C# code

[wineggdrop]

ui_component_table = new int[ui_component_table_size];
MR.ReadMem(ui_component_table_start, ui_component_table, ui_component_table_size * 4); // blocked memory read


the above code from http://www.ownedcore.com/forums/diab...y-reading.html ([INFO] D3 Memory Reading)
and thx again for KillerJohn's great code getting me start.the last line of code,the first parameter is the address to read the memory block,the second parameter is the allocated memory to store the data read from memory,and the last parameter is the size of memory to read.but it seems to me the size of memory to read is 4 times bigger than the allocated memory.do I miss somehting here coz I am not good at c#

[enigma32]

It would make more sense to post in that thread instead of creating your own, with a random name.

You are probably not understanding what that piece of code is doing or why it is doing so. I don't blame you as it is quite cryptic. First of all, the "ui_component_table" is internal to a hash table. It contains an array of linked lists. In memory this translates to an array of pointers. Diablo is a 32-bit process, so the size of a pointer is 4 bytes, hence the multiplication by 4.

Some of my code might shed some light on how it works:

Code:

public class HashTable : MemoryObject
{
	internal const int SizeOf = 72;

	public HashTable(ProcessMemory memory, int address)
		: base(memory, address) { }

	public int Base { get { return Read<int>(0x008); } }

	public int Size { get { return Read<int>(0x010); } }

	public int Mask { get { return Read<int>(0x040); } }
}

public class UIComponentMap : HashTable, IEnumerable<UIComponent>
{
	public UIComponentMap(ProcessMemory memory, int address)
		: base(memory, address) { }

	internal Pair this[int bucket]
	{
		get
		{
			int pairPtr = Memory.Read<int>(Base + bucket * sizeof(int));
			if (pairPtr == 0)
			{
				return null;
			}
			else
			{
				return new Pair(Memory, pairPtr);
			}
		}
	}

	public IEnumerator<UIComponent> GetEnumerator()
	{
		int count = Size;
		for (int i = 0; i < count; i++)
		{
			int pairPtr = Memory.Read<int>(Base + i * sizeof(int));
			if (pairPtr != 0)
			{
				Pair pair = new Pair(Memory, pairPtr);
				while (pair != null)
				{
					yield return pair.Value;
					pair = pair.Next;
				}
			}
		}
	}

	IEnumerator IEnumerable.GetEnumerator()
	{
		return GetEnumerator();
	}

	internal class Pair : MemoryObject
	{
		public Pair(ProcessMemory memory, int address)
			: base(memory, address) { }

		public Pair Next
		{
			get
			{
				Pair next = null;

				int nextPointer = Read<int>(0x000);
				if (nextPointer > 0)
					next = new Pair(Memory, nextPointer);

				return next;
			}
		}

		public UIReference Key { get { return new UIReference(Memory, Address + 0x004); } }

		public UIComponent Value { get { return new UIComponent(Memory, Read<int>(0x210)); } }
	}
}

EDIT: Now I understand better why it's so confusing. The method is filling an array (in that case), so it would be logical to assume the last number is the size of that array. However, you should see the 2nd parameter as a pointer to where you want the data (this is some PInvoke magic in the works), meaning you have to specify how much to read as bytes.

[KillerJohn]

"cryptic" I'm cryptic because I don't read through structs, but only at where I lower the CPU usage with it. Usually I read only the very basic structures I need (integers, floats, arrays, etc).
The hastable's "root" elements are in an array, this is why I read them as an array Yeah, maybe this is unusual, but most people has no working code, and I like this way, so they can take it or leave it.

EDIT: yes now I see that he has the problem with the *4 expression. And yes, you are right, that number is the number of bytes to read. I love PInvoke

It would make more sense to post in that thread instead of creating your own, with a random name.

You are probably not understanding what that piece of code is doing or why it is doing so. I don't blame you as it is quite cryptic. First of all, the "ui_component_table" is internal to a hash table. It contains an array of linked lists. In memory this translates to an array of pointers. Diablo is a 32-bit process, so the size of a pointer is 4 bytes, hence the multiplication by 4.

