• Welcome to Valhalla Legends Archive.
 

map in clientless bot, can this work? not just "how do i?"

Started by ShadowDancer, December 23, 2006, 09:54 AM

Previous topic - Next topic

ShadowDancer

I'll expend as many time as i need to test it, so, if someone is already interested in this, he will be welcome to co work .

-create a small tcp-ip game server in the clientless bot
-connect a d2 to that gameserver
-when the client connects, go with a normal initialization
-send a 0x05 packet may be required.
-look in the memory for d2 process, check that the current player is the same that have connected to your game.
-when u have the process, send the 0x03 packet each time that one of your bots receive it, wait a small time and read the current level structure in the memory.
Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs

warz

I don't quite understand what you're trying to do. What are you trying to figure out?

ShadowDancer

i wanna have the map in my own application.
reverse the function that makes the map is the option but it is really time expencive :S
Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs


ShadowDancer

Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs

warz

Yeah, but are you trying to find where the game determines which map layout its going to use, so you can make a smarter game bot? what do all those networking features you listed have to do with?

ShadowDancer

[qoute] what do all those networking features you listed have to do with?[/qoute]
I dont know if i have explained it well bcoz mi english is bad, that list haves the steps to follow to have the map.

[qoute]but are you trying to find where the game determines which map layout its going to use, so you can make a smarter game bot?[/qoute]
yes but not, i'll try to make d2 think the map is beging remaped each time a bot changes to another levels chuck and read the map that d2 produces with readmemory.

u can do the reading thing with the source of sting maphack.

and the network thing with the bnet proxy concept that a few amount of members where talking about the last weeks.

Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs

Ringo

This will work, on the condition you send 0x03's before the game is fully initialized. (0x04 is sent etc)
As you may already know, once the client recv's 0x04, it will ignore login packets. (as it is no longer in a login state)
However, your bot will no longer be *clientless*. :)

All my exp/mf bots iv ever created, build the map out of 40 by 40 blocks, then calculate a path based on them.
I dont want to go into detail on how I do this, but I see it as having 2 options:
1) Copy the code d2 has and uses to build the map.
2) Invent your own, based on your research.

Ofc, a 3rd option would be to use D2's code. (like you have explained)

ShadowDancer

This will work, on the condition you send 0x03's before the game is fully initialized. (0x04 is sent etc)

when u change from the current level to another not loaded, the server send packets to unload all objects, locations and rooms, after that it seends 0x05 0x03 then load new rooms and then 0x04 again.

the problem with your method is that u have experience in reverse enginne unlike me :(

However, your bot will no longer be *clientless*.  :P... true, but my program will be able to run as many bots as cdkeys u can use with only one d2 that can be hiden and dont use a big amount of cpu/memory.
Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs

Ringo

Quote from: ShadowDancer on December 24, 2006, 02:41 AM
when u change from the current level to another not loaded, the server send packets to unload all objects, locations and rooms, after that it seends 0x05 0x03 then load new rooms and then 0x04 again.
Ah, yes. Im following what your thinking. :)
I think* you cant load the same act more than once at the same time, so you would have to switch act and back again if the act before was the same as the act to load next.
Its been awhile, so I cant say for sure, but I think you may have some more issues to work around like the above, inorder for it to work correctly.

Quote from: ShadowDancer on December 24, 2006, 02:41 AM
the problem with your method is that u have experience in reverse enginne unlike me :(
If you mean experience with ASM and reverseing, I have next to zero experience :P


Quote from: ShadowDancer on December 24, 2006, 02:41 AM
... true, but my program will be able to run as many bots as cdkeys u can use with only one d2 that can be hiden and dont use a big amount of cpu/memory.
Im not sure what your resources are like, but cpu/memory useage is the last of your problems :D
When I did a burst of D2jsp trading, I had no less than 130 cdkeys inuse at anyone time, and had more bandwidth issues than anything else :P
Not to mention connection limits, fail join tags, realm downs, game limits, etc.

ShadowDancer

i dont remeber how d2jsp worked but. if i am right it uses 1 d2 for each bot... 130 x ~13mb = 1690mb ram .... i have only 256mb(yes it is really obsolete) and my program uses 13mb to run 30 bots.
Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs

Joe[x86]

Quote from: Ringo on December 24, 2006, 11:36 PM
I think* you cant load the same act more than once at the same time, so you would have to switch act and back again if the act before was the same as the act to load next.
Its been awhile, so I cant say for sure, but I think you may have some more issues to work around like the above, inorder for it to work correctly.

