A screenshot from Ultimate Doom where a demon charges at the player, who holds a shotgun.

Humanity&#x2019;s mastery over both black magic and technology has progressed to a dangerous point, evidenced by _Doom_ modder kgsws&#x2019; mod which allows you to run _[Chocolate Doom](https://www.chocolate-doom.org/wiki/index.php/Chocolate_Doom)_, a source port of _Doom_, inside of the DOS version of _Doom_. I fear that things like this only bring us closer to producing our own Hell portals on Mars. Hackaday was the first to [cover the mod](https://hackaday.com/2022/07/12/even-doom-can-now-run-doom/).

_Doom_ has been ported to [just about everything](https://www.vice.com/en/article/qkjv9x/a-catalogue-of-all-the-devices-that-can-somehow-run-doom), from trucks, to toasters, to, yes, other modified versions of _Doom_, now, not even the original game is safe from itself. The original _Doom_ was coded by multiple people, which leads to a series of redundancies and otherwise inexplicable choices around spawning objects. There is, for example, a part of _Doom_&#x2019;s code which spawns a player. In doing so, it stores their location in an index equivalent to the number in their name minus one, so the location of player one is stored in Index 0. Player zero&#x2019;s location would be stored in Index -1, which just so happens to be used for setting the state of things in game&#x2014;this allows you to overwrite whatever is supposed to be in the game&#x2019;s memory for a given object.

I have found a code execution exploit in the original DOS Doom 2 and ported a Chocolate Doom to it. And then Chocolate Heretic.
Attention: This does only work on the original DOS Doom2 version, no GZDoom or other source ports. This is a good thing as you don't want code execution exploit on modern systems. People would abuse it to spread malicious code.
DOS version is available on Steam and you can use DosBox emulator to run it.
Copy kgdid.wad to the directory where you have doom2.exe and then in DosBox start it with command "doom2 -file kgdid.wad".
(Copy other files too if you want to try them. Game injection has to be renamed to doomsav4.dsg)


Release: https://github.com/kgsws/doom-in-doom/releases



Source code: https://github.com/kgsws/doom-in-doom

You can run Doom inside (DOS) Doom, for real.

This memory manipulation allows you to alter the state of an object, which governs things from appearance to, occasionally and inconsistently, function. States are primarily used for animating sprites, but some states have an associated action like finding and running a specific part of the game&#x2019;s code&#x2014;this includes other executables. For example, State 347 runs the code that makes a Revenant (which is just listed as &#x201c;SKEL&#x201d; in the list of sprites) scream. This happens before any other part of the state, so if you have an action that never ends, nothing else about the state actually matters. This exploit allows _Doom_ to run other executables, including other versions of _Doom_ like _Chocolate Doom_. Alternatively, it allows you to inject other pieces of code, like the ability to aim with your mouse, directly into the game.

If you would like to do so, you can get the code and instructions on [kgsws&#x2019; github](https://github.com/kgsws/doom-in-doom/releases).

You Can Now Run Doom Inside of Doom

ONE EMAIL. ONE STORY. EVERY WEEK. SIGN UP FOR THE VICE NEWSLETTER.