C# code menu

User Tag List

Thread: C# code

Results 1 to 8 of 8
  1. #1
    wineggdrop's Avatar Sergeant
    Reputation
    1
    Join Date
    Feb 2013
    Posts
    38
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    C# code

    ui_component_table = new int[ui_component_table_size];
    MR.ReadMem(ui_component_table_start, ui_component_table, ui_component_table_size * 4); // blocked memory read


    the above code from http://www.ownedcore.com/forums/diab...y-reading.html ([INFO] D3 Memory Reading)
    and thx again for KillerJohn's great code getting me start.the last line of code,the first parameter is the address to read the memory block,the second parameter is the allocated memory to store the data read from memory,and the last parameter is the size of memory to read.but it seems to me the size of memory to read is 4 times bigger than the allocated memory.do I miss somehting here coz I am not good at c#

    C# code
  2. #2
    enigma32's Avatar Legendary
    Reputation
    912
    Join Date
    Jan 2013
    Posts
    551
    Thanks G/R
    4/738
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It would make more sense to post in that thread instead of creating your own, with a random name.

    You are probably not understanding what that piece of code is doing or why it is doing so. I don't blame you as it is quite cryptic. First of all, the "ui_component_table" is internal to a hash table. It contains an array of linked lists. In memory this translates to an array of pointers. Diablo is a 32-bit process, so the size of a pointer is 4 bytes, hence the multiplication by 4.

    Some of my code might shed some light on how it works:
    Code:
    public class HashTable : MemoryObject
    {
    	internal const int SizeOf = 72;
    
    	public HashTable(ProcessMemory memory, int address)
    		: base(memory, address) { }
    
    	public int Base { get { return Read<int>(0x008); } }
    
    	public int Size { get { return Read<int>(0x010); } }
    
    	public int Mask { get { return Read<int>(0x040); } }
    }
    
    public class UIComponentMap : HashTable, IEnumerable<UIComponent>
    {
    	public UIComponentMap(ProcessMemory memory, int address)
    		: base(memory, address) { }
    
    	internal Pair this[int bucket]
    	{
    		get
    		{
    			int pairPtr = Memory.Read<int>(Base + bucket * sizeof(int));
    			if (pairPtr == 0)
    			{
    				return null;
    			}
    			else
    			{
    				return new Pair(Memory, pairPtr);
    			}
    		}
    	}
    
    	public IEnumerator<UIComponent> GetEnumerator()
    	{
    		int count = Size;
    		for (int i = 0; i < count; i++)
    		{
    			int pairPtr = Memory.Read<int>(Base + i * sizeof(int));
    			if (pairPtr != 0)
    			{
    				Pair pair = new Pair(Memory, pairPtr);
    				while (pair != null)
    				{
    					yield return pair.Value;
    					pair = pair.Next;
    				}
    			}
    		}
    	}
    
    	IEnumerator IEnumerable.GetEnumerator()
    	{
    		return GetEnumerator();
    	}
    
    	internal class Pair : MemoryObject
    	{
    		public Pair(ProcessMemory memory, int address)
    			: base(memory, address) { }
    
    		public Pair Next
    		{
    			get
    			{
    				Pair next = null;
    
    				int nextPointer = Read<int>(0x000);
    				if (nextPointer > 0)
    					next = new Pair(Memory, nextPointer);
    
    				return next;
    			}
    		}
    
    		public UIReference Key { get { return new UIReference(Memory, Address + 0x004); } }
    
    		public UIComponent Value { get { return new UIComponent(Memory, Read<int>(0x210)); } }
    	}
    }
    EDIT: Now I understand better why it's so confusing. The method is filling an array (in that case), so it would be logical to assume the last number is the size of that array. However, you should see the 2nd parameter as a pointer to where you want the data (this is some PInvoke magic in the works), meaning you have to specify how much to read as bytes.
    Last edited by enigma32; 03-07-2013 at 01:45 PM.

  3. #3
    KillerJohn's Avatar TurboHUD HUDmaster CoreCoins Purchaser Authenticator enabled
    Reputation
    3696
    Join Date
    Jul 2012
    Posts
    2,532
    Thanks G/R
    46/3338
    Trade Feedback
    0 (0%)
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    "cryptic" I'm cryptic because I don't read through structs, but only at where I lower the CPU usage with it. Usually I read only the very basic structures I need (integers, floats, arrays, etc).
    The hastable's "root" elements are in an array, this is why I read them as an array Yeah, maybe this is unusual, but most people has no working code, and I like this way, so they can take it or leave it.