I think you crossed the fine line between account and character. Accounts can obviously be used more than once at a time, as we've seen from the #XX mangles. As far as characters, they can be logged in any number of times, but only one instance of that character can be in a game at any given time. If one logs in to a game, the previous one gets removed (I don't know by what nature, though) from the game.

At least, this was what it was like a few patches ago. I haven't (and am not going to) tested it for a while.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

ShadowDancer

#12
Joe[x86] excuse my roughness but i dont know how to say it in any other way coz my english sucks...
We are talking about how use the game libaryes as a tool to read the map, your post is complety unrelated with the talk...

6FAB2160 > packet 03 process
ej: 03 01 0a 50 f7 18 28 00 61 e7 b0 41

dword edx = [ecx + 8] => n2 > 61 e7 b0 41
word ax = [ecx + 6] => new area ( 28 00 )
push eax
push edx
edx = [ecx + 2] => n1 > (0a 50 f7 18)
cl = [ecx + 1] => act

.text:6FAB2160 sub_6FAB2160    proc near               ; DATA XREF: .data:6FB76294o
.text:6FAB2160                 mov     edx, [ecx+8]
.text:6FAB2163                 xor     eax, eax        ; Logical Exclusive OR
.text:6FAB2165                 mov     ax, [ecx+6]
.text:6FAB2169                 push    eax
.text:6FAB216A                 push    edx
.text:6FAB216B                 mov     edx, [ecx+2]
.text:6FAB216E                 mov     cl, [ecx+1]

----------------------- called proc -------------------------

.text:6FAA9290 var_CC          = dword ptr -0CCh
.text:6FAA9290 var_90          = dword ptr -90h
.text:6FAA9290 var_88          = dword ptr -88h
.text:6FAA9290 var_80          = dword ptr -80h
.text:6FAA9290 var_68          = dword ptr -68h
.text:6FAA9290 var_64          = dword ptr -64h
.text:6FAA9290 var_50          = dword ptr -50h
.text:6FAA9290 var_44          = dword ptr -44h
.text:6FAA9290 var_28          = dword ptr -28h
.text:6FAA9290
.text:6FAA9290                 sub     esp, 6Ch
.text:6FAA9293                 push    ebx
.text:6FAA9294                 mov     ebx, ecx
.text:6FAA9296                 mov     al, bl
.text:6FAA9298                 push    ebp
.text:6FAA9299                 push    esi
.text:6FAA929A                 inc     al
.text:6FAA929C                 push    edi
.text:6FAA929D                 mov     ebp, edx
.text:6FAA929F                 mov     byte ptr [esp+7Ch+var_68], al
.text:6FAA92A3                 xor     edi, edi
.text:6FAA92A5

for i:=0 to $24 do
if d2common_checklvl(i,act)=1 then
for j:=0 to $20 do
begin
res:=d2common_getlvlscell(i,j); //pchar
if (res='') or (res[0]='0') then continue;
D2CMP_10095(unknow,res);
end;

.text:6FAA92A5 loc_6FAA92A5:                           ; CODE XREF: sub_6FAA9290+57j
.text:6FAA92A5                 mov     ecx, [esp+7Ch+var_68]
.text:6FAA92A9                 push    ecx
.text:6FAA92AA                 push    edi
.text:6FAA92AB                 call    D2Common_11226
.text:6FAA92B0                 test    eax, eax
.text:6FAA92B2                 jz      short loc_6FAA92E3
.text:6FAA92B4                 xor     esi, esi
.text:6FAA92B6
.text:6FAA92B6 loc_6FAA92B6:                           ; CODE XREF: sub_6FAA9290+51j
.text:6FAA92B6                 lea     edx, [esp+84h+var_44]
.text:6FAA92BA                 push    edx
.text:6FAA92BB                 push    esi
.text:6FAA92BC                 push    edi
.text:6FAA92BD                 call    D2Common_11227
.text:6FAA92C2                 mov     al, byte ptr [esp+90h+var_50]
.text:6FAA92C6                 cmp     al, 30h
.text:6FAA92C8                 jz      short loc_6FAA92DD
.text:6FAA92CA                 test    al, al
.text:6FAA92CC                 jz      short loc_6FAA92DD
.text:6FAA92CE                 lea     eax, [esp+90h+var_50]
.text:6FAA92D2                 lea     ecx, [esp+90h+var_80]
.text:6FAA92D6                 push    eax
.text:6FAA92D7                 push    ecx
.text:6FAA92D8                 call    D2CMP_10095
.text:6FAA92DD
.text:6FAA92DD loc_6FAA92DD:                           ; CODE XREF: sub_6FAA9290+38j
.text:6FAA92DD                                         ; sub_6FAA9290+3Cj
.text:6FAA92DD                 inc     esi
.text:6FAA92DE                 cmp     esi, 20h
.text:6FAA92E1                 jl      short loc_6FAA92B6
.text:6FAA92E3
.text:6FAA92E3 loc_6FAA92E3:                           ; CODE XREF: sub_6FAA9290+22j
.text:6FAA92E3                 inc     edi
.text:6FAA92E4                 cmp     edi, 24h
.text:6FAA92E7                 jl      short loc_6FAA92A5


