| Author | Message | Time |
|---|
| ShadowDancer | I'll expend as many time as i need to test it, so, if someone is already interested in this, he will be welcome to co work .
-create a small tcp-ip game server in the clientless bot
-connect a d2 to that gameserver
-when the client connects, go with a normal initialization
-send a 0x05 packet may be required.
-look in the memory for d2 process, check that the current player is the same that have connected to your game.
-when u have the process, send the 0x03 packet each time that one of your bots receive it, wait a small time and read the current level structure in the memory. | December 23, 2006, 3:54 PM |
| warz | I don't quite understand what you're trying to do. What are you trying to figure out? | December 23, 2006, 3:56 PM |
| ShadowDancer | i wanna have the map in my own application.
reverse the function that makes the map is the option but it is really time expencive :S | December 23, 2006, 3:59 PM |
| warz | makes what map? | December 23, 2006, 4:40 PM |
| ShadowDancer | mmm, have u played d2 before? | December 23, 2006, 4:44 PM |
| warz | Yeah, but are you trying to find where the game determines which map layout its going to use, so you can make a smarter game bot? what do all those networking features you listed have to do with? | December 23, 2006, 5:24 PM |
| ShadowDancer | [qoute] what do all those networking features you listed have to do with?[/qoute]
I dont know if i have explained it well bcoz mi english is bad, that list haves the steps to follow to have the map.
[qoute]but are you trying to find where the game determines which map layout its going to use, so you can make a smarter game bot?[/qoute]
yes but not, i'll try to make d2 think the map is beging remaped each time a bot changes to another levels chuck and read the map that d2 produces with readmemory.
u can do the reading thing with the source of sting maphack.
and the network thing with the bnet proxy concept that a few amount of members where talking about the last weeks.
| December 23, 2006, 6:28 PM |
| Ringo | This will work, on the condition you send 0x03's before the game is fully initialized. (0x04 is sent etc)
As you may already know, once the client recv's 0x04, it will ignore login packets. (as it is no longer in a login state)
However, your bot will no longer be *clientless*. :)
All my exp/mf bots iv ever created, build the map out of 40 by 40 blocks, then calculate a path based on them.
I dont want to go into detail on how I do this, but I see it as having 2 options:
1) Copy the code d2 has and uses to build the map.
2) Invent your own, based on your research.
Ofc, a 3rd option would be to use D2's code. (like you have explained) | December 23, 2006, 7:56 PM |
| ShadowDancer | This will work, on the condition you send 0x03's before the game is fully initialized. (0x04 is sent etc)
when u change from the current level to another not loaded, the server send packets to unload all objects, locations and rooms, after that it seends 0x05 0x03 then load new rooms and then 0x04 again.
the problem with your method is that u have experience in reverse enginne unlike me :(
However, your bot will no longer be *clientless*. :P... true, but my program will be able to run as many bots as cdkeys u can use with only one d2 that can be hiden and dont use a big amount of cpu/memory. | December 24, 2006, 8:41 AM |
| Ringo | [quote author=ShadowDancer link=topic=16147.msg162789#msg162789 date=1166949710]
when u change from the current level to another not loaded, the server send packets to unload all objects, locations and rooms, after that it seends 0x05 0x03 then load new rooms and then 0x04 again.
[/quote]
Ah, yes. Im following what your thinking. :)
I think* you cant load the same act more than once at the same time, so you would have to switch act and back again if the act before was the same as the act to load next.
Its been awhile, so I cant say for sure, but I think you may have some more issues to work around like the above, inorder for it to work correctly.
[quote author=ShadowDancer link=topic=16147.msg162789#msg162789 date=1166949710]
the problem with your method is that u have experience in reverse enginne unlike me :(
[/quote]
If you mean experience with ASM and reverseing, I have next to zero experience :P
[quote author=ShadowDancer link=topic=16147.msg162789#msg162789 date=1166949710]
... true, but my program will be able to run as many bots as cdkeys u can use with only one d2 that can be hiden and dont use a big amount of cpu/memory.
