instant quit

[aj3423]

I'm trying to find the way to do instant quit but failed. this is what i did:
since the count down is 10 seconds, I tried search for 10 in cheat engine, go back to town and search for 0, repeat. and finally got two addresses, modify their value from 10 to 3, then quit game in diablo, it's still 10 seconds count down..
anyone could shed some light on this?

[403Forbidden]

I'm trying to find the way to do instant quit but failed. this is what i did:
since the count down is 10 seconds, I tried search for 10 in cheat engine, go back to town and search for 0, repeat. and finally got two addresses, modify their value from 10 to 3, then quit game in diablo, it's still 10 seconds count down..
anyone could shed some light on this?

Pretty sure it would be server side, wouldnt it?
And i dont think it would be the exact 10/0 numbers. Since there are no other numbers, id say its quite possible it would be a boolean for "timer" or "instant".

[aj3423]

Pretty sure it would be server side, wouldnt it?
And i dont think it would be the exact 10/0 numbers. Since there are no other numbers, id say its quite possible it would be a boolean for "timer" or "instant".

Thanks for the reply, you're right it's not just number like 10, I found it's a frame number 0x258(600)

00B47988 mov edx, dword ptr [ebp+10] ; dowrd ptr[ebp+10] == 0x258 here
I just modified this line to
xor edx, edx

Now it quits with a ZERO count down

I did that with ollydbg, could that detected by warden? And I want to implement this in my bot, could the code modification detected by warden?

Thanks.

[_Mike]

You should have someone verify that your character actually leaves the game because I'm pretty sure the server keeps you in game for the full duration even if the client disconnects.
And yes it can be detected. I haven't checked if that address is currently watched, but it would be easy enough for Blizzard to add it whenever they want.

[aj3423]

You should have someone verify that your character actually leaves the game because I'm pretty sure the server keeps you in game for the full duration even if the client disconnects.
And yes it can be detected. I haven't checked if that address is currently watched, but it would be easy enough for Blizzard to add it whenever they want.

I've verified that, there is "...left game" message when I quit.
what's the frequency that warden scans for these address? each scan for 1 minute?

[Valtharak]

patch the address before you quit and repatch it normal after you quit

[aj3423]

patch the address before you quit and repatch it normal after you quit

Yeah that's what i'm doing right now

[aj3423]

humm.. seems not working as expected. it does quit instantly but the next creation of game takes much more time than before. maybe has something to do with the 10sec . i'll look into that later..

[Beaving]

Yes, that's server side. Only way to circumvent is to instantly teleport to town and then leave.

Also yes, the function where you are editing is scanned by Warden. If you are lucky, they don't watch that part of the function (IIRC only the first few bytes). Also they scan like 1 address every minute, so it's unlikely to get caught, but it could happen.

[aj3423]

Y instantly teleport to town and then leave.

That sounds like a good idea.

[aj3423]

the town portal function seems located at:

00BAC94C 6A 01 push 1
00BAC94E 50 push eax
00BAC94F 6A 3B push 3B
00BAC951 56 push esi
00BAC952 E8 2917DDFF call 0097E080
00BAC957 83C4 10 add esp, 10

if i nop these lines, nothing happens when my character casts town portal, but i dont find any TIMER in the function, any idea?

[Beaving]

Check the send function ( send function ). Every action sends packets to the server, like casting a spell, and also the actual teleport. Catch the packets, then you have everything you need.