1.06a Changes

[iamclint]

Looks like the snodata addresses have changed and cursor item

Code:

        Public Enum SnoData As Long
            GameBalance = &H1884F98 '1.06 18851A0
            MonsterDef = &H18CBE70     '1.06 18CC080 
            ActorDef = &H18C6AD8 '1.06 18C6CE0
        End Enum

Code:

CursorItem = &H18C859C
off1=&h20
off2=&h1c4
off3=&h2c

Code:

 MPLevel = &H1836148
 MPLevel_off1 = &H10
 MPLEvel_off2 = &H59C

everything else I use seems to be fine.


And instead of messaging me for info just post here

[AGPS]

Very nice!

[tuisful]

OHHH, thank you. You guys are really quick, big big smile

[AGPS]

SNOGroup_Scene_Addr = 0x018D0628, //0x018D0838, 1.0.6
SNOGroup_StringList_Addr = 0x01881FA0,//0x018821A8 1.0.6

[aylwin1991]

The point of the following program is to start multiple clients from the same folder. What it did was patch memory or something from the launcher / diablo 3 exe. Currently with the patch it seems that some memory has been shuffled. Do you know how I can find a solution to this issue? I've tried browsing memory with CE but no avail.

Code:

namespace D3Starter
{
    using System;
    using System.ComponentModel;
    using System.Diagnostics;
    using System.IO;
    using System.Runtime.InteropServices;
    using System.Security;
    using System.Threading;

    internal class Program
    {
        private static IntPtr dwSharePatch = IntPtr.Zero;
        private static IntPtr launcherPatch = IntPtr.Zero;

        [DllImport("advapi32.dll", SetLastError = true, ExactSpelling = true)]
        internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TOKEN_PRIVILEGES newst, int len, IntPtr prev, IntPtr relen);
        [SuppressUnmanagedCodeSecurity, DllImport("kernel32.dll", SetLastError = true)]
        internal static extern bool CloseHandle(IntPtr hHandle);
        [DllImport("kernel32.dll")]
        private static extern bool CreateProcess(string lpApplicationName, string lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, int dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
        private static IntPtr FindPatchAddress(byte[] pattern, IntPtr hProc, IntPtr baseAddress)
        {
            try
            {
                byte[] lpBuffer = new byte[0x200000];
                try
                {
                    int num;
                    if (!ReadProcessMemory(hProc, baseAddress, lpBuffer, lpBuffer.Length, out num))
                    {
                        throw new Win32Exception();
                    }
                }
                catch (Win32Exception exception)
                {
                    Console.WriteLine(exception.ToString());
                    return IntPtr.Zero;
                }
                for (int i = 0; i < lpBuffer.Length; i++)
                {
                    for (int j = 0; j < pattern.Length; j++)
                    {
                        if (lpBuffer[i + j] != pattern[j])
                        {
                            continue;
                        }
                    }
                    return (baseAddress + i);
                }
            }
            catch
            {
            }
            return IntPtr.Zero;
        }

        [DllImport("kernel32.dll", ExactSpelling = true)]
        internal static extern IntPtr GetCurrentProcess();
        [return: MarshalAs(UnmanagedType.Bool)]
        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        private static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out LUID lpLuid);
        
        private static void Main(string[] args)
        {
            int num2;
            Console.Title = "D3 Starter";
            Process.EnterDebugMode();
            int result = 0;
            string path = null;
            string str2 = " -launch";
            if ((args == null) || (args.Length == 0))
            {
                Console.WriteLine("Please enter the path to your D3 executable");
                path = Console.ReadLine();
                while (true)
                {
                    Console.WriteLine("How many instances would you like to start? (Please enter a numerical value)");
                    if (int.TryParse(Console.ReadLine(), out result))
                    {
                        goto Label_00BA;
                    }
                    Console.WriteLine("Invalid input value!");
                }
            }
            if (args.Length >= 1)
            {
                path = args[0];
                result = 1;
            }
            if ((args.Length >= 2) && !int.TryParse(args[1], out result))
            {
                Console.WriteLine("Invalid input value for number of processes!");
                Console.ReadLine();
                return;
            }
        Label_00BA:
            num2 = 0;
            while (num2 < result)
            {
                Console.WriteLine("Launching a proccess now with the -launch argument");
                StartGame(path, str2);
                Thread.Sleep(0x5dc);
                num2++;
            }
            Console.WriteLine(result + " game instances started! All done!");
            Console.ReadLine();
        }