[/quote]
Im not sure what your resources are like, but cpu/memory useage is the last of your problems :D
When I did a burst of D2jsp trading, I had no less than 130 cdkeys inuse at anyone time, and had more bandwidth issues than anything else :P
Not to mention connection limits, fail join tags, realm downs, game limits, etc.
| December 25, 2006, 5:36 AM |
| ShadowDancer | i dont remeber how d2jsp worked but. if i am right it uses 1 d2 for each bot... 130 x ~13mb = 1690mb ram .... i have only 256mb(yes it is really obsolete) and my program uses 13mb to run 30 bots. | December 28, 2006, 1:42 PM |
| JoeTheOdd | [quote author=Ringo link=topic=16147.msg162802#msg162802 date=1167025006]
I think* you cant load the same act more than once at the same time, so you would have to switch act and back again if the act before was the same as the act to load next.
Its been awhile, so I cant say for sure, but I think you may have some more issues to work around like the above, inorder for it to work correctly.
[/quote]
I think you crossed the fine line between account and character. Accounts can obviously be used more than once at a time, as we've seen from the #XX mangles. As far as characters, they can be logged in any number of times, but only one instance of that character can be in a game at any given time. If one logs in to a game, the previous one gets removed (I don't know by what nature, though) from the game.
At least, this was what it was like a few patches ago. I haven't (and am not going to) tested it for a while. | December 29, 2006, 10:26 AM |
| ShadowDancer | Joe[x86] excuse my roughness but i dont know how to say it in any other way coz my english sucks...
We are talking about how use the game libaryes as a tool to read the map, your post is complety unrelated with the talk...
6FAB2160 > packet 03 process
ej: 03 01 0a 50 f7 18 28 00 61 e7 b0 41
dword edx = [ecx + 8] => n2 > 61 e7 b0 41
word ax = [ecx + 6] => new area ( 28 00 )
push eax
push edx
edx = [ecx + 2] => n1 > (0a 50 f7 18)
cl = [ecx + 1] => act
.text:6FAB2160 sub_6FAB2160 proc near ; DATA XREF: .data:6FB76294�o
.text:6FAB2160 mov edx, [ecx+8]
.text:6FAB2163 xor eax, eax ; Logical Exclusive OR
.text:6FAB2165 mov ax, [ecx+6]
.text:6FAB2169 push eax
.text:6FAB216A push edx
.text:6FAB216B mov edx, [ecx+2]
.text:6FAB216E mov cl, [ecx+1]
----------------------- called proc -------------------------
.text:6FAA9290 var_CC = dword ptr -0CCh
.text:6FAA9290 var_90 = dword ptr -90h
.text:6FAA9290 var_88 = dword ptr -88h
.text:6FAA9290 var_80 = dword ptr -80h
.text:6FAA9290 var_68 = dword ptr -68h
.text:6FAA9290 var_64 = dword ptr -64h
.text:6FAA9290 var_50 = dword ptr -50h
.text:6FAA9290 var_44 = dword ptr -44h
.text:6FAA9290 var_28 = dword ptr -28h
.text:6FAA9290
.text:6FAA9290 sub esp, 6Ch
.text:6FAA9293 push ebx
.text:6FAA9294 mov ebx, ecx
.text:6FAA9296 mov al, bl
.text:6FAA9298 push ebp
.text:6FAA9299 push esi
.text:6FAA929A inc al
.text:6FAA929C push edi
.text:6FAA929D mov ebp, edx
.text:6FAA929F mov byte ptr [esp+7Ch+var_68], al
.text:6FAA92A3 xor edi, edi
.text:6FAA92A5
for i:=0 to $24 do
if d2common_checklvl(i,act)=1 then
for j:=0 to $20 do
begin
