[Diablo 3][[0.5.1.8101] Patch 9 - Info Dump Thread

[diablothree]

Keeping this going now that patch 9 is out.


pRActors:
[[base + 140593C]+8AC]
that means:
[[[base + 140593C]+8AC]] == "RActors"

FirstActor:
[[[base + 140593C]+8AC] + 0x148] = Start address of the first actor object

Add 0x10C to get the number of slots in RActors. Add 0x42C to the FirstActor address to get the second actor, and iterate like this over each slot. If the first four bytes in any field equal 0xFFFFFFFF (a common indicator of "invalid" or "no data" in the client) skip over it, as the actor in that slot has been removed.

[chuanhsing]

works fine for me, thanks

RActors - Pastebin.com

[wraithZX]

Just started actively looking at D3.... is it just me or is there some funky relocations going on?
Functions don't seem to line up in the debugger compared to IDA, despite having the same base module address.

Either way, in IDA, the function at 0x8240D0 seems to be a GetActorPtrFromGUID or equivalent (answering the question from previous thread), declaration:

    void* __thiscall GetActorPtrFromGUID(RActors* pRActors, DWORD guid);

...and GetPlayerGUID @ 0x944230:

    DWORD GetPlayerGUID();

Using pattern matching should allow you to find them despite the relocations.

Has anyone seen a programmatic version of the equivalent of WoW's enumerate objects with callback?
It seems most of the actor-access functions iterate directly, curious if anyone's seen it.

EDIT: Found it. 0x9835A0.

    BOOL __thiscall IterateActors(RActors* pRActors, DWORD& mask/*???*/, void** actor_ptr);

EDIT2: It seems my 8101 IDA database was from a different 8101 build. (???) No idea. Rebuilt the DB and everything is correct. Weird.

[diablothree]

    void* __thiscall GetActorPtrFromGUID(RActors* pRActors, DWORD guid);

Nice find, I found similar code in a different method but lost track of it. Here's my C# implementation of the same method:

(See my post below for a more generic method of converting an id/hash to a pointer in any of the container structures.)

[Nesox]

They have about 80 different manager with different items, i've made a class that i can use on any as long as i know where the pointer for it is and the size of the object.
Here's how RActors look

Code:

    /// <summary></summary>
    public class Ractors : ObjectManager
    {
        /// <summary>Constructor.</summary>
        /// <param name="ptr">The pointer.</param>
        internal Ractors(IntPtr ptr) 
            : base(ptr, FastSize<NativeRActor>.Size)
        {
        }

        /// <summary>
        /// Gets all loaded RActors.
        /// </summary>
        /// <returns></returns>
        public List<RActor> GetAllLoadedRActors()
        {
            List<RActor> acdObjects = new List<RActor>();

            for (short i = 0; i < NumValues; i++)
            {
                IntPtr result = GetItem(i);
                if (result != IntPtr.Zero)
                {
                    RActor a = new RActor(result);
                    acdObjects.Add(a);
                }
            }

            return acdObjects;
        }

        /// <summary>
        /// Gets a RActor by the guid.
        /// </summary>
        /// <param name="guid">The guid.</param>
        /// <returns></returns>
        public RActor GetActorByGuid(int guid)
        {
            foreach (RActor ractor in GetAllLoadedRActors())
            {
                if (ractor.Guid== guid)
                    return ractor;
            }

            return null;
        }
    }

[diablothree]

Good idea. I refactored the above code to handle any of the object managers.

Code:

uint IDToPtr(uint container, uint objSize, uint id)
{
    const uint INVALID = 0xFFFFFFFF;

    uint shortID = id & 0xFFFF;

    if (shortID >= d3.ReadUInt(container + 256))
        return INVALID;

    uint v0 = d3.ReadUInt(container + 328);
    int v1 = d3.ReadInt(container + 396);

    uint ptr = d3.ReadUInt(v0 + 4 * (shortID >> v1)) + objSize * (uint)(shortID & ((1 << v1) - 1));
    if (d3.ReadUInt(ptr) == id)
        return ptr;

    return INVALID;
}

A few object sizes in 8101: RActors are 1068, ACDs (ActorCommonData) are 720, attributes are 384, scenes are 680.

[diablothree]

Another member pointed out my description of how to enumerate RActors in the first post was incorrect. The info has been corrected (you need to grab the size of the array in RActors and skip over any 0xFFFFFFFF entries).

[diablothree]

(Ignore this post.)

[xzidez]

Another member pointed out my description of how to enumerate RActors in the first post was incorrect. The info has been corrected (you need to grab the size of the array in RActors and skip over any 0xFFFFFFFF entries).

There is a LinkedList will all Active ActorsGuids you can use aswel. Just go through the entire list and use GetObjectActorByGuid on the guids.

[diablothree]

To the people who are successfully rendering navcell maps: once you have the scene list, are you digging through navmesh/navcell structures attached to the scenes in memory or are you parsing the game asset files (mpq/sno)? Seems like the latter would be an easier approach but it would be good to hear from people who are further along in that area.

[Zaylek]

I am reading the navmesh/navcell structures in memory. I know others have read them from the mpq files. Both are equally valid methods, just personal preference I guess.

[xzidez]

I am reading the navmesh/navcell structures in memory. I know others have read them from the mpq files. Both are equally valid methods, just personal preference I guess.

The MPQ files are static and the world is dynamic and generated at server. Thus you can only get the layouts for the different scenes from the MPQ, while the actualy navmesh can only get fetched from the memory.

Edit: Perhaps I should have read the entire context before answering... Sorry .

To answer the question. I use memory reading : p

[diablothree]

The MPQ files are static and the world is dynamic and generated at server. Thus you can only get the layouts for the different scenes from the MPQ, while the actualy navmesh can only get fetched from the memory.

Edit: Perhaps I should have read the entire context before answering... Sorry .

To answer the question. I use memory reading : p

Can you provide more information on why the navmesh can only be fetched from memory? The .scn files in the MPQ archives all have navmesh/navcell structures in them. It's not clear to me why you couldn't just grab the active scenes in memory and use their snoIDs to lookup those scenes and their navmeshes from the MPQs.

[xzidez]

Can you provide more information on why the navmesh can only be fetched from memory? The .scn files in the MPQ archives all have navmesh/navcell structures in them. It's not clear to me why you couldn't just grab the active scenes in memory and use their snoIDs to lookup those scenes and their navmeshes from the MPQs.

Ye I was under the impression that you were talking about getting the map from the MPQ without having the scenes. But just as you say, if you know the scenes you can grab the the rest from the memory afaik. (This is not my approach so I cant confirm it, but I would assume this is how it is)

[diablothree]

Ye I was under the impression that you were talking about getting the map from the MPQ without having the scenes. But just as you say, if you know the scenes you can grab the the rest from the memory afaik. (This is not my approach so I cant confirm it, but I would assume this is how it is)

Ah ok we're on the same page now. Yeah, I'm able to fetch a list of scenes with code that looks something like this:

Code:

const uint INVALID = 0xFFFFFFFF;
const uint OBJMANAGER = 0x140593C;
const uint OBJMANAGER_SCENES_PTR_OFFSET = 0x8F0;
const uint ARRAY_SIZE_OFFSET = 0x10C;
const uint ARRAY_OFFSET = 0x148;
const int SIZEOF_SCENE = 680;

public List<Scene> GetScenes()
{
    uint pScenes = GetScenesContainer();

    // Grab the size of the Scenes array
    int sceneArraySize = d3.ReadInt(pScenes + ARRAY_SIZE_OFFSET);

    // Grab the first scene
    uint pScene = d3.ReadUInt(pScenes + ARRAY_OFFSET);

    // Loop through the array and grab all valid scene objects
    List<Scene> scenes = new List<Scene>(sceneArraySize);
    for (uint i = 0; i < sceneArraySize; i++)
    {
        Scene scene = GetScene(pScene + i * SIZEOF_SCENE);
        if (scene != null)
            scenes.Add(scene);
    }

    return scenes;
}

private Scene GetScene(uint ptr)
{
    if (d3.ReadUInt(ptr) != INVALID)
        return new Scene(d3, ptr, d3.ReadBytes(ptr, SIZEOF_SCENE));
    return null;
}

private uint GetScenesContainer()
{
    uint pObjMgr = d3.ReadUInt(OBJMANAGER);
    uint pScenes = d3.ReadUInt(pObjMgr + OBJMANAGER_SCENES_PTR_OFFSET);
    if (d3.ReadASCIIString(pScenes, 7) == "Scenes")
        return pScenes;
    return INVALID;
}