Diablo II Game Bot Discussion

UserLoser · October 31, 2003, 07:56 PM

i've been working on somewhat of a client, or gamebot for diablo ii. so far, it creates games, and other users can join it. but, i've ran into some problems, and i'm wondering if anyone is willing to share some public information on D2GS packets, besides having higher level access on BnetDocs. I have found some information at BlizzHackers.com, but the information there doesn't seem to be correct since the new patch for diablo ii. One of my problems is dropping due to timeout, I can't seem to find the correct keepalive? packet. however, i do believe it is d2gs packet 0x6c, also packet decompression

I have had some help creating a DLL from this thread:
http://forum.valhallalegends.com/phpbbs/index.php?board=17;action=display;threadid=585

http://www.userloser.net/D2GSClient.dll

But, i'm not sure how to use the dll in VB

Exported by DLL:

Code Select

unsigned char GamePacketSize(unsigned char *data, unsigned int *size, unsigned int *offset);

What i have in VB, seems to be incorrect:

Code Select


Public Declare Function GamePacketSize Lib "D2GSClient.dll" (ByRef Data As String, ByRef Size As Integer, ByRef Offset As Integer) As String

And

Code Select

GamePacketDecode(unsigned char *indata, unsigned int insize, unsigned char *outdata, unsigned int outmax, unsigned int *outsize);

Code Select


Public Declare Function GamePacketDecode Lib "D2GSClient.dll" (ByRef inData As String, ByVal inSize As Integer, ByRef outData As String, ByVal outMax As Integer, ByRef outSize As Integer) As Integer

Has the decompression code changed with the new patch? (Skywing?) Or, is that decompression code originally posted completely wrong, or wrong at all?

Soul Taker · October 31, 2003, 11:47 PM

The code from this forum I tried a long time ago and it seems to cut off parts of the packet. For instance, I could not see an entire message typed by someone, or the starts of some packets.

As for a keep-alive, I used packet 0x6a, but I haven't looked at in-game packets with the new patch so that may not work anymore.

Skywing · November 01, 2003, 12:40 PM

Quote from: UserLoser on October 31, 2003, 07:56 PM
i've been working on somewhat of a client, or gamebot for diablo ii. so far, it creates games, and other users can join it. but, i've ran into some problems, and i'm wondering if anyone is willing to share some public information on D2GS packets, besides having higher level access on BnetDocs. I have found some information at BlizzHackers.com, but the information there doesn't seem to be correct since the new patch for diablo ii. One of my problems is dropping due to timeout, I can't seem to find the correct keepalive? packet. however, i do believe it is d2gs packet 0x6c, also packet decompression

I have had some help creating a DLL from this thread:
http://forum.valhallalegends.com/phpbbs/index.php?board=17;action=display;threadid=585

http://www.userloser.net/D2GSClient.dll

But, i'm not sure how to use the dll in VB

Exported by DLL:
Code Select Expand
unsigned char GamePacketSize(unsigned char *data, unsigned int *size, unsigned int *offset);

What i have in VB, seems to be incorrect:
Code Select Expand
Public Declare Function GamePacketSize Lib "D2GSClient.dll" (ByRef Data As String, ByRef Size As Integer, ByRef Offset As Integer) As String

And

Code Select Expand
GamePacketDecode(unsigned char *indata, unsigned int insize, unsigned char *outdata, unsigned int outmax, unsigned int *outsize);
Code Select Expand
Public Declare Function GamePacketDecode Lib "D2GSClient.dll" (ByRef inData As String, ByVal inSize As Integer, ByRef outData As String, ByVal outMax As Integer, ByRef outSize As Integer) As Integer

Has the decompression code changed with the new patch? (Skywing?) Or, is that decompression code originally posted completely wrong, or wrong at all?

I haven't checked if the in-game protocol has changed yet.

Are you declaring the DLL export to be stdcall, either explicitly via the __stdcall keyword, or implicitly via the default calling convention compiler option?

Visual Basic only officially supports calling stdcall exports. Old versions had an unsupported option for calling cdecl, but I'm fairly certain this has been removed now.

UserLoser · November 01, 2003, 01:52 PM

Yes, the _stdcall is there

Also, would you be able to verify what Brand.X posted here compared to your code, is correct?

Soul Taker · November 01, 2003, 08:57 PM

I send a hardcoded, random (at the time of coding it, anyway) value in 0x6a and have stayed in games for ~30 minutes helping people mule.

Michael · November 01, 2003, 09:01 PM

Could the values maybe be different for ladder and hardcore chars. maybe for regular also?

Soul Taker · November 01, 2003, 11:00 PM

Code Select

p.InsertDWORD &H6738A20
p.InsertDWORD &H0
p.SendGamePacket &H6A

I have that sent every time a 15 second timer fires.