res:=d2common_getlvlscell(i,j); //pchar
if (res='') or (res[0]='0') then continue;
D2CMP_10095(unknow,res);
end;
.text:6FAA92A5 loc_6FAA92A5: ; CODE XREF: sub_6FAA9290+57�j
.text:6FAA92A5 mov ecx, [esp+7Ch+var_68]
.text:6FAA92A9 push ecx
.text:6FAA92AA push edi
.text:6FAA92AB call D2Common_11226
.text:6FAA92B0 test eax, eax
.text:6FAA92B2 jz short loc_6FAA92E3
.text:6FAA92B4 xor esi, esi
.text:6FAA92B6
.text:6FAA92B6 loc_6FAA92B6: ; CODE XREF: sub_6FAA9290+51�j
.text:6FAA92B6 lea edx, [esp+84h+var_44]
.text:6FAA92BA push edx
.text:6FAA92BB push esi
.text:6FAA92BC push edi
.text:6FAA92BD call D2Common_11227
.text:6FAA92C2 mov al, byte ptr [esp+90h+var_50]
.text:6FAA92C6 cmp al, 30h
.text:6FAA92C8 jz short loc_6FAA92DD
.text:6FAA92CA test al, al
.text:6FAA92CC jz short loc_6FAA92DD
.text:6FAA92CE lea eax, [esp+90h+var_50]
.text:6FAA92D2 lea ecx, [esp+90h+var_80]
.text:6FAA92D6 push eax
.text:6FAA92D7 push ecx
.text:6FAA92D8 call D2CMP_10095
.text:6FAA92DD
.text:6FAA92DD loc_6FAA92DD: ; CODE XREF: sub_6FAA9290+38�j
.text:6FAA92DD ; sub_6FAA9290+3C�j
.text:6FAA92DD inc esi
.text:6FAA92DE cmp esi, 20h
.text:6FAA92E1 jl short loc_6FAA92B6
.text:6FAA92E3
.text:6FAA92E3 loc_6FAA92E3: ; CODE XREF: sub_6FAA9290+22�j
.text:6FAA92E3 inc edi
.text:6FAA92E4 cmp edi, 24h
.text:6FAA92E7 jl short loc_6FAA92A5
[color=red]
currently i can run to here loading the d2common, d2cmp, d2win, storm, fog dlls on my application. :/[/color]
play warping animation?
.text:6FAA92E9 lea edx, [esp+98h+var_88]
.text:6FAA92ED push offset aDataGlobalTile ; "data\\global\\tiles\\act1\\barracks\\warp.dt"...
.text:6FAA92F2 push edx
.text:6FAA92F3 call D2CMP_10095
.text:6FAA92F8 lea eax, [esp+0A0h+var_90]
.text:6FAA92FC push offset aDataGlobalTi_0 ; "data\\global\\tiles\\act1\\outdoors\\blank.d"...
.text:6FAA9301 push eax
.text:6FAA9302 call D2CMP_10095
if pcurrent_act{dword_6FBA7984} <>0 then
D2Common_10039(pcurrent_act);
.text:6FAA9307 mov eax, dword_6FBA7984
.text:6FAA930C test eax, eax
.text:6FAA930E jz short loc_6FAA9316
.text:6FAA9310 push eax
.text:6FAA9311 call D2Common_10039
.text:6FAA9316
.text:6FAA9316 loc_6FAA9316: ; CODE XREF: sub_6FAA9290+7E�j
.text:6FAA9316 mov esi, [esp+0ACh+var_28]
.text:6FAA931D mov cl, byte_6FBA795C -> first byte of 0x01 packet
.text:6FAA9323 push offset unk_6FACD840 > automap code
.text:6FAA9328 push offset unk_6FACD660 > automap code
.text:6FAA932D push esi -> var
.text:6FAA932E push 0
.text:6FAA9330 push ecx -> cl value
.text:6FAA9331 push 0
.text:6FAA9333 push 1
.text:6FAA9335 push ebp ¿?
.text:6FAA9336 push ebx ¿?
.text:6FAA9337 call D2Common_10038
.text:6FAA933C mov cl, byte_6FBA79D0
.text:6FAA9342 mov dword_6FBA7984, eax
.text:6FAA9347 test cl, cl
.text:6FAA9349 jz short loc_6FAA936C
.text:6FAA934B cmp bl, 1
.text:6FAA934E jnz short loc_6FAA936C
.text:6FAA9350 test eax, eax
.text:6FAA9352 jz short loc_6FAA936C
.text:6FAA9354 push 1
.text:6FAA9356 push 0
.text:6FAA9358 push 5
.text:6FAA935A call sub_6FB29370
.text:6FAA935F mov edx, dword_6FBA7984
.text:6FAA9365 push eax
.text:6FAA9366 push edx
.text:6FAA9367 call D2Common_10932
.text:6FAA936C
.text:6FAA936C loc_6FAA936C: ; CODE XREF: sub_6FAA9290+B9�j
.text:6FAA936C ; sub_6FAA9290+BE�j ...
