Memory addresses/offsets

[InunoTaishou]

Very much a noob at reverse engineering but tried to find some addresses last night and day but not having any luck with attaching the debugger when I tried to do what accesses the address I found. Did research and people are saying Blizzard implements debugging countermeasures in their games to prevent this. Does anyone have a good guide to follow to get this to work or have a list of addresses with offsets?

Trying to get health (current/max), mana (current/max), and exp (current/needed) for now. Just looking to make something like an auto pot and something like the old baal buddy plugin (exp gained in last game and how many games to level)

[malloc84]

Very much a noob at reverse engineering but tried to find some addresses last night and day but not having any luck with attaching the debugger when I tried to do what accesses the address I found. Did research and people are saying Blizzard implements debugging countermeasures in their games to prevent this. Does anyone have a good guide to follow to get this to work or have a list of addresses with offsets?

Trying to get health (current/max), mana (current/max), and exp (current/needed) for now. Just looking to make something like an auto pot and something like the old baal buddy plugin (exp gained in last game and how many games to level)

You need to check out old D2 structs and then go from there. Live debugging is possible but extremely hard to set up. Instead, making a proper dump and analyzing it in IDA or GHIDRA (with struct knowledge) will get you what you want. You can use Cheat Engine to confirm your results, but be aware that attaching a debugger or trying to modify code will crash the game in 90% of cases. Even with dbk, chance of complete system crash (BSOD) is great.
There is a ton of OG D2 struc information out there and D2R is basically the same.

For starters, here is a Player offset for current patch: 0x2028E60. From here you can reach either player itself or even Acts, Rooms, etc through pointers. Just look up the structs from D2 and experiment.

Example to get to player position:

Code:

byte buffer[8] = { };
SIZE_T bytesRead;
PVOID pPlayer = (byte*)baseAddress + 0x2028E60;
ReadProcessMemory(hProcess, (void*)pPlayer, buffer, sizeof(buffer), &bytesRead);
	
auto player = *reinterpret_cast<int64_t*>(buffer);
auto pPath = player + 0x38;

ReadProcessMemory(hProcess, (void*)pPath, buffer, sizeof(buffer), &bytesRead);
auto path = *reinterpret_cast<int64_t*>(buffer);

auto posXAddr = path + 0x02;
auto posYAddr = path + 0x06;

byte posx[8] = { };
byte posy[8] = { };
ReadProcessMemory(hProcess, (void*)posXAddr, posx, sizeof(posx), &bytesRead);
ReadProcessMemory(hProcess, (void*)posYAddr, posy, sizeof(posy), &bytesRead);

auto pposx = *reinterpret_cast<uint16_t*>(posx);
auto pposy = *reinterpret_cast<uint16_t*>(posy);

printf("Player Pos X: %d\n", pposx);
printf("Player Pos Y: %d\n", pposy);

[tjden]

Are there any discord servers / channels to discuss memory offsets?

[Ribica]

You need to check out old D2 structs and then go from there. Live debugging is possible but extremely hard to set up. Instead, making a proper dump and analyzing it in IDA or GHIDRA (with struct knowledge) will get you what you want. You can use Cheat Engine to confirm your results, but be aware that attaching a debugger or trying to modify code will crash the game in 90% of cases. Even with dbk, chance of complete system crash (BSOD) is great.
There is a ton of OG D2 struc information out there and D2R is basically the same.

For starters, here is a Player offset for current patch: 0x2028E60. From here you can reach either player itself or even Acts, Rooms, etc through pointers. Just look up the structs from D2 and experiment.

Example to get to player position:

Code:

byte buffer[8] = { };
SIZE_T bytesRead;
PVOID pPlayer = (byte*)baseAddress + 0x2028E60;
ReadProcessMemory(hProcess, (void*)pPlayer, buffer, sizeof(buffer), &bytesRead);
	
auto player = *reinterpret_cast<int64_t*>(buffer);
auto pPath = player + 0x38;

ReadProcessMemory(hProcess, (void*)pPath, buffer, sizeof(buffer), &bytesRead);
auto path = *reinterpret_cast<int64_t*>(buffer);

auto posXAddr = path + 0x02;
auto posYAddr = path + 0x06;

byte posx[8] = { };
byte posy[8] = { };
ReadProcessMemory(hProcess, (void*)posXAddr, posx, sizeof(posx), &bytesRead);
ReadProcessMemory(hProcess, (void*)posYAddr, posy, sizeof(posy), &bytesRead);

auto pposx = *reinterpret_cast<uint16_t*>(posx);
auto pposy = *reinterpret_cast<uint16_t*>(posy);

printf("Player Pos X: %d\n", pposx);
printf("Player Pos Y: %d\n", pposy);

I am a Software engineer but a noob as well when it comes to reverse engineering like OP.

D2 would be my first game to tackle reverse engineering with a simple goal of finding some variables and I am a bit lost in how to approach this.

Could you shed some light on some questions:
- which tool do you use to dump process memory?
- I heard people are using CheatEngine to detect changes in addreses, but I also heard that this is possibly bannable and detectable since it attaches on the process - is this true?
- do you have any d2 related materials you can share either here or via a PM?
- any other tips for a beginner to tackle reversing some basic variables as mentioned by the OP (health, mana experience etc.) - video links / books / github repos / samples?

[tessier-ashpool]

In case your still interested you can take a look at the code for this map assist. It is YOLO opening handles and reading memory from the process. I am not sure of the state of the anti-cheat. Check out stuff in /helpers.

GitHub - OneXDeveloper/MapAssist: D2R MapHack

[xblade2k7]

I am a Software engineer but a noob as well when it comes to reverse engineering like OP.

D2 would be my first game to tackle reverse engineering with a simple goal of finding some variables and I am a bit lost in how to approach this.

Could you shed some light on some questions:
- which tool do you use to dump process memory?
- I heard people are using CheatEngine to detect changes in addreses, but I also heard that this is possibly bannable and detectable since it attaches on the process - is this true?
- do you have any d2 related materials you can share either here or via a PM?
- any other tips for a beginner to tackle reversing some basic variables as mentioned by the OP (health, mana experience etc.) - video links / books / github repos / samples?

no comment...