        [DllImport("kernel32.dll")]
        internal static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
        [return: MarshalAs(UnmanagedType.Bool)]
        [DllImport("advapi32.dll", SetLastError = true)]
        private static extern bool OpenProcessToken(IntPtr processHandle, uint desiredAccess, out IntPtr tokenHandle);
        
		
		private static void PatchProcess(IntPtr hProc, IntPtr baseAddress)
        {
            int num;
            byte[] pattern = new byte[] { 
                0x8b, 0x5d, 0x10, 0x89, 0x85, 0xe4, 0xfb, 0xff, 0xff, 0x8b, 0x45, 0x20, 0x89, 0x8d, 0xe0, 0xfb, 
                0xff, 0xff, 0x56, 0x8d, 0x8d, 0x90
             };
            byte[] lpBuffer = new byte[] { 0x6a, 3, 0x5b };
            if (dwSharePatch == IntPtr.Zero)
            {
                dwSharePatch = FindPatchAddress(pattern, hProc, baseAddress);
            }
            if (dwSharePatch != IntPtr.Zero)
            {
                Console.WriteLine("Patching file access at address: " + dwSharePatch.ToString("X"));
                WriteProcessMemory(hProc, dwSharePatch, lpBuffer, lpBuffer.Length, out num);
            }
            byte[] buffer3 = new byte[] { 0xf6, 0x40, 5, 0x10, 0x75, 0x17 };
            if (launcherPatch == IntPtr.Zero)
            {
                launcherPatch = FindPatchAddress(buffer3, hProc, baseAddress);
            }
            if (launcherPatch != IntPtr.Zero)
            {
                Console.WriteLine("Patching launcher startup at address: " + dwSharePatch.ToString("X"));
                WriteProcessMemory(hProc, launcherPatch + 4, new byte[] { 0xeb }, 1, out num);
            }
        }

        [DllImport("kernel32.dll", SetLastError = true)]
        internal static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
        private static void ResumeProcess(IntPtr thread, IntPtr proc)
        {
            if (thread != IntPtr.Zero)
            {
                ResumeThread(thread);
            }
            CloseHandle(thread);
            CloseHandle(proc);
        }

        [DllImport("kernel32.dll")]
        private static extern uint ResumeThread(IntPtr hThread);
		
        private static void SetSeDebugPrivs(IntPtr procHandle)
        {
            IntPtr ptr;
            LUID luid;
            if (!OpenProcessToken(procHandle, 40, out ptr))
            {
                throw new Exception("OpenProcessToken");
            }
            if (!LookupPrivilegeValue(null, "SeDebugPrivilege", out luid))
            {
                throw new Exception("LookupPrivilegeValue");
            }
            TOKEN_PRIVILEGES newst = new TOKEN_PRIVILEGES
            {
                PrivilegeCount = 1,
                Luid = luid,
                Attributes = 2
            };
            Console.WriteLine("Val: " + AdjustTokenPrivileges(ptr, false, ref newst, 0, IntPtr.Zero, IntPtr.Zero));
        }

        public static void StartGame(string path, string args)
        {
            IntPtr ptr;
            IntPtr ptr2;
            if (!File.Exists(path))
            {
                Console.WriteLine("File does not exist: " + path);
            }
            Process process = StartProcess(path, args, out ptr, out ptr2);
            if (process != null)
            {
                Console.WriteLine("Process ID " + process.Id + " started.");
                Console.WriteLine("Patching process " + process.Id);
                PatchProcess(ptr2, (IntPtr)0x81C29D);
                Console.WriteLine("Resuming process " + process.Id);
                ResumeProcess(ptr, ptr2);
            }
            else
            {
                Console.WriteLine("Could not create process for " + path);
            }
        }

