Page 1 of 1

How to force non-windowed games into Windowed mode

Posted: Mon Mar 16, 2020 6:57 pm
by Paul44
I have been using - pretty successfully - [DxWnd] so far, to get the job done. Recently, I had to move to Win10 (unfortunately), and currently [DxWnd] no longer gets the job done for AC Black Flag (and probably other games as well). I'm sure I'll get it running eventually...

In the mean time, a quick google brought me here: 'How to run Assassin's Creed IV: Black Flag in Windowed Mode youtube'. [Nirsoft's WinExp](lorer) also seems do this job well (be it far less limited in options)...

ps: I recall #Sunbeam posting an article on the subject for AC 4 specifically; but couldn't find the post anymore. #mgr.inz.Player made/posted a small hack (based on that article) @CE, but his hack_tool did not work for me either...

ps2: if you know of other similar tools, feel free to post them here. Preferably verify that these do work on Win 10 (per definition now the "standard" OS... ahum by choice)

-EDIT-
An important detail I forgot to mention: you must first change/decrease your game's resolution in respect to your current/max window resolution (or "nothing seems to happen")

Re: How to force non-windowed games into Windowed mode

Posted: Mon Mar 16, 2020 7:32 pm
by fantomas
Paul44 wrote:
Mon Mar 16, 2020 6:57 pm
ps: I recall #Sunbeam posting an article on the subject for AC 4 specifically; but couldn't find the post anymore.
viewtopic.php?t=686

Re: How to force non-windowed games into Windowed mode

Posted: Tue Mar 17, 2020 12:18 pm
by SunBeam
Generally speaking, you'll have to learn a bit more WinAPI to understand the whole concept behind windowed mode. First-up, as with any software, you want to catch where the software creates its main window. Games too are software, so there will be a call to CreateWindowExA/W before you even get to see the main window. After it's created, it's initialized and then using ShowWindow you get to actually see the frame of it. Past this, you want to intercept the DX init call. In most games using d3d9.dll, Direct3D is invoked via the Direct3DCreate9() API. The return value is a pointer to a Direct3D interface, IDirect3D9. From that you want to get to CreateDevice() API and fiddle with the D3DPRESENT_PARAMETERS. That structure contains the bWindowed BOOL that can be set from 0x0 to 0x1 to start in windowed mode. You can do this via x64dbg or CE, for that matter, without DxWnd.

Here's a quick PDF to get you through it all: https://download846.mediafire.com/n5zif ... lonial.pdf

If I remember correctly, I used it in figuring out the Black Flag windowed mode (and all other old ACs'). The same applies to any DX10, DX11 or DX12 games that don't feature a "windowed" option (either setting in-game -OR- Alt+Enter or whatnot).

BR,
Sun

P.S.: Think I have the CrackeMe as well; here's the link: http://www.woodmann.com/forum/showthrea ... tX-crackme. CrackMe itself is on page 2 here.

Direct3D intercept...

Posted: Wed Mar 18, 2020 8:19 am
by Paul44
Just to be clear gents, I only needed it to allow me to debug AC 4 (or similar games); not because I wanted to know how to hack such feature. In the mean time, I've placed a request @DxWnd: time permitting, some suggestion/update might come along...

@fantomas: while it is for Rogue, it is (probably) helpful. (sorry, can not really spare the time atm to figure this all out)
@Sunbeam: I should NOT ask this question (since I really can not follow this up), but logically that would/could mean that this call can also me made from - let's say - the main game menu (rather then hacking the exe directly)? Again: it's an open Q, and this kind of stuff honestly does not lay within my 'boundaries of interest' :oops:
ps: did download pdf/crackme, and will give it a go one of these weekends... (and thx for feedback ofc)

Re: How to force non-windowed games into Windowed mode

Posted: Sat Mar 21, 2020 6:02 pm
by SunBeam
^ Regardless of the game, the method is UNIVERSAL. That's how DX games are conceived, that's the loading logic and order. That's how you should debug the game and that's how you should find the D3DPRESENT_PARAMETERS structure. Once found, it's a matter of taste how you patch the executable. And no, you can't do it AFTER the game has loaded, as changing the flag won't reset the device. It always has to be done between creation of game's window (CreateWindowExA/W) and ShowWindow. Why.. because the D3D initialization happens in-between. By the time ShowWindow API is called (you can easily get what this does), the D3D device should already be initialized and mode already established (full-screen, windowed, etc.).

Re: How to force non-windowed games into Windowed mode

Posted: Sun Apr 05, 2020 2:41 pm
by Paul44
I had this on my todo list, and did some experimenting with it... on AC BF. Tried the AC3 walkthrough (see below), which partly helped.
Bottomline: at some point, simply tried to update that mem_location manually... and this worked fine (?!) using CE

Script:
*********************************************************
[ENABLE]
{$lua}
local bytes = "F7 DE 1B F6 33 C0"
local memScanner = createMemScan()
memScanner.setOnlyOneResult(true)
memScanner.firstScan(
soExactValue,vtByteArray,rtRounded,bytes,nil,
0,0xFFFFFFFF,flag,fsmNotAligned,"",true,false,false,false)
memScanner.waitTillDone()
addrD3D = memScanner.getOnlyResult()-0x7+0x3
local bWindowed = readInteger(addrD3D)
-- 0 = windowed ~ 1 = fullscreen
writeBytes(readInteger(addrD3D),0)
memScanner.destroy()

--print(string.format("%x",bWindowed))

[DISABLE]
{$lua}
writeBytes(readInteger(addrD3D),1)
*********************************************************

Some observations:
a) the fact that this 'window' sticks in the left_top corner, is probably because the 'window_rectangle' is still set to "fullscreen". Iow if one could also pass on/update 'win_settings', one could probably get a "manageable" window
(GetSystemMetrics and/or AdjustWindowRect ?)
b) I was kinda hoping that this "trick" would also apply to AC 3 (and other x32 games): unfortunately, it does not... exact same code, but the game seems to hang/halted when changing the value to 0; setting it back to 1 gets it "unlocked" again...
c) also tried this with AC 1 Deluxe; code completely different. seems to be more similar to x64 code (had a look at AC Unity before that)


ps: I also came across #Sunbeam's doc about how to do this with AC 3. Unfortunately, to proceed one has to add a 'EB FE' (~ apparently a shortjump on itself) at the entry point (EP); an instruction I could not perform since no idea where/how to locate that EP...

ps2: I have added this option to my AC4 table, but will not yet upload it (unless requested)

ps3: all these games can easily be windowed with 'WinExpl'; no problems there (as long as you choose smaller res)

ps4: did research using [x32Dbg~x64Dbg]