currently i can run to here loading the d2common, d2cmp, d2win, storm, fog dlls on my application. :/


play warping animation?
.text:6FAA92E9                 lea     edx, [esp+98h+var_88]
.text:6FAA92ED                 push    offset aDataGlobalTile ; "data\\global\\tiles\\act1\\barracks\\warp.dt"...
.text:6FAA92F2                 push    edx
.text:6FAA92F3                 call    D2CMP_10095
.text:6FAA92F8                 lea     eax, [esp+0A0h+var_90]
.text:6FAA92FC                 push    offset aDataGlobalTi_0 ; "data\\global\\tiles\\act1\\outdoors\\blank.d"...
.text:6FAA9301                 push    eax
.text:6FAA9302                 call    D2CMP_10095

if pcurrent_act{dword_6FBA7984} <>0 then
D2Common_10039(pcurrent_act);

.text:6FAA9307                 mov     eax, dword_6FBA7984
.text:6FAA930C                 test    eax, eax
.text:6FAA930E                 jz      short loc_6FAA9316
.text:6FAA9310                 push    eax
.text:6FAA9311                 call    D2Common_10039

.text:6FAA9316
.text:6FAA9316 loc_6FAA9316:                           ; CODE XREF: sub_6FAA9290+7Ej
.text:6FAA9316                 mov     esi, [esp+0ACh+var_28]
.text:6FAA931D                 mov     cl, byte_6FBA795C -> first byte of 0x01 packet
.text:6FAA9323                 push    offset unk_6FACD840 > automap code
.text:6FAA9328                 push    offset unk_6FACD660 > automap code
.text:6FAA932D                 push    esi -> var
.text:6FAA932E                 push    0
.text:6FAA9330                 push    ecx -> cl value
.text:6FAA9331                 push    0
.text:6FAA9333                 push    1
.text:6FAA9335                 push    ebp ¿?
.text:6FAA9336                 push    ebx ¿?
.text:6FAA9337                 call    D2Common_10038

.text:6FAA933C                 mov     cl, byte_6FBA79D0
.text:6FAA9342                 mov     dword_6FBA7984, eax
.text:6FAA9347                 test    cl, cl
.text:6FAA9349                 jz      short loc_6FAA936C
.text:6FAA934B                 cmp     bl, 1
.text:6FAA934E                 jnz     short loc_6FAA936C
.text:6FAA9350                 test    eax, eax
.text:6FAA9352                 jz      short loc_6FAA936C

.text:6FAA9354                 push    1
.text:6FAA9356                 push    0
.text:6FAA9358                 push    5
.text:6FAA935A                 call    sub_6FB29370

.text:6FAA935F                 mov     edx, dword_6FBA7984
.text:6FAA9365                 push    eax
.text:6FAA9366                 push    edx
.text:6FAA9367                 call    D2Common_10932