Paul · November 02, 2003, 12:13 AM

From what I can tell 0x6C is the Keepalive packet in 1.10 per the following piece of code, which is on a timer:

Code Select


:6FAAD3D3 C64424046C mov [esp+04], 6C <----- Client update packet type / Keepalive 
:6FAAD3D8 FFD6 call esi 
:6FAAD3DA 89442405 mov dword ptr [esp+05], eax 
:6FAAD3DE E8FDC6FFFF call 6FAA9AE0 
:6FAAD3E3 8D542404 lea edx, dword ptr [esp+04] 
:6FAAD3E7 6A09 push 00000009 <----- Packet length = 9 bytes 
:6FAAD3E9 52 push edx 
:6FAAD3EA D1E8 shr eax, 1 
:6FAAD3EC 6A00 push 00000000 
:6FAAD3EE 89442415 mov dword ptr [esp+15], eax 
:6FAAD3F2 E811EA0B00 Call 6FB6BE08 <----- Call a send() for auto-update!

If 0x6C isn't the Keepalive I don't know what it is...

Edit:
I should probably mention that's from the 1.10 D2Client.dll!

Skywing · November 02, 2003, 12:39 AM

Quote from: Paul on November 02, 2003, 12:13 AM
From what I can tell 0x6C is the Keepalive packet in 1.10 per the following piece of code, which is on a timer:

Code Select Expand
:6FAAD3D3 C64424046C mov [esp+04], 6C <----- Client update packet type / Keepalive :6FAAD3D8 FFD6 call esi :6FAAD3DA 89442405 mov dword ptr [esp+05], eax :6FAAD3DE E8FDC6FFFF call 6FAA9AE0 :6FAAD3E3 8D542404 lea edx, dword ptr [esp+04] :6FAAD3E7 6A09 push 00000009 <----- Packet length = 9 bytes :6FAAD3E9 52 push edx :6FAAD3EA D1E8 shr eax, 1 :6FAAD3EC 6A00 push 00000000 :6FAAD3EE 89442415 mov dword ptr [esp+15], eax :6FAAD3F2 E811EA0B00 Call 6FB6BE08 <----- Call a send() for auto-update!

If 0x6C isn't the Keepalive I don't know what it is...

Edit:
I should probably mention that's from the 1.10 D2Client.dll!

That looks promising.

BTW, do you know if they've made any changes to the huffman compression for 1.10? I haven't gotten around to researching gameserver changes yet.

Paul · November 02, 2003, 12:58 AM

What does huffman compression have to do with anything?

Edit:
I should have read the thread more thoroughly instead of skimming and only noticing the words Keepalive and 0x6A...

He's making a game bot!

Skywing · November 02, 2003, 02:20 AM

Quote from: Paul on November 02, 2003, 12:58 AM
What does huffman compression have to do with anything?

Edit:
I should have read the thread more thoroughly instead of skimming and only noticing the words Keepalive and 0x6A... He's making a game bot!

IIRC, that's what previous versions (and probably this version?) used for the in-game compression.

iago · November 02, 2003, 08:24 AM

Quote from: Skywing on November 02, 2003, 02:20 AM
Quote from: Paul on November 02, 2003, 12:58 AM
What does huffman compression have to do with anything?

Edit:
I should have read the thread more thoroughly instead of skimming and only noticing the words Keepalive and 0x6A... He's making a game bot!
IIRC, that's what previous versions (and probably this version?) used for the in-game compression.

Yes, it is.

I doubt it, since Huffman encoding is a greedy algorithm, and will always find the minimum length; doubt they could improve upon it without using a totally different compression message. But who knows what blizzard does sometimes?

Skywing · November 02, 2003, 02:23 PM

Quote from: UserLoser. on November 02, 2003, 02:07 PM
Anyone mind explaining what a Huffman algorithm is, and how it is used in this case?

Google can help you learn about Huffman coding.

iago · November 02, 2003, 05:41 PM

Simly, Huffman encoding is when you represent the more frequent characters as shorter (unique) binary sequences.

If you want to see an example, written in java, it was an assignment that you can find here:
http://www.valhallalegends.com/iago/Huffman.rar

smoke · November 09, 2003, 06:35 AM

To answer the question about the status of huffman compression in 1.10. It appears to be the exact same huffman compression table. I haven't had any problems with my 1.09 and 1.10 beta huffman compression/decompression routines on the realms.

I do have a question though... has anybody bothered to extract the new packet length tables for server and client packets? I did this in 1.10 beta, and can do it again... but it is a pain in the a$$.

Thanks,
smoke