-
Member
Originally Posted by
Kladdkakan
Feel free to share anything you find with the rest of the community, as I doubt Blizzard will care about improving their tech alpha demos security at this point.
Its not only this game, same protection in scr, w3r, overwatch, wow, d3..
-
★ Elder ★
Originally Posted by
ZLOFENIX
Its not only this game, same protection in scr, w3r, overwatch, wow, d3..
almost the same but not exactly!
-
★ Elder ★
Just to clarify some stuff: It is NOT my problem if you are not able to apply these patches or others yourself. You won't get any help from me for that, there are other resources related to OW/Wow/... that help you to do that. Insulting me on discord or writing random stupid stuff just because you want the whole arm after getting the hand from me won't help you either.
-
Originally Posted by
Xcesiuss
Can confirm that crc32 bypass works for diablo, seems to be missing a few new offsets for it to work though.
crcCaveRegInstructOffsets
That crcCaveRegInstructOffsets offset is unrelated to the game lol.
I will not help you guys patch your Diablo clients, but let me at least explain how my crc32 patcher works.
The crcCaveRegInstructOffsets is used in the crcCave buffer as seen below:
Which, results in the following disassembly:
The above code cave is responsible for swapping the wow.exe address with that of a fake_wow.exe address, the fake_wow.exe acts as a copy of the original (unmodified) executable.
The trick here is that the crc32 hook will check which address the crc32 is scanning and the redirect scans from wow.exe to wow.exe+(.text size) to fake_wow.exe to fake_wow.exe+(.text size).
Finally, this will result in a valid crc32 check because the fake_wow.exe module was used instead of the (possible modified/patches) wow.exe module.
Pro Tip (for the skids): if you fail to find those patch locations using Cheat Engine, go setting->Scan Settings and check the 'MEM_MAPPED' checkbox because the game is remapped and CE won't scan those sections by default.
Any fool can write code that a computer can understand. good programmers write code that humans can understand.
-
Post Thanks / Like - 4 Thanks
-
Member
Originally Posted by
ferib
That crcCaveRegInstructOffsets offset is unrelated to the game lol.
I will not help you guys patch your Diablo clients, but let me at least explain how my crc32 patcher works.
The crcCaveRegInstructOffsets is used in the crcCave buffer as seen below:
Which, results in the following disassembly:
The above code cave is responsible for swapping the wow.exe address with that of a fake_wow.exe address, the fake_wow.exe acts as a copy of the original (unmodified) executable.
The trick here is that the crc32 hook will check which address the crc32 is scanning and the redirect scans from
wow.exe to wow.exe+(.text size) to
fake_wow.exe to fake_wow.exe+(.text size).
Finally, this will result in a valid crc32 check because the fake_wow.exe module was used instead of the (possible modified/patches) wow.exe module.
Pro Tip (for the skids): if you fail to find those patch locations using Cheat Engine, go setting->Scan Settings and check the 'MEM_MAPPED' checkbox because the game is remapped and CE won't scan those sections by default.
Maybe y can help patch D2R client for money? Just say your price. Because i give up
-
Member
Thanks for explaining (again) and for your initial blogpost and sharing your method!
I have my loader cleanly remap D2R (no crashes without applying patches) but as soon as I use my C++ port of your method the game will crash after random 10-60 seconds. I suppose that the crc bypasses are not working correctly for me.
So would you assume that to be a bug in my C++ port of your code or are there things on D2R where your method needs to be adjusted for a new game?
Thanks
-
Member
Thanks @ferib.
Your solution enables memory write access (and seems to be bypassing CRCs based on the output) but unfortunately the game process crashes straight away on 'NtResumeProcess(hProcess);'. I can see memory changes to write while the process is still suspended and I see the offsets @king48488 mentioned. Changing them doesn't change the outcome though and the process still crashes immediately on NtResumeProcess.
Edit: I forgot to add that even with CRC check section commented out it still crashes on Resume. It doesn't seem to like NtUnmapViewOfSection/ NtMapViewOfSection.
Last edited by ex0d; 04-12-2021 at 10:54 AM.
-
anybody be so kind to tell me where to get d2r alpha client files?
pm appreciated if you dont wanna talk about this in a pub post
-
Member
Thank your for the help @king48488 and @ferib.
-
Member
Originally Posted by
R3peat
anybody be so kind to tell me where to get d2r alpha client files?
pm appreciated if you dont wanna talk about this in a pub post
Release v1.3 . barncastle/Battle.Net-Installer . GitHub
BNetInstaller.exe --prod osib --lang enus --dir "C:\D2R"
-
Member
Originally Posted by
R3peat
anybody be so kind to tell me where to get d2r alpha client files?
pm appreciated if you dont wanna talk about this in a pub post
You can use this: GitHub - barncastle/Battle.Net-Installer: A command line tool for installing Blizzard games through Battle.Net.
.\BNetInstaller.exe --prod osib --uid osi_beta --lang enus --dir "D:\Games\D2R"
Edit: oops, before I wrote it 0x7C posted his reply already
-
ok thx
-
Member
Originally Posted by
dclone
Thanks for explaining (again) and for your initial blogpost and sharing your method!
I have my loader cleanly remap D2R (no crashes without applying patches) but as soon as I use my C++ port of your method the game will crash after random 10-60 seconds. I suppose that the crc bypasses are not working correctly for me.
So would you assume that to be a bug in my C++ port of your code or are there things on D2R where your method needs to be adjusted for a new game?
Thanks
Turns out my remapping still is detected somehow - after a random amount of time in the multiple minutes the game crashes even without applying any patches whatsoever.
-
Member
I've been trying all day to figure out how to bypass the CRC checks. No luck so far.
I tried interpreting ferib's guide and, while I more or less get what's going on, I can't make it work.
The patching on memory part is easy, what's hard is bypassing the CRC check.
I'll report back if I make any progress. x_x
-
Member
Originally Posted by
ZeltMarv
I've been trying all day to figure out how to bypass the CRC checks. No luck so far.
I tried interpreting ferib's guide and, while I more or less get what's going on, I can't make it work.
The patching on memory part is easy, what's hard is bypassing the CRC check.
I'll report back if I make any progress. x_x
Are you sure that you don't have crashes with remapping only? I thought so too but it crashes after a random time of several minutes.