Some basic offsets to let you play offline

**ZLOFENIX** · 04-10-2021

Originally Posted by Kladdkakan

Feel free to share anything you find with the rest of the community, as I doubt Blizzard will care about improving their tech alpha demos security at this point.

Its not only this game, same protection in scr, w3r, overwatch, wow, d3..

**doityourself** · 04-10-2021

Originally Posted by ZLOFENIX

Its not only this game, same protection in scr, w3r, overwatch, wow, d3..

almost the same but not exactly!

**doityourself** · 04-12-2021

Just to clarify some stuff: It is NOT my problem if you are not able to apply these patches or others yourself. You won't get any help from me for that, there are other resources related to OW/Wow/... that help you to do that. Insulting me on discord or writing random stupid stuff just because you want the whole arm after getting the hand from me won't help you either.

**MrNoble** · 04-12-2021

Originally Posted by Xcesiuss

Can confirm that crc32 bypass works for diablo, seems to be missing a few new offsets for it to work though.

crcCaveRegInstructOffsets

That crcCaveRegInstructOffsets offset is unrelated to the game lol.

I will not help you guys patch your Diablo clients, but let me at least explain how my crc32 patcher works.
The crcCaveRegInstructOffsets is used in the crcCave buffer as seen below:

Which, results in the following disassembly:

The above code cave is responsible for swapping the wow.exe address with that of a fake_wow.exe address, the fake_wow.exe acts as a copy of the original (unmodified) executable.
The trick here is that the crc32 hook will check which address the crc32 is scanning and the redirect scans from wow.exe to wow.exe+(.text size) to fake_wow.exe to fake_wow.exe+(.text size).
Finally, this will result in a valid crc32 check because the fake_wow.exe module was used instead of the (possible modified/patches) wow.exe module.

Pro Tip (for the skids): if you fail to find those patch locations using Cheat Engine, go setting->Scan Settings and check the 'MEM_MAPPED' checkbox because the game is remapped and CE won't scan those sections by default.

**shelloux** · 04-12-2021

Originally Posted by ferib

That crcCaveRegInstructOffsets offset is unrelated to the game lol.

I will not help you guys patch your Diablo clients, but let me at least explain how my crc32 patcher works.
The crcCaveRegInstructOffsets is used in the crcCave buffer as seen below:

Which, results in the following disassembly:

The above code cave is responsible for swapping the wow.exe address with that of a fake_wow.exe address, the fake_wow.exe acts as a copy of the original (unmodified) executable.
The trick here is that the crc32 hook will check which address the crc32 is scanning and the redirect scans from wow.exe to wow.exe+(.text size) to fake_wow.exe to fake_wow.exe+(.text size).
Finally, this will result in a valid crc32 check because the fake_wow.exe module was used instead of the (possible modified/patches) wow.exe module.

Pro Tip (for the skids): if you fail to find those patch locations using Cheat Engine, go setting->Scan Settings and check the 'MEM_MAPPED' checkbox because the game is remapped and CE won't scan those sections by default.

Maybe y can help patch D2R client for money?

Just say your price.

Because i give up

**dclone** · 04-12-2021

Thanks for explaining (again) and for your initial blogpost and sharing your method!

I have my loader cleanly remap D2R (no crashes without applying patches) but as soon as I use my C++ port of your method the game will crash after random 10-60 seconds. I suppose that the crc bypasses are not working correctly for me.

So would you assume that to be a bug in my C++ port of your code or are there things on D2R where your method needs to be adjusted for a new game?

Thanks

**ex0d** · 04-12-2021

Thanks @ferib.

Your solution enables memory write access (and seems to be bypassing CRCs based on the output) but unfortunately the game process crashes straight away on 'NtResumeProcess(hProcess);'. I can see memory changes to write while the process is still suspended and I see the offsets @king48488 mentioned. Changing them doesn't change the outcome though and the process still crashes immediately on NtResumeProcess.

Edit: I forgot to add that even with CRC check section commented out it still crashes on Resume. It doesn't seem to like NtUnmapViewOfSection/ NtMapViewOfSection.

**R3peat** · 04-12-2021

anybody be so kind to tell me where to get d2r alpha client files?
pm appreciated if you dont wanna talk about this in a pub post

**malloc84** · 04-12-2021

Thank your for the help @king48488 and @ferib.

**0x7C** · 04-12-2021

Originally Posted by R3peat

anybody be so kind to tell me where to get d2r alpha client files?
pm appreciated if you dont wanna talk about this in a pub post

Release v1.3 . barncastle/Battle.Net-Installer . GitHub

BNetInstaller.exe --prod osib --lang enus --dir "C:\D2R"

**ex0d** · 04-12-2021

Originally Posted by R3peat

anybody be so kind to tell me where to get d2r alpha client files?
pm appreciated if you dont wanna talk about this in a pub post

You can use this: GitHub - barncastle/Battle.Net-Installer: A command line tool for installing Blizzard games through Battle.Net.
.\BNetInstaller.exe --prod osib --uid osi_beta --lang enus --dir "D:\Games\D2R"

Edit: oops, before I wrote it 0x7C posted his reply already

**R3peat** · 04-12-2021

ok thx

**dclone** · 04-12-2021

Originally Posted by dclone

Thanks for explaining (again) and for your initial blogpost and sharing your method!

I have my loader cleanly remap D2R (no crashes without applying patches) but as soon as I use my C++ port of your method the game will crash after random 10-60 seconds. I suppose that the crc bypasses are not working correctly for me.

So would you assume that to be a bug in my C++ port of your code or are there things on D2R where your method needs to be adjusted for a new game?

Thanks

Turns out my remapping still is detected somehow - after a random amount of time in the multiple minutes the game crashes even without applying any patches whatsoever.

**ZeltMarv** · 04-12-2021

I've been trying all day to figure out how to bypass the CRC checks. No luck so far.
I tried interpreting ferib's guide and, while I more or less get what's going on, I can't make it work.
The patching on memory part is easy, what's hard is bypassing the CRC check.

I'll report back if I make any progress. x_x

**dclone** · 04-12-2021

Originally Posted by ZeltMarv

I've been trying all day to figure out how to bypass the CRC checks. No luck so far.
I tried interpreting ferib's guide and, while I more or less get what's going on, I can't make it work.
The patching on memory part is easy, what's hard is bypassing the CRC check.

I'll report back if I make any progress. x_x

Are you sure that you don't have crashes with remapping only? I thought so too but it crashes after a random time of several minutes.

Shout-Out

User Tag List

Thread: Some basic offsets to let you play offline

Thread Tools

Search Thread

Similar Threads

[Selling] 6 x 55 Archeage Account with lots of properties to let you earn 1k gold

[Selling] RBG Boosting to 2200 / 2400/ 2600! For Gold and IRL money. You play your character!

Any hacks out with the feature to let you chat with opposite faction?

Some hacks brought to you by ISXAOC

just to let you guys know....

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino