Terminology and object Diagrams help.

[dowigr]

I am wondering if anybody has created any object diagrams or can clear up and of the D3 structs for me.

I created a wonderful OOP bot in C# for WOW. I wrote all the libraries myself and had tremendous success with that project. I got bored of WOW and am now looking to work on a D3 bot. The only problem I have is in Offset finding. I relied heavily on the community for the offsets for my bot. Even after I started to learn how to reverse the binaries for myself, I was only able to find a few things, and still relied on the a few individuals who were generous enough to share their findings.

I want to learn how to find these memory locations myself. I am working hard to try and learn. It's going slow.


I have just started to work on D3 and I must confess I am not much good at reversing. I have found some sucess using the Freeware version of IDA (found here)

This post was extremely helpful in getting me going: How-To find Simple Stuff ([Tutorial] How to find simple stuff):

I have never used Ollydbg, only IDA.


My Biggest problem is that I am having a hard time conceptualizing how the structs are formed. I liked how it was done in WOW, where you could simply loop though starting at the objectManager offset and map all of the local objects in wow. I would then put the found objects into dictionary lists using the GUID as the key.

Each object was the same size and you could find all the attributes of each object by simply reading at an offset from the object's base. All object are in the same list, with a different type enum. This made it really easy to organize each type of object into their own collections..


I don't know if D3 does it the same way. I have been finding posts that talk about the RActors, which I hope are really just objects (Players,Mobs, loot, ect).

What I really want to know is, does it look like the data is organized the same way in D3 as it is in WOW?

Are we going to be able to use the same types of offsets? ie:
objectManagerOffset: 0x143BE24
firstRActorOffset: 0x8B0
nextRActorOffset: 0x42C
localGuidOffset: 0x92DDB0


Psudo struct representation:
Objects Guid at base address of Object
then every 4 bytes an attribute like HP or Mana or MaxHP or Max Mana, X loc, Y loc ect
next object,

I really hope it is...

My next point of confusion is the ACD (Actor Common Data). This seems to me to be similar to the descriptorfeilds in WOW. Is this accurate? Is it held in a completely different way than the RActors and just linked up by GUID?


Can anybody please confirm for me that RActors are actually all of the Game objects, or if they are simply the Players? If anybody is able to post a rough Object diagram of how the understand the RActors to work that would be awesome.

Also, any tips on how you found the ObjectManager in IDA would be a big help to me figuring this reversing stuff out.


d,

[xzidez]

Im going to throw you a short simple answer, I hope its somewhat of what you are looking for

Unfortunately we are not lucky to have the easy struct layout of WoW : (.. Most stuffs seem to be stored in Dictionaries on the actors / objects... in C# it would look something like this.

Then ofcourse there are some common properties for the Actor. Like location..

Code:

Actor
{
    Dictionary<D3Attribute, float> Attributes;
    X;
    Y;
    Z;
}

So you can iterate the actors with the stuffs you provided in your post, but all data will not be stored inside the struct, you will have to reverse "GetFloat" and "GetInt" to be able to fetch data from the dictionaries.

[Valtharak]

Also a big chunk of static info are stored in what they call SNO. for example RActor and ACD have a SNOId pointing to the Actor SNOGroup. The Actor SNO structure have a MonsterSNO if it's a NPC or monster so you can query the Monster SNO group. Those SNO are stored in the MPQ you can check Mooege for the file formats they have most of them parsed. You can query those if you find the function offset ingame or just make a MPQ reader to read the file directly.

As for finding offset i use a mix of IDA and cheat engine. cheat engine mostly for easy memory browsing and to see what address access a memory location i'm browsing. from there you can check those address in ida and try to understand and reverse the code.

If you choose to be out of process you will have to rewrite alot of code. Inprocess you can just find the functions and call them. To update your offsets after a patch i suggest patchdiff plugin for ida. When you find interesting function you can rename them to something more meaning full. When using patchdiff it will find those same function in the new exe if they haven't changed much. Also you can try downloading a more complete IDA version on torrents (you'll have to find the link yourself).

In my code i just skip the RActor part and just use ACDs. most functions use ACD pointer anyway. the only RActor i'v needed so far is the current player( Me ) one and you can easily get that with the GetCurrentPlayerGuid function.

just grab the last few binary from this forum and look at the older post for all the (function)offsets you can find. use patchdiff to find them in new binaries. you'll find Object Manager offset and such by looking at the functions themselves or values used to call them. most functions are called over and over again and you can start seeing patterns.