> Notably a process_vm_writev syscall also exists, however it adhears to memory page protections - so if I wanted to inject data into a write-protected memory page, it’d fail.
You can work around this by convincing the process to re-mmap() the read-only section with PROT_WRITE. One way I've done this is by building a shared library with __attribute__((constructor)) that gets LD_PRELOADed into the game binary, though you have to be careful with the timing (e.g. your library may start running before the game has allocated the mapping you're looking for). That said, if you've done this, you are also free to just allocate your own memory rather than having to look for unused portions of it.
WalterBright•3h ago
"I semi-recently played through the original Deus Ex, and enjoyed my time with it so much that I felt like getting into speedrunning it, which ended up with me having to create a custom speedrun timer that “injects” itself into the game in order to implement features such as auto-splitting and load time removal.
This article details the rough journey I went through. It’s not super well structured, but I was sorely lacking resources such as this when I was implementing the more complicated parts of the timer, so I wanted to share my experience.
This is basically a detailing of “baby’s first game hack” as none of the techniques I’ve used here are advanced, and are more basic building blocks for injecting your own stuff into another process, but resources like this article were severely lacking/hard to find in my experience, so I imagine this will still be useful to someone.
If you read this entire thing then I’m afraid to say you have a fatal case of nerdism (welcome!)."