        private static Process StartProcess(string path, string arguments, out IntPtr hThread, out IntPtr hProc)
        {
            Process processById = null;
            hThread = IntPtr.Zero;
            hProc = IntPtr.Zero;
            STARTUPINFO lpStartupInfo = new STARTUPINFO();
            PROCESS_INFORMATION lpProcessInformation = new PROCESS_INFORMATION();
            if (CreateProcess(path, arguments, IntPtr.Zero, IntPtr.Zero, false, 4, IntPtr.Zero, null, ref lpStartupInfo, out lpProcessInformation))
            {
                hThread = lpProcessInformation.hThread;
                processById = Process.GetProcessById((int)lpProcessInformation.dwProcessId);
                hProc = OpenProcess(ProcessAccessFlags.SYNCHRONIZE | ProcessAccessFlags.PROCESS_QUERY_INFORMATION | ProcessAccessFlags.PROCESS_SET_INFORMATION | ProcessAccessFlags.PROCESS_VM_WRITE | ProcessAccessFlags.PROCESS_VM_READ | ProcessAccessFlags.PROCESS_VM_OPERATION | ProcessAccessFlags.PROCESS_CREATE_THREAD | ProcessAccessFlags.PROCESS_TERMINATE, false, processById.Id);
                SetSeDebugPrivs(GetCurrentProcess());
                SetSeDebugPrivs(hProc);
            }
            return processById;
        }

        [DllImport("kernel32.dll", SetLastError = true)]
        private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesWritten);

        [StructLayout(LayoutKind.Sequential)]
        public struct LUID
        {
            public uint LowPart;
            public int HighPart;
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct PROCESS_INFORMATION
        {
            public IntPtr hProcess;
            public IntPtr hThread;
            public uint dwProcessId;
            public uint dwThreadId;
        }

        [Flags]
        public enum ProcessAccessFlags
        {
            DELETE = 0x10000,
            PROCESS_ALL_ACCESS = 0x1f0fff,
            PROCESS_CREATE_PROCESS = 0x80,
            PROCESS_CREATE_THREAD = 2,
            PROCESS_DUP_HANDLE = 0x40,
            PROCESS_QUERY_INFORMATION = 0x400,
            PROCESS_QUERY_LIMITED_INFORMATION = 0x1000,
            PROCESS_SET_INFORMATION = 0x200,
            PROCESS_SET_QUOTA = 0x100,
            PROCESS_SUSPEND_RESUME = 0x800,
            PROCESS_TERMINATE = 1,
            PROCESS_VM_OPERATION = 8,
            PROCESS_VM_READ = 0x10,
            PROCESS_VM_WRITE = 0x20,
            READ_CONTROL = 0x20000,
            SYNCHRONIZE = 0x100000,
            WRITE_DAC = 0x40000,
            WRITE_OWNER = 0x80000
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct STARTUPINFO
        {
            public uint cb;
            public short cbReserved2;
            public uint dwFillAttribute;
            public uint dwFlags;
            public uint dwX;
            public uint dwXCountChars;
            public uint dwXSize;
            public uint dwY;
            public uint dwYCountChars;
            public uint dwYSize;
            public IntPtr hStdError;
            public IntPtr hStdInput;
            public IntPtr hStdOutput;
            public string lpDesktop;
            public string lpReserved;
            public IntPtr lpReserved2;
            public string lpTitle;
            public short wShowWindow;
        }

        [StructLayout(LayoutKind.Sequential)]
        public struct TOKEN_PRIVILEGES
        {
            public uint PrivilegeCount;
            public Program.LUID Luid;
            public uint Attributes;
        }
    }
}

[KillerJohn]

EDIT: nevermind, I found the string under the stringlist SNO, (ID is 0xCB2E for levelarea translations)

Anybody knows how can I process the current level area ID to the SNO string?

int ofs = MR.ReadInt(0x17E3F14);
int new_level_area = MR.ReadInt(ofs + 0x40);

I'm working on a special HUD for D3, and I would love to know this...

Thanks!

