• Welcome to Valhalla Legends Archive.
 

D2 Stats

Started by iago, July 19, 2003, 09:52 AM

Previous topic - Next topic

iago

I'm sure that more than one bot developer have worked on Diablo II statstrings, and, because I'm like that, I wrote a simple plugin to test things out.  It requires my Buffer class, which can be found here:
http://www.backstab.ca/~rbowes/Buffer.rar

And the code (which you will have to fiddle with, but meh?) is here:
#include <windows.h>
#include <strstream>
#include "Buffer.h"

// The following are dwId's for 0x0F packets:
const DWORD ID_USERINCHANNEL            = 0x01;
const DWORD ID_USERJOINCHANNEL          = 0x02;
const DWORD ID_USERLEAVECHANNEL         = 0x03;
const DWORD ID_WHISPERFROM              = 0x04;
const DWORD ID_INCOMING_CHAT            = 0x05;
const DWORD ID_ERROR                    = 0x06;
const DWORD ID_CHANNELJOIN              = 0x07;
const DWORD ID_CHANGEFLAGS              = 0x09;
const DWORD ID_WHISPERTO                = 0x0A;
const DWORD ID_INFORMATION              = 0x12;
const DWORD ID_CHANNELFULL              = 0x13;
const DWORD ID_IGNOREON                 = 0x15;
const DWORD ID_IGNOREOFF                = 0x16;
const DWORD ID_EMOTE                    = 0x17;

void DoStuffs(BYTE EventID, string Name, string Statstring)
{
// FF 0F 3A 00 12 00 00 00 10 00 00 00 4E 00 00 00         ..:.........N...
// 00 00 00 00 0D F0 AD BA 0D F0 AD BA 46 75 78 44         ............FuxD
// 75 78 00 57 65 6C 63 6F 6D 65 20 74 6F 20 42 61         ux.Welcome to Ba
// 74 74 6C 65 2E 6E 65 74 21 00                           ttle.net!.

   Buffer test;
   DWORD Addr = 0x6ff02040;
   DWORD Len = (WORD)(30 + Name.length() + Statstring.length());

   test << (BYTE) 0xff;
   test << (BYTE) 0x0f;
   test << (WORD) Len;

   test << (DWORD) EventID;
   test << (DWORD) 0x10;
   test << (DWORD) 0x4e;
   test << (DWORD) 0x00;
   test << (DWORD) 0xbaadf00d;
   test << (DWORD) 0xbaadf00d;
   test << Name << (BYTE) 0;
   test << Statstring << (BYTE) 0;
   
   char *str = (char*)test.c_str();
   __asm
   {
      mov ecx, str
      mov edx, Len
      call Addr
   }
}
BOOL APIENTRY DllMain( HANDLE hModule,
                      DWORD  dwReason,
                      LPVOID lpReserved
                )
{
   switch(dwReason)
   {
   case DLL_PROCESS_ATTACH:
      {
         // Clear out the channel
         DWORD UCode;
         UCode = GetTickCount();
         DoStuffs(ID_CHANNELJOIN, "FuxDux", (char*)&UCode);
         Buffer StatString;
         
         for(int i = 1; i <= 0xFF; i++)
         {
            strstream Name;
            StatString.ClearBuffer();
            Name << "iago-vL#";
            Name << i;
            Name << "*iago.";
            Name << i;
            Name << '\0';
      
            StatString << "PX2D";               // Product
            StatString << "Moo,";               // Realm
            StatString << "iagovL,";            // Character name, again, seems to do nothing
            StatString << (BYTE) 0x84; // 0x84 = nothing?
            StatString << (BYTE) 0x80; // 0x80 = nothing?
            StatString << (BYTE) 40; // 0x01 = Helmet
            StatString << (BYTE) 3; // Chest
            StatString << (BYTE) 3; // Legs
            StatString << (BYTE) 3; // Right Arm
            StatString << (BYTE) 3; // left arm
            StatString << (BYTE) 1; // weapon
            StatString << (BYTE) 1; // bow?
            StatString << (BYTE) 1; // shield
            StatString << (BYTE) 1; // right shoulder
            StatString << (BYTE) 1; // left shoulder
            StatString << (BYTE) i; // nothing

            StatString << (BYTE) 4; // Race - See notebook :)
            StatString << (BYTE) 1; // helmet color
            StatString << (BYTE) 1; // chest color
            StatString << (BYTE) 1; // leg color
            StatString << (BYTE) 1; // r arm color
            StatString << (BYTE) 1; // l arm color
            StatString << (BYTE) 1; // weapon color
            StatString << (BYTE) 1; // bow color
            StatString << (BYTE) 1; // shield color
            StatString << (BYTE) 166; // right shoulder color
            StatString << (BYTE) 169; // left shoulder color
            StatString << (BYTE) i;

            StatString << (BYTE) 0x63; // Level
            StatString << (BYTE) (0xa0); // 0xa0 = bit 0 = ?, bit 1 = ?, bit 2 = Hardcore, bit 3 = Dead
            StatString << (BYTE) 0x80; // 0x80 = Rank - see notebook :)
                                 
            StatString << (BYTE) 0xff; // ?
            StatString << (BYTE) 0xff; // ?
            StatString << (BYTE) 0xff; // ?
            StatString << (BYTE) 0x80; // Nothing?
            StatString << (BYTE) 0x80; // Nothing?
            StatString << (BYTE) 0x80; // Nothing?