.text:6FAA936C
.text:6FAA936C loc_6FAA936C:                           ; CODE XREF: sub_6FAA9290+B9j
.text:6FAA936C                                         ; sub_6FAA9290+BEj ...
.text:6FAA936C                 mov     ecx, ebx
.text:6FAA936E                 mov     byte_6FBA79D0, 0
.text:6FAA9375                 and     ecx, 0FFh
.text:6FAA937B                 call    sub_6FB245B0
.text:6FAA9380                 mov     ecx, 1
.text:6FAA9385                 call    sub_6FB242E0
.text:6FAA938A                 mov     ecx, dword_6FBA7988
.text:6FAA9390                 xor     eax, eax
.text:6FAA9392                 mov     [ecx], eax
.text:6FAA9394                 mov     [ecx+4], eax
.text:6FAA9397                 mov     edx, dword_6FBA7988
.text:6FAA939D                 mov     eax, [esp+0E4h+var_64]
.text:6FAA93A4                 mov     [edx], ebp
.text:6FAA93A6                 mov     ecx, dword_6FBA7988
.text:6FAA93AC                 mov     [ecx+4], eax
.text:6FAA93AF                 call    sub_6FACF730
.text:6FAA93B4                 call    sub_6FAA4A30
.text:6FAA93B9                 call    sub_6FB203C0
.text:6FAA93BE                 mov     dword_6FBA798C, esi
.text:6FAA93C4                 call    sub_6FB5CB60
.text:6FAA93C9                 mov     cl, bl
.text:6FAA93CB                 call    sub_6FB5C9E0
.text:6FAA93D0                 lea     edx, [esp+0E4h+var_CC]
.text:6FAA93D4                 push    ebp
.text:6FAA93D5                 push    offset aSeedD   ; "Seed: %d"
.text:6FAA93DA                 push    edx
.text:6FAA93DB                 call    _sprintf
.text:6FAA93E0                 lea     eax, [esp+0F0h+var_CC]
.text:6FAA93E4                 push    eax
.text:6FAA93E5                 call    Fog_10029
.text:6FAA93EA                 add     esp, 10h
.text:6FAA93ED                 mov     dword_6FB75814, 1
.text:6FAA93F7                 call    ds:GetTickCount
.text:6FAA93FD                 mov     ecx, dword_6FBA778C
.text:6FAA9403                 add     eax, 2710h
.text:6FAA9408                 pop     edi
.text:6FAA9409                 pop     esi
.text:6FAA940A                 pop     ebp
.text:6FAA940B                 cmp     eax, ecx
.text:6FAA940D                 pop     ebx
.text:6FAA940E                 jbe     short loc_6FAA9415
.text:6FAA9410                 mov     dword_6FBA778C, eax
.text:6FAA9415
.text:6FAA9415 loc_6FAA9415:                           ; CODE XREF: sub_6FAA9290+17Ej
.text:6FAA9415                 add     esp, 6Ch
.text:6FAA9418                 retn    8
.text:6FAA9418 sub_6FAA9290    endp ; sp = -68h
Quote from: MyndFyre-vL
No. We help people who help themselves.
http://sourceforge.net/projects/d2gs
http://assembla.com/space/d2gs

Ringo

Quote from: ShadowDancer on December 28, 2006, 07:42 AM
i dont remeber how d2jsp worked but. if i am right it uses 1 d2 for each bot... 130 x ~13mb = 1690mb ram .... i have only 256mb(yes it is really obsolete) and my program uses 13mb to run 30 bots.
Ah, I didnt mean d2jsp bot, I ment the d2 trade forums :P
http://forums.d2jsp.org/index.php?s=9c29a375ff85b7508a29b5313d48cd8f&showforum=51
I cant remember what memory they used, but it was around 100kb - 150kb per connection, including winsock/compression/decompression buffers + an instance of the game from my D2Char.ocx ;)

Quote from: Joex86] link=topic=16147.msg162837#msg162837 date=1167387986]
I think you crossed the fine line between account and character. Accounts can obviously be used more than once at a time, as we've seen from the #XX mangles. As far as characters, they can be logged in any number of times, but only one instance of that character can be in a game at any given time. If one logs in to a game, the previous one gets removed (I don't know by what nature, though) from the game.

At least, this was what it was like a few patches ago. I haven't (and am not going to) tested it for a while.
As shadow pointed out, we are talking about the acts the characters run around in, rather than the characters/accounts them sefs :)
I think what your talking about, is like the following:
BNet will allow the same account to be logged on multiple times (#instance)
Realm will allow only 1 of the same account to be logged on (#2 boots #1)
Games will allow only 1 char in agame (#2 gets rejected on game connection/login)

I think its always been like that with realm/game servers, to try and stop dupeing of characters/items.