Just tell me how to do something you haven't written yet
To write the thing I haven’t written yet would involve making a kernel-mode driver, a user-mode DLL, and then organizing the stack in such a way that you can manually jump to the other process, call the function from kernel, and avoid a blue screen of death.
The reason I haven’t written it yet is simply because I have been building up other parts of the kernel-mode driver.
Luckily for you there are other ways to do it.
You can inject code and call CreateRemoteThread().
It is very complicated, as you will have to inject enough code to create a wrapper from the one parameter you can pass to CreateRemoteThread() to the 5 parameters you need to call the window procedure in the game.
However, it can be done and if you know what you are doing you can do it with the Injection Manager.
The easier way is to inject your own DLL into the process and have your DLL call it.
You would then need a good way to call your DLL function. You would probably want to go back to the CreateRemoteThread() function but call your one-parameter DLL function, which will then call the 5-parameter window procedure.
L. Spiro