            StatString << (BYTE) 0; // Null-terminator
            DoStuffs(ID_USERJOINCHANNEL, (char*) Name.str(), (char*)StatString.c_str());//(char*) StatString.c_str());
         }
      }
   }

   return TRUE;
}


I commented most of the stuff I know, but I didn't list specific weapons/armour/etc because I was writing it in my notebook, and I'm not too confident.  

If you don't know how to use this (you need to attach this to diablo 2's memory), then don't.

This works with a diablo II loader that I use (because I don't like carrying around a cd-case with my laptop) called game_crk.exe.  I don't know if the address is the same, and if it's not you can tell me the real address for that __fastcall function.

That's all I can think of saying, have fun! :-)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


iago

Ok, I'll transcribe a couple:
Races:
1. Amazon
2. Sorceress
3. Necromancer
4. Paladin
5. Barbarian
6. Druid
7. Assassin
(the rest of these will never show up, except maybe on a hacked server)
8. Unknown (guy in brown cloak)
9/10. Unknown (guy in grey cloak)
11/12/13. Various diablo 1 guys, I think
14. Starcraft Marine
15. Medic
16. Warcraft 2 Grunt
17. Blizzard Rep
18. Moderator
19. Sysop
20. Referee
21. Chat
22. Speaker
All the rest - Uknown (guy in brown cloak)


Helmets (I'm not guarenteeing these):
1, 2, 3 - no helm
4, 57 - cap
5, 58 - skullcap
6, 59 - helm
7, 60 - full helm
8, 61 - greathelm
9, 62 - I don't know
10, 63 - mask
40 - bonehelm
86 - 91 - headless
I might have mixed these ones up, but only barbarians have them:
89 - fanged helm
90 - warhelm
91 - winged helm
All the rest - hatless
(I forgot to look for druid hats, but I'd guess they are 86, 87, and 88 since those graphics are missing)


Weapons (Again, I may have mixed these up.  And I know I'm missing sorceress-only items):
4 - hatchet
5 - Axe
6 - doubleaxe
7 - large axe
8 - great axe
9/10/11/12 - various wands, not sure which is which
13 - mace
14 - hammer
15 - flail
16 - maul
17 - short sword
18 - schimitar
19 - broadsword
20 - crystal sword
21/22/23/24 - swords
25/26/27/28/29 - I don't know
30 - spear
31 - trident
32 - spetum
33 - pike
34 - glaive
35 - sickle
36 - poleaxe
37/38/39 - various staffs
40 - warstaff
49/50/56 - I don't know
121/122/123/124 - clubs
125 - 129 - coloured orbs



Shields (I know I'm missing paladin specific items)
79 - small shield
80 - buckler
81 - kite shield
82 - towershield
84 - bone shield
85 - spiked shield
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Yoni

Quote from: iago on July 19, 2003, 10:13 AM
86 - 91 - headless
IIRC, "headless" means the cap is class-specific, and you've specified it for the wrong class. Try it on other character classes, one of them shouldn't be headless.

iago

You're right, I have written down in my notebook "probably druid" but I forgot to fix that in my post :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


iago

This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


UserLoser

Cool, i was just telling someone the other day that i wanted to figure out gear/colors =) +1

iago

Go figure out the ones that I don't know :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


UserLoser

#7
What's the number after (BYTE) mean?  - I'm trying to get the values out of the statstrings in VB, and I don't know too much C++, nor am I well at converting C++ to VB.

K

(BYTE)0x01 casts the value to a byte; ie: (BYTE)1 = 0x01; (WORD)1 = 0x0100; (DWORD)1 = 0x01000000 etc.

iago

A byte is the same as a char, that helps.

Technically, an unsigned char, but who's counting? :-)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Yoni

Quote from: K on July 20, 2003, 07:37 PM
(BYTE)0x01 casts the value to a byte; ie: (BYTE)1 = 0x01; (WORD)1 = 0x0100; (DWORD)1 = 0x01000000 etc.
Close enough

(WORD)1 = 0x0001, and (DWORD)1 = 0x00000001, but in the packet data, they are "01 00" and "01 00 00 00" respectively.

Camel

I once had a C teacher who tried to convince me to not include preceeding zeroes in hex as it "is misleading." Naturally, he lost that argument.