Fd"Debug\vc100.pdb" /Gd /analyze- /errorReport:queue


Advantages

• Further modification of SimCity
• Completely legal as with all mods
• Can override functions (with SDK)
• Pre-runtime functions

Disadvantages

• Mac users can't use DLLs
• We don't have the SDK (or at least, not yet)

The DLL may require the Visual C++ 2010 Redistributable.
- 32-bit systems
- 64-bit systems



On a semi-related note, meister1235 extracted a list of strings, functions, and classes from memory.

• With extra cheats
• Without extra cheats
• Extracted classes and functions
• Sorted functions

blue lightning has also documented the GZWin* functions here, and various debug/cheat codes here. It's implied that Buggi's extra cheats DLL is needed.



References

• (ST) New Discoveries - Great Potential by builderman. His DLL was lost after the IdealBB -> FuseTalk conversion and hack attack.
• (SC4D) Extra Cheats DLL source code by Buggi

[wouanagaine]

Great

Why however do you say the compiler can't optimize for speed ?
I see you used /Od which disable optimizations, and some other flags looks like you're building the dll in Debug mod
Do you see any problem with a "release" compiled dll ?

As for the exported function that SC4 looks for, it is GZDllGetGZCOMDirector but I have only the name, not the signature, I hope EA/Maxis will give us some headers/cpp files

[simmaster07]

Great

Why however do you say the compiler can't optimize for speed ?
I see you used /Od which disable optimizations, and some other flags looks like you're building the dll in Debug mod
Do you see any problem with a "release" compiled dll ?

As for the exported function that SC4 looks for, it is GZDllGetGZCOMDirector but I have only the name, not the signature, I hope EA/Maxis will give us some headers/cpp files

Well, since SC4 is written in unmanaged code, I had to disable the Common Language Runtime (/clr). The compiler was throwing an error that I couldn't optimize the code without CLR being on, and with CLR on, the DLL does not work.

I only just realized I've been using the Active (Debug) configuration instead of Release. Though even when I change the configuration, it builds with Active (Debug). It's late here, so I'll fix it later.

And hopefully they do release (at least parts of) their SDK, because I can't figure out the signature for GZDllGetGZCOMDirector().

[cogeo]

And of course, the BIG question is what you can change through these DLLs, ie what is accessible and changeable.

[Blue Lightning]

That question's answer depends... I've read in posts by GoaSkin that SC4 has a list of 7 or so functions that it will allow to be replaced. But that's contradicted by Maxis stating that DLLs are loaded like plugins. So we really don't know until we figure out that architecture (which requires the SDK).

Oh, and you can blame me for the acronyms Yay for NAM Team and it's members' innate ability to come up with one for everything

[wouanagaine]

Goaskin used the mac version, which seems to have the debug symbols still embedded in the final product

Given what Buggy extra cheat dll can do, I hope we can access some nice stuff

[Jonathan]

Please don't let this thread die out?
Having never tryed C++, I used Vince's DLL template to make a message box popup and ask if I want to use Diagonal Bridges and then depending on the answer switch in or out the relevant plugins, however it doesn't timeout after a few seconds so if you don't click yes or no it just stays there, and it only works for people called Jonathan as I don't know how to get the User's documents folder So even without the SDK this is pretty incredible. My point being that if I can do that then what can you guys do?

[cogeo]

Making a dialog box go away after some timeout elapses, or getting the user's folder, or reading a registry entry is absolutely possible (there are windows functions that do all these). The point is what these can be useful for.

[Jonathan]

Well i'm sure the timeout is possible just I don't know much about c++ at all.  Vince at ST said he could make a dll which got different text files from different NAM projects which contain rules relevant to the project and create a dat , removing the need for the tight controll over the NAM Controller. DLls could check if plugins have been updated on the Lex and tell the user, or create a launcher (like many games have)that gives latest news from the communty and other things a launcher does. 

[Blue Lightning]

Well, I said that one could make one (I for one am not that good yet ) to do so.

Though I do like the idea of a launcher, though it wouldn't be able to be completely based in the DLL. What could be done is for the DLL to launch the launcher (so now SC4 has 3 launchers: Launch the game which launches the DLL which launches the launcher...). The DLL would then wait for the launcher to finish (which is easy to do, since it happens by default) and then allow the game to load as normal.

[Lowkee33]

Seems like a neat thing going on here.  It would be cool to change graphic settings pre-game launch.  Just trying to think of helpful things without the SDK. 

[simmaster07]

On the subject of useful things that can be made with pre-launch DLLs...

[JoeST]

EPIC you guys, just EPIC.

on the subject of Mac, how does it do the libraries? .so? if so, does windows also load .so's? cause I know Apache for windows can do both .so and .dll's.

AWESOME

Joe

[legoman786]

this has been off the grid for a while now...

Has anybody made new progress?

[Tarkus]

To my knowledge, no, not at least since the developments in The BLSMM Thread circa last October.

-Alex