    EDIT: yes now I see that he has the problem with the *4 expression. And yes, you are right, that number is the number of bytes to read. I love PInvoke

    Originally Posted by enigma32 View Post
    It would make more sense to post in that thread instead of creating your own, with a random name.

    You are probably not understanding what that piece of code is doing or why it is doing so. I don't blame you as it is quite cryptic. First of all, the "ui_component_table" is internal to a hash table. It contains an array of linked lists. In memory this translates to an array of pointers. Diablo is a 32-bit process, so the size of a pointer is 4 bytes, hence the multiplication by 4.

    Some of my code might shed some light on how it works:
    Code:
    public class HashTable : MemoryObject
    {
    	internal const int SizeOf = 72;
    
    	public HashTable(ProcessMemory memory, int address)
    		: base(memory, address) { }
    
    	public int Base { get { return Read<int>(0x008); } }
    
    	public int Size { get { return Read<int>(0x010); } }
    
    	public int Mask { get { return Read<int>(0x040); } }
    }
    
    public class UIComponentMap : HashTable, IEnumerable<UIComponent>
    {
    	public UIComponentMap(ProcessMemory memory, int address)
    		: base(memory, address) { }
    
    	internal Pair this[int bucket]
    	{
    		get
    		{
    			int pairPtr = Memory.Read<int>(Base + bucket * sizeof(int));
    			if (pairPtr == 0)
    			{
    				return null;
    			}
    			else
    			{
    				return new Pair(Memory, pairPtr);
    			}
    		}
    	}
    
    	public IEnumerator<UIComponent> GetEnumerator()
    	{
    		int count = Size;
    		for (int i = 0; i < count; i++)
    		{
    			int pairPtr = Memory.Read<int>(Base + i * sizeof(int));
    			if (pairPtr != 0)
    			{
    				Pair pair = new Pair(Memory, pairPtr);
    				while (pair != null)
    				{
    					yield return pair.Value;
    					pair = pair.Next;
    				}
    			}
    		}
    	}
    
    	IEnumerator IEnumerable.GetEnumerator()
    	{
    		return GetEnumerator();
    	}
    
    	internal class Pair : MemoryObject
    	{
    		public Pair(ProcessMemory memory, int address)
    			: base(memory, address) { }
    
    		public Pair Next
    		{
    			get
    			{
    				Pair next = null;
    
    				int nextPointer = Read<int>(0x000);
    				if (nextPointer > 0)
    					next = new Pair(Memory, nextPointer);
    
    				return next;
    			}
    		}
    
    		public UIReference Key { get { return new UIReference(Memory, Address + 0x004); } }
    
    		public UIComponent Value { get { return new UIComponent(Memory, Read<int>(0x210)); } }
    	}
    }
    EDIT: Now I understand better why it's so confusing. The method is filling an array (in that case), so it would be logical to assume the last number is the size of that array. However, you should see the 2nd parameter as a pointer to where you want the data (this is some PInvoke magic in the works), meaning you have to specify how much to read as bytes.
    Do not send me private messages unless it is absolutely necessary or the content is sensitive or when I ask you to do that...

  4. #4
    enigma32's Avatar Legendary
    Reputation
    912
    Join Date
    Jan 2013
    Posts
    551
    Thanks G/R
    4/738
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by KillerJohn View Post
    "cryptic" I'm cryptic because I don't read through structs, but only at where I lower the CPU usage with it. Usually I read only the very basic structures I need (integers, floats, arrays, etc).
    The hastable's "root" elements are in an array, this is why I read them as an array Yeah, maybe this is unusual, but most people has no working code, and I like this way, so they can take it or leave it.
    You didn't write your framework with the public in mind, so it is totally understandable what you have. You just want it to work, and be fast I however found myself enjoying the reverse engineering process more than actually making a proper program with mine, thus I focus on readability and "making sense". Got bored with the game a while back, but learning and understanding how it works is still fun

    Btw, doesn't "ui_component_table" change when you leave/enter a game? I remember getting strange values when working with the UI and not updating everything from scratch.

