[Diablo 3][0.4.0.7841] Info Dump Thread

[felheartx]

Hi there guys, since there is no info dump thread for the latest patch I opened this one.
Here is what I've found out so far.

First a few interesting things about the player-actor.
To get the player GUID call: 0x92DDB0
I haven't found a reliable way to get a actor from a GUID maybe someone can help me with that.

An actor consists of
+0 GUID
+8 model name
+94 normalized direction x
+98 normalized direction y
+9C x1, y1, z1
+AC x2, y2, z2
+37C Pointer to a class that contains movement information "movement class"

Interesting values in the movement class are:
+0 Pointer to a table of functions
+34 IsMoving 0/1
+38 Path complexity (0:unreachable, 1:complex path, 2:direct path)
+3C TargetX, Y, Z
+68 normalized direction to the target X, Y, Z

If you write to the target position and set the moving flag to 1, the character will start to move there, like CTM.
But it doesnt play the animation. I only tested this on the emulator so far.


To get the GUID of the current hovering object read from:
["Diablo III.exe"+D534C8] + 820

To get the last written chat input:
[["Diablo III.exe"+BCB544]]

The current version string is at:
"Diablo III.exe" + 9B6B28


I'm not that good in reversing, so it would be nice if someone could explain the whole concept of how actors are stored and accessed.
Also, how do I get information like HP, Name, ... from an actor, does this work with descriptors like in wow?

[scriptcraft]

No i do not think so

[felheartx]

I finally found a way to send movement and action commands to the hero, while the game is minimized
Now if I could only get a list of actors / mobs, but I'll post if I find more interesting things.

Unfortunately, I still couldn't find a way to enumerate / iterate the list of monsters
I really hope someone can help with this.

[stevenyy]

I m trying to find player hp atm, nothing useful yet, I will post it here if I find anything interesting.
A friend is also offering me a copy of IDA pro 6.1, gonna see if that does any good.

[felheartx]

Yeeeah, found a way to iterate trough the list of actors in a non-ghetto fashion ie. just by memory reading.
Now on to getting actor name (instead of just model name), hp, classification, hostility, attributes, and other useful stuff.

Does anyone know if there is any danger of getting banned on the official beta servers, when using CheatEngine, Olly or ReClass??

edit: for all the lazy people who still have problems getting a list of actors from the game:
Looking at this part of the code: "Diablo III.exe" + 0x2F4007
breakpoint on it. edi stores the player guid, eax the current actor address.
look at the whole function and it should become clear how to retrive the list.

Happy hacking everyone

[stevenyy]

......Sounds like you have beta access?
too much Jealousy.

[KOS0937]

why would you assume that? he actually doesn't (at least he has been talking about testing it only on mooege)

thanks felheartx for sharing anyways. From what I can see we are about equally good with reversing and that stuff - so I know what you are going through ^^ (though I don't have the time to do anything with d3 right now :-( )

[DrakeFish]

......Sounds like you have beta access?
too much Jealousy.

I've been doing a lot of work without actually having an access to beta, and I still don't. And even if I did I would probably use Mooege more than the beta servers (possibility to modify anything sent by server in a snap = win).

[stevenyy]

why would you assume that? he actually doesn't (at least he has been talking about testing it only on mooege)

he was asking if there is any danger of getting banned on the official beta servers, when using CheatEngine, Olly or ReClass. whats wrong with my assumption?

Originally Posted by DrakeFish
I've been doing a lot of work without actually having an access to beta, and I still don't.......

me too, not because i don't want beta access , but mooege is all i have got. also, when i use mooege, i have to start d3 first then attach the process to ida debugger. it sometimes causes the game to crash, and i was hoping with beta access i can start the process with ida debugger and reduce the crashes i am experiencing. Maybe i m doing something wrong, but i am not a pro anyway =)

[felheartx]

@stevenyy:
Yeah I have beta access, but I fear loosing it if I screw with the game by using CE or something.
I mainly use mooege, I got pretty far with it. But since everything is a instakill I can't find hp and other stats of the monsters. But I'm sure I'll figure something out
The beta is fun, but it only takes an hour at most to play it trough (with one character).

@KOS0937:
I'll post more stuff periodically, but I don't want to spoil the fun by revealing everything at once ^^
But if anyone has questions, please ask, I'll see if I can help

Oh DrakeFish, in the screenshot you posted in the other thread I saw you enumerated the attributes.
Did you get the attribute names form the game? Parse them from a gamefile? Or did you name them yourself?
Are attributes stored in a extra struct, seperate from the actor?

[DrakeFish]

Oh DrakeFish, in the screenshot you posted in the other thread I saw you enumerated the attributes.
Did you get the attribute names form the game? Parse them from a gamefile? Or did you name them yourself?
Are attributes stored in a extra struct, seperate from the actor?

Mooege took care of datamining the gameattributes. I'm unsure where they are stored but they have (or at least had) an array with all of them, I'm using the names and IDs from there.

[KOS0937]

I played around a bit with D3 (live) + ida / olly / ce. Had no problems and it appears that the warden is not really running on the beta servers. Not gonna vouch on that one though.

@stevenyy battle.net.dll will stop you from logging in when ce / ida / olly are running. The anti-anti-debug measures you would have to take are not really worth the trouble. But of course you can run d3 from the debugger - and also give console arguments to set the serverurl to 127.0.0.1 (or just change it in the confg files. should be possible as well)

EDIT: in ida it's debugger->process options-> parameter: " -launch -auroraaddress 127.0.0.1:1345" or something like that

[felheartx]

Patch 7 is released. Version string is "0.4.1.7931.BETA (34508-618511)"
Looks like all pointer paths / offsets still work.

At +0x1C8 in the Actor struct there's a value that's 0 for offscreen, 4 for "cached" and 5 for onscreen.
This works most of the time, but sometimes the game decides to set this to zero for every actor.
I don't know what causes this, maybe this value isn't even meaning "onscreen" at all, but it behaves like this most of the time.

Thanks DrakeFish, I'll try my luck at Mooege's source code

Oh my god, classifying Actors is way harder than I thought,
I tried to use Actor flags, for detecting if an Actor is an enemy, a corpse with loot, a item that can be picked up, or whatever...
But I get false-positives everywhere >_<
My program returns some NPCs(Leah/Anvil/Blacksmith) as hostile, even though they aren't.
I think I'm totally lost at this.
Has anyone got something like this working??

[felheartx]

Not much up in this thread, maybe it's because people aren't interested in the game because it's in beta?
Anyways, here are the news

There's a static region in the game that contains the keyboard state.
If you write directly to it, you can even emulate keydown/keyup.
Ok, it's abit harder than that. You'll have to set the "time since last hardware interaction counter" to the actual tickcount form inside the process.
Also the game doesn't accept keyboard/mouse input if it isn't focused (which is easily fixable by the way).

For the tickcount(of the last hardware input), you'll either have to place a hook somewhere (to pulse your own code and overwrite the tickcount), or you use WriteProcessMemory directly each time you send some hw inputs...
I confirmed both methods to work.

But only crap-bots use keyboard/mouse input anyways


I still haven't found a decent way to read all "stats" from a actor. Mainly because cheatengine crashes the game very often when debugging
If someone has a way to do this correctly, please share it.

[KOS0937]

rmah destroyed it. People hope to make money with this, so they don't share the information they find (or, they are afraid others will use it to make money).

But only crap-bots use keyboard/mouse input anyways

qft. Time is better spend looking for a "clickToMove" / "clickToInteract" etc.

the game will crash whenever it's stopped for too long. independent of the debugger you use.