Reading stuff off diablo 2 into an autoit program

Soldato
Joined
2 May 2004
Posts
19,946
Hi,

I've been messing around with AutoIt recently and have managed to make a little script that'll tell you your current life in Diablo 2 (as long as it's open).

It finds the PID using the process name and it all works fine.

In the memory section of things to get your health you use 0x6FBCC1E0 this is the part where I'm stuck.

I got the coding for the memory part from somewhere else, and was told to get your health from ingame you use the address: 0x6FBCC1E0

I am aware this is a hex address, but my question is... how did they find it?

What files should I be looking in and how can I find the addresses for e.g. the money in your inventory?

(Note: I'm not planning to make any hacks, I'm just using Diablo 2 to learn about memory addresses and stuff)

Thanks,
Craig.
 
Soldato
Joined
26 Dec 2003
Posts
16,522
Location
London
I should imagine you find some way of exploring the memory associated with a process, do something in-game that changes something―getting attacked to see the health change, for example―and then seeing what addresses are affected.
 
Soldato
OP
Joined
2 May 2004
Posts
19,946
Yea, I've been able to edit my health and money etc. using a memory explorer on the games process, but the address doesn't match the one used in the Autoit program :(
 

Una

Una

Associate
Joined
26 Nov 2004
Posts
2,471
Location
Reading / Lake District
There are many ways to do this sort of stuff, the most common way is to write hook dll and inject it into the games process memory space. You can find the offsets using a disassembler/debugger < its much easier as well if there is a game sdk (so you can look in the headers from which functions to detour).

http://research.microsoft.com/sn/detours/ <- Is pretty useful when writing this sort of stuff.

I use IDA Pro for my disassembly/hex editing, because you can have the opcodes one side and the hex display the other. Makes it really easy to find the areas you need.

Never used AutoIT my self, I tend to write my own dlls and inject them.

P.S On my version d2 LoD these were the addresses :)
0x00000265 - 0x00000268 character money.
0x00000269 - 0x00000272 stash money.
 
Last edited:
Soldato
OP
Joined
2 May 2004
Posts
19,946
Hi,

I have been using TSearch to find the memory address of certain things, I managed to find my current health in game and edit it.

e.g. I edited the address 42C0025 from my current health to 1 and I was left almost dead... so it did work. So then I go into the hexing section of TSearch and on the left it says 00042C0025 but that's a completley different code so what has been used in my current memory reading code... so this must be the wrong way to do it.

I will try more things, hopefully i'll be able to figure it out :)

EDIT

Ok, I've fully figured out the coding now... here's the function to get your current life:

Code:
Func _GetLife ()
  $open = _MemOpen ( $pid )
  $read = _MemRead ( $open, 0x6FBCC1E0, 4 )
  $p1 = StringRight( hex($read[3]), 2 ) & StringRight( hex($read[2]), 2 ) &       StringRight ( hex($read[1]), 2 )  & StringRight ( hex($read[0]), 2 )
  $p1 = "0x" & hex ( dec( $p1 ) + 92 )
  $read = _MemRead ( $open, $p1, 4 )
  $p2 = StringRight( hex($read[3]), 2 ) & StringRight( hex($read[2]), 2 ) &   StringRight ( hex($read[1]), 2 )  & StringRight ( hex($read[0]), 2 )
  $p2 = "0x" & hex ( dec( $p2 ) + 36 )
  $read = _MemRead ( $open, $p2, 4 )
  $p3 = StringRight( hex($read[3]), 2 ) & StringRight( hex($read[2]), 2 ) &   StringRight ( hex($read[1]), 2 )  & StringRight ( hex($read[0]), 2 )
  $p3 = "0x" & hex ( dec( $p3 ) + 37 )
  $read = _MemRead ( $open, $p3, 4 )
  $life = StringRight( hex($read[3]), 2 ) & StringRight( hex($read[2]), 2 ) &   StringRight ( hex($read[1]), 2 )  & StringRight ( hex($read[0]), 2 )
  $life = dec( $life )
  _MemClose ( $open )
Return $life
EndFunc

And to get the overall life the only thing that has changed in that code is rather than reading this at the end:

Code:
$p3 = "0x" & hex ( dec( $p3 ) + 37 )

it reads this:

Code:
$p3 = "0x" & hex ( dec( $p3 ) + 45 )

So basically to read your life it's using 923637 and to read your max life it's reading 923645

Any ideas how I'd get that number for e.g. invent gold?


EDIT


Right, I just attached this memory read program to my current inventory money address, I dropped one gold and it logged this:

6fd5b024 - 89 78 04

Those looks exactly like the numbers that I need to edit this script, so I entered them but when the autoit script then reads it it comes out with 0 :(
 
Last edited:
Back
Top Bottom