08-22-2003, 03:33 AM
I can get you started and you or someone else can finish it if they want =) I suck at this and haven't really tested it, more of an idea I've had for a long time that I never got around to working on ;-) There are several ways of doing this, I'm going to give the info on how it's been done (not a good way) and how I would like to do it (should I do it ;-) ).
First a little background into the code. This is for v1.07 Diablo, I imagine Hellfire is pretty close. The following line is the assembler code in memory for the calling of the routine. This could be right, this could be wrong, I really don't know. I haven't tested it yet so I really can't say. I don't know what is stored in all of the register values so I could very well be barking up the wrong tree...
:0044B1BD FF15DCA04700 Call dword ptr [0047A0DC]
This calls the kernel function "GetComputerNameA"
This function call also exists
:0044B629 FF15DCA04700 Call dword ptr [0047A0DC]
:0044BC1B FF15DCA04700 Call dword ptr [0047A0DC]
:0044BD47 FF15DCA04700 Call dword ptr [0047A0DC]
as well.
So we know the program is getting the computer name 4 times. But once it has it, it has to compare it somewhere, right? So we need to look further down the code to see where there could be a comparison or so and do some trial and error since we aren't good at assembler. The next couple of lines in the code are as follows:
:0044B1C3 BEF2040000 mov esi, 000004F2
:0044B1C8 8BCE mov ecx, esi
:0044B1CA E8D984FBFF call 004036A8
Okay, so we move the contents of memory address 04F2 to ESI and then more whatever was in ESI to ECX. Let's look at 04F2 and see where it gets set\used elsewhere...
Looking around we notice it is only used to push the contents of it to the stack twice, imul'ted once, and put into EAX right below a comparison...
This is the actual comparison:
:0044B66C B8F2040000 mov eax, 000004F2
:0044B671 3945F8 cmp dword ptr [ebp-08], eax
:0044B674 7514 jne 0044B68A
EAX gets loaded with 4F2. Then compared. If you change the JNE statement to a JMP statement, you don't get any characters loaded regardless of computer name. So this apparently builds the list of characters that you can use... so let's just NOP it!
Doh! That crashes the game upon attempting to choose a character! Guess there is something that was missed somewhere, right?
I'll report back should I actually get it to work ;-)
Selby
First a little background into the code. This is for v1.07 Diablo, I imagine Hellfire is pretty close. The following line is the assembler code in memory for the calling of the routine. This could be right, this could be wrong, I really don't know. I haven't tested it yet so I really can't say. I don't know what is stored in all of the register values so I could very well be barking up the wrong tree...
:0044B1BD FF15DCA04700 Call dword ptr [0047A0DC]
This calls the kernel function "GetComputerNameA"
This function call also exists
:0044B629 FF15DCA04700 Call dword ptr [0047A0DC]
:0044BC1B FF15DCA04700 Call dword ptr [0047A0DC]
:0044BD47 FF15DCA04700 Call dword ptr [0047A0DC]
as well.
So we know the program is getting the computer name 4 times. But once it has it, it has to compare it somewhere, right? So we need to look further down the code to see where there could be a comparison or so and do some trial and error since we aren't good at assembler. The next couple of lines in the code are as follows:
:0044B1C3 BEF2040000 mov esi, 000004F2
:0044B1C8 8BCE mov ecx, esi
:0044B1CA E8D984FBFF call 004036A8
Okay, so we move the contents of memory address 04F2 to ESI and then more whatever was in ESI to ECX. Let's look at 04F2 and see where it gets set\used elsewhere...
Looking around we notice it is only used to push the contents of it to the stack twice, imul'ted once, and put into EAX right below a comparison...
This is the actual comparison:
:0044B66C B8F2040000 mov eax, 000004F2
:0044B671 3945F8 cmp dword ptr [ebp-08], eax
:0044B674 7514 jne 0044B68A
EAX gets loaded with 4F2. Then compared. If you change the JNE statement to a JMP statement, you don't get any characters loaded regardless of computer name. So this apparently builds the list of characters that you can use... so let's just NOP it!
Doh! That crashes the game upon attempting to choose a character! Guess there is something that was missed somewhere, right?
I'll report back should I actually get it to work ;-)
Selby