Some of my code might shed some light on how it works:

Code:

public class HashTable : MemoryObject
{
	internal const int SizeOf = 72;

	public HashTable(ProcessMemory memory, int address)
		: base(memory, address) { }

	public int Base { get { return Read<int>(0x008); } }

	public int Size { get { return Read<int>(0x010); } }

	public int Mask { get { return Read<int>(0x040); } }
}

public class UIComponentMap : HashTable, IEnumerable<UIComponent>
{
	public UIComponentMap(ProcessMemory memory, int address)
		: base(memory, address) { }

	internal Pair this[int bucket]
	{
		get
		{
			int pairPtr = Memory.Read<int>(Base + bucket * sizeof(int));
			if (pairPtr == 0)
			{
				return null;
			}
			else
			{
				return new Pair(Memory, pairPtr);
			}
		}
	}

	public IEnumerator<UIComponent> GetEnumerator()
	{
		int count = Size;
		for (int i = 0; i < count; i++)
		{
			int pairPtr = Memory.Read<int>(Base + i * sizeof(int));
			if (pairPtr != 0)
			{
				Pair pair = new Pair(Memory, pairPtr);
				while (pair != null)
				{
					yield return pair.Value;
					pair = pair.Next;
				}
			}
		}
	}

	IEnumerator IEnumerable.GetEnumerator()
	{
		return GetEnumerator();
	}

	internal class Pair : MemoryObject
	{
		public Pair(ProcessMemory memory, int address)
			: base(memory, address) { }

		public Pair Next
		{
			get
			{
				Pair next = null;

				int nextPointer = Read<int>(0x000);
				if (nextPointer > 0)
					next = new Pair(Memory, nextPointer);

				return next;
			}
		}

		public UIReference Key { get { return new UIReference(Memory, Address + 0x004); } }

		public UIComponent Value { get { return new UIComponent(Memory, Read<int>(0x210)); } }
	}
}

EDIT: Now I understand better why it's so confusing. The method is filling an array (in that case), so it would be logical to assume the last number is the size of that array. However, you should see the 2nd parameter as a pointer to where you want the data (this is some PInvoke magic in the works), meaning you have to specify how much to read as bytes.

[enigma32]

"cryptic" I'm cryptic because I don't read through structs, but only at where I lower the CPU usage with it. Usually I read only the very basic structures I need (integers, floats, arrays, etc).
The hastable's "root" elements are in an array, this is why I read them as an array Yeah, maybe this is unusual, but most people has no working code, and I like this way, so they can take it or leave it.

You didn't write your framework with the public in mind, so it is totally understandable what you have. You just want it to work, and be fast I however found myself enjoying the reverse engineering process more than actually making a proper program with mine, thus I focus on readability and "making sense". Got bored with the game a while back, but learning and understanding how it works is still fun

Btw, doesn't "ui_component_table" change when you leave/enter a game? I remember getting strange values when working with the UI and not updating everything from scratch.

[KillerJohn]

You didn't write your framework with the public in mind, so it is totally understandable what you have. You just want it to work, and be fast I however found myself enjoying the reverse engineering process more than actually making a proper program with mine, thus I focus on readability and "making sense". Got bored with the game a while back, but learning and understanding how it works is still fun

Btw, doesn't "ui_component_table" change when you leave/enter a game? I remember getting strange values when working with the UI and not updating everything from scratch.

TurboHUD updates everything 24 times per second, except the UI with a 10 times/second rate. I cache everything which CAN'T change, but almost everything can change. The trick is in the caching mechanism of actors, ACDs, UI elements, etc (I call it "The Collector" )

Yeah, I really don't want to allow the public to turn HUD into a bot, so it's closed source. Maybe once in the far future I open it's code for future generations, and maybe make an open source bot around it, but I'm already a bit old for that. With two sons, I have not too much time to go to court every day for a year to talk with Blizzard lawyers... ^^

[wineggdrop]

TurboHUD updates everything 24 times per second, except the UI with a 10 times/second rate. I cache everything which CAN'T change, but almost everything can change. The trick is in the caching mechanism of actors, ACDs, UI elements, etc (I call it "The Collector" )

Yeah, I really don't want to allow the public to turn HUD into a bot, so it's closed source. Maybe once in the far future I open it's code for future generations, and maybe make an open source bot around it, but I'm already a bit old for that. With two sons, I have not too much time to go to court every day for a year to talk with Blizzard lawyers... ^^

update everything 24 times per second?would it be dangerous coz warden may detect the frequent memory read on its own process

[enigma32]

update everything 24 times per second?would it be dangerous coz warden may detect the frequent memory read on its own process

Nope. Afaik there is no way to detect a memory read unless you hack the OS or spy on all other running processes. Doing that would not be feasible and possible illegal What warden can do however is check certain key areas of memory for modifications that weren't a result of the client, like if the camera distance has been overwritten.

[KillerJohn]

Nope. Afaik there is no way to detect a memory read unless you hack the OS or spy on all other running processes. Doing that would not be feasible and possible illegal What warden can do however is check certain key areas of memory for modifications that weren't a result of the client, like if the camera distance has been overwritten.

Yeah, exactly. This is the reason I don't change even a bit in D3 memory for TurboHUD.