[iamclint]

Incase Anyone Cares This is whats in gamebalance.. obviously the addresses can change which is why I included the key

Code:

Key: 4A5 Address: A2B2000 .\Resources\Excel\Items_Legendary_Other.xls
Key: 4D19 Address: A2BE000 .\Resources\Excel\AffixList.xls
Key: 4D1B Address: 9DB8400 C:\ProjectX\Data_D3\XML\GameBalance\Axe Bad Data.txt
Key: 4D1C Address: 9C56000 .\Resources\Excel\Characters.xls
Key: 4D1D Address: A4EA000 .\Resources\Excel\Experience.xls
Key: 4D1E Address: A4F2000 .\Resources\Excel\Experience_PvP.xls
Key: 4D20 Address: A4FC000 .\Resources\Excel\Hirelings.xls
Key: 4D21 Address: 9DB8800 .\Resources\Excel\Inventory.xls
Key: 4D22 Address: 9DB8000 ..\main\Resources\Excel\Inventory_PvP.xls
Key: 4D24 Address: A4FE000 .\Resources\Excel\ItemEnhancements.xls
Key: 4D26 Address: A544000 .\Resources\Excel\Items_Armor.xls
Key: 4D28 Address: A5AE000 .\Resources\Excel\Items_Legendary_Weapons.xls
Key: 4D29 Address: A5D2000 .\Resources\Excel\Items_Other.xls
Key: 4D2A Address: A666000 .\Resources\Excel\Items_Weapons.xls
Key: 4D2B Address: A6F4000 .\Resources\Excel\ItemTypes.xls
Key: 4D2D Address: A6FE000 .\Resources\Excel\LabelsGlobal.xls
Key: 4D2F Address: A72A000 .\Resources\Excel\MonsterAffixes.xls
Key: 4D30 Address: A734000 .\Resources\Excel\MonsterLevels.xls
Key: 4D31 Address: A742000 .\Resources\Excel\MonsterNames.xls
Key: 4D35 Address: A770000 .\Resources\Excel\RareNames.xls
Key: 4D36 Address: A7AE000 .\Resources\Excel\SocketedEffects.xls
Key: 1E0A8 Address: A7EA000 .\Resources\Excel\SetItemBonuses.xls
Key: 1FF33 Address: A808000 .\Resources\Excel\Items_Quests.xls
Key: 258A2 Address: A870000 .\Resources\Excel\PowerFormulaTables.xls
Key: 29A83 Address: A876000 .\Resources\Excel\Items_Legendary.xlsx
Key: 2E679 Address: A97C000 .\Resources\Excel\RecipesBlacksmith.xls
Key: 2E67A Address: A99A000 .\Resources\Excel\RecipesJeweler.xls
Key: 2E67B Address: A9A5000 .\Resources\Excel\RecipesMystic.xls
Key: 304F8 Address: A9AA000 .\Resources\Excel\Items_Quests_Beta.xls
Key: 3DACA Address: A9CA000 .\Resources\Excel\ExperienceAlt.xls
Key: 3E89B Address: A9A0000 .\Resources\Excel\ItemRequiredLevels.xls

[iamclint]

Anyone know how to iterate the chat window messages? if so can you post it here if not I suppose i'll dig into it myself

[iamclint]

Well I found what I needed however not the entire chat list which is fine

Code:

Name: Root_NormalLayer_chatoutput_dialog_backgroundScreen_chat_content_MessageListContainer_chat_messagelist_textGrunt     Hash: 7537245232309103185

This contains the last message in your chat window.

[g4b51l]

Incase Anyone Cares This is whats in gamebalance

Yes I do...THANKS

[rollypoly]

does this still work for you?

i setup a loop to watch it, but i'm not seeing any text.

[iamclint]

does what work for me?

[rollypoly]

sorry, thought i replied with quote...

Root_NormalLayer_chatoutput_dialog_backgroundScreen_chat_content_MessageListCont ainer_chat_messagelist_textGrunt

[iamclint]

sorry, thought i replied with quote...

Root_NormalLayer_chatoutput_dialog_backgroundScreen_chat_content_MessageListCont ainer_chat_messagelist_textGrunt

yes this still works for me

[rollypoly]

yes this still works for me

i can't seem to get the most recent message using the text pointer at 0xAE0.

am i looking in the right place for this? i've tried using CE to find the link, but it's still a bit foreign to me.