  5. #5
    KillerJohn's Avatar TurboHUD HUDmaster CoreCoins Purchaser Authenticator enabled
    Reputation
    3696
    Join Date
    Jul 2012
    Posts
    2,532
    Thanks G/R
    46/3338
    Trade Feedback
    0 (0%)
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by enigma32 View Post
    You didn't write your framework with the public in mind, so it is totally understandable what you have. You just want it to work, and be fast I however found myself enjoying the reverse engineering process more than actually making a proper program with mine, thus I focus on readability and "making sense". Got bored with the game a while back, but learning and understanding how it works is still fun

    Btw, doesn't "ui_component_table" change when you leave/enter a game? I remember getting strange values when working with the UI and not updating everything from scratch.
    TurboHUD updates everything 24 times per second, except the UI with a 10 times/second rate. I cache everything which CAN'T change, but almost everything can change. The trick is in the caching mechanism of actors, ACDs, UI elements, etc (I call it "The Collector" )

    Yeah, I really don't want to allow the public to turn HUD into a bot, so it's closed source. Maybe once in the far future I open it's code for future generations, and maybe make an open source bot around it, but I'm already a bit old for that. With two sons, I have not too much time to go to court every day for a year to talk with Blizzard lawyers... ^^
    Do not send me private messages unless it is absolutely necessary or the content is sensitive or when I ask you to do that...

  6. #6
    wineggdrop's Avatar Sergeant
    Reputation
    1
    Join Date
    Feb 2013
    Posts
    38
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by KillerJohn View Post
    TurboHUD updates everything 24 times per second, except the UI with a 10 times/second rate. I cache everything which CAN'T change, but almost everything can change. The trick is in the caching mechanism of actors, ACDs, UI elements, etc (I call it "The Collector" )

    Yeah, I really don't want to allow the public to turn HUD into a bot, so it's closed source. Maybe once in the far future I open it's code for future generations, and maybe make an open source bot around it, but I'm already a bit old for that. With two sons, I have not too much time to go to court every day for a year to talk with Blizzard lawyers... ^^
    update everything 24 times per second?would it be dangerous coz warden may detect the frequent memory read on its own process

  7. #7
    enigma32's Avatar Legendary
    Reputation
    912
    Join Date
    Jan 2013
    Posts
    551
    Thanks G/R
    4/738
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by wineggdrop View Post
    update everything 24 times per second?would it be dangerous coz warden may detect the frequent memory read on its own process
    Nope. Afaik there is no way to detect a memory read unless you hack the OS or spy on all other running processes. Doing that would not be feasible and possible illegal What warden can do however is check certain key areas of memory for modifications that weren't a result of the client, like if the camera distance has been overwritten.

  8. #8
    KillerJohn's Avatar TurboHUD HUDmaster CoreCoins Purchaser Authenticator enabled
    Reputation
    3696
    Join Date
    Jul 2012
    Posts
    2,532
    Thanks G/R
    46/3338
    Trade Feedback
    0 (0%)
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by enigma32 View Post
    Nope. Afaik there is no way to detect a memory read unless you hack the OS or spy on all other running processes. Doing that would not be feasible and possible illegal What warden can do however is check certain key areas of memory for modifications that weren't a result of the client, like if the camera distance has been overwritten.
    Yeah, exactly. This is the reason I don't change even a bit in D3 memory for TurboHUD.
    Do not send me private messages unless it is absolutely necessary or the content is sensitive or when I ask you to do that...

Similar Threads

  1. Codes for CE Mountain climb and No damage fall =D
    By FoRbIdDeN in forum World of Warcraft Bots and Programs
    Replies: 23
    Last Post: 10-28-2006, 09:21 AM
  2. I need Current PTR Mountain climbing code-Because of error
    By Wildslayer in forum World of Warcraft General
    Replies: 0
    Last Post: 08-16-2006, 08:24 AM
  3. LOTS of WPE codes
    By Örpheus in forum World of Warcraft Bots and Programs
    Replies: 16
    Last Post: 08-04-2006, 01:19 PM
  4. [Bot:Source] Acidic Bot Source Code
    By =sinister= in forum World of Warcraft Bots and Programs
    Replies: 10
    Last Post: 07-03-2006, 05:38 PM
  5. Error in checking WoW.exe CRC code hack?
    By Trichelieu in forum World of Warcraft General
    Replies: 0
    Last Post: 06-11-2006, 02:24 PM
All times are GMT -5. The time now is 07:43 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search