.text:6FAA936C mov ecx, ebx
.text:6FAA936E mov byte_6FBA79D0, 0
.text:6FAA9375 and ecx, 0FFh
.text:6FAA937B call sub_6FB245B0
.text:6FAA9380 mov ecx, 1
.text:6FAA9385 call sub_6FB242E0
.text:6FAA938A mov ecx, dword_6FBA7988
.text:6FAA9390 xor eax, eax
.text:6FAA9392 mov [ecx], eax
.text:6FAA9394 mov [ecx+4], eax
.text:6FAA9397 mov edx, dword_6FBA7988
.text:6FAA939D mov eax, [esp+0E4h+var_64]
.text:6FAA93A4 mov [edx], ebp
.text:6FAA93A6 mov ecx, dword_6FBA7988
.text:6FAA93AC mov [ecx+4], eax
.text:6FAA93AF call sub_6FACF730
.text:6FAA93B4 call sub_6FAA4A30
.text:6FAA93B9 call sub_6FB203C0
.text:6FAA93BE mov dword_6FBA798C, esi
.text:6FAA93C4 call sub_6FB5CB60
.text:6FAA93C9 mov cl, bl
.text:6FAA93CB call sub_6FB5C9E0
.text:6FAA93D0 lea edx, [esp+0E4h+var_CC]
.text:6FAA93D4 push ebp
.text:6FAA93D5 push offset aSeedD ; "Seed: %d"
.text:6FAA93DA push edx
.text:6FAA93DB call _sprintf
.text:6FAA93E0 lea eax, [esp+0F0h+var_CC]
.text:6FAA93E4 push eax
.text:6FAA93E5 call Fog_10029
.text:6FAA93EA add esp, 10h
.text:6FAA93ED mov dword_6FB75814, 1
.text:6FAA93F7 call ds:GetTickCount
.text:6FAA93FD mov ecx, dword_6FBA778C
.text:6FAA9403 add eax, 2710h
.text:6FAA9408 pop edi
.text:6FAA9409 pop esi
.text:6FAA940A pop ebp
.text:6FAA940B cmp eax, ecx
.text:6FAA940D pop ebx
.text:6FAA940E jbe short loc_6FAA9415
.text:6FAA9410 mov dword_6FBA778C, eax
.text:6FAA9415
.text:6FAA9415 loc_6FAA9415: ; CODE XREF: sub_6FAA9290+17E�j
.text:6FAA9415 add esp, 6Ch
.text:6FAA9418 retn 8
.text:6FAA9418 sub_6FAA9290 endp ; sp = -68h
| December 29, 2006, 11:33 AM |
| Ringo | [quote author=ShadowDancer link=topic=16147.msg162830#msg162830 date=1167313372]
i dont remeber how d2jsp worked but. if i am right it uses 1 d2 for each bot... 130 x ~13mb = 1690mb ram .... i have only 256mb(yes it is really obsolete) and my program uses 13mb to run 30 bots.
[/quote]
Ah, I didnt mean d2jsp bot, I ment the d2 trade forums :P
http://forums.d2jsp.org/index.php?s=9c29a375ff85b7508a29b5313d48cd8f&showforum=51
I cant remember what memory they used, but it was around 100kb - 150kb per connection, including winsock/compression/decompression buffers + an instance of the game from my D2Char.ocx ;)
[quote author=Joe[x86] link=topic=16147.msg162837#msg162837 date=1167387986]
I think you crossed the fine line between account and character. Accounts can obviously be used more than once at a time, as we've seen from the #XX mangles. As far as characters, they can be logged in any number of times, but only one instance of that character can be in a game at any given time. If one logs in to a game, the previous one gets removed (I don't know by what nature, though) from the game.
At least, this was what it was like a few patches ago. I haven't (and am not going to) tested it for a while.
[/quote]
As shadow pointed out, we are talking about the acts the characters run around in, rather than the characters/accounts them sefs :)
I think what your talking about, is like the following:
BNet will allow the same account to be logged on multiple times (#instance)
Realm will allow only 1 of the same account to be logged on (#2 boots #1)
Games will allow only 1 char in agame (#2 gets rejected on game connection/login)
I think its always been like that with realm/game servers, to try and stop dupeing of characters/items.
| December 30, 2006, 3:45 AM |