01-28-2018, 04:47 AM
(This post was last modified: 01-28-2018, 04:49 AM by TheKillerVortex.)
Hello.
I understand the first post is from 2011 and the last post is from 2017.
I am not trying to necro-thread this sticky topic, however: I see many suggestions stating to use a virtual CD-ROM drive + Diablo disc image.
I've also seen suggestions for a modified storm.dll (which is where the CD-check is actually called in). Modifying storm.dll will affect the hash check and prevent usage of Battle.net (authentic game server).
I couldn't find any offsets, but I remember having had found it over a decade ago. Recently, I decided I wanted to play around with Diablo again.
Here are the offsets for various patch versions, including a C++ program (source code included) that I wrote to load Diablo without a virtual CD-ROM drive, Diablo image file and allowing you to play on Battle.net.
What you will need is the *.MPQ file (DIABDAT.MPQ; Size on disk: 493 MB (517,505,024 bytes)) on the harddrive somewhere. The registry entry will point to the file; I saw another potential entry method, where it will locally load the *.MPQ and avoid using the registry pointer, but I'll leave that for someone else who is interested in exploiting that.
Patch offsets (Diablo.exe process):
Registry entries (x86 and x64 store the HKEY_LOCAL_MACHINE differently; Patch v1.08+ uses HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE):
Blizzard's official "color fix" for Windows 7 (x86 + x64):
If you prefer (for whatever reason) to use a cracked storm.dll copy for v1.09 (cannot play on Battle.net without 'uncracking' storm.dll after loading the game up):
My no-patch loader for Diablo v1.09 simply loads the game, waits 1 second, then attempts to 'unload' the fix (allowing you to connect and play on Battle.net):
(The program attempts to read the local path of the DiabloCD (used for the DiabDat.MPQ) from the HKEY_LOCAL_MACHINE entry in the registry)
NOTE: You do NOT need a CD / CD-ROM drive / virtual CD-drive to install Diablo.
What you do need is from the Diablo disc:
Run the "AUTORUN.exe" with the DiabDat.MPQ file in the same directory. Then apply the desired patch manually (Battle.net will not automatically download the patch).
or
Run the "INSTALL.exe" with the DiabDat.MPQ file in the same directory. Then attempt to log on Battle.net and the server will supply the latest patch.
As of the current writing of this post: It would appear that Zamal's site is no longer online.
Their humongous collection of all offsets and data accumulated from Diablo reverse engineering is lost, unless someone has a local copy.
"The Dark Forums" are no longer with us; I have noticed that: Sir Krist is on this forum (however, incredibly inactive).
I understand the first post is from 2011 and the last post is from 2017.
I am not trying to necro-thread this sticky topic, however: I see many suggestions stating to use a virtual CD-ROM drive + Diablo disc image.
I've also seen suggestions for a modified storm.dll (which is where the CD-check is actually called in). Modifying storm.dll will affect the hash check and prevent usage of Battle.net (authentic game server).
I couldn't find any offsets, but I remember having had found it over a decade ago. Recently, I decided I wanted to play around with Diablo again.
Here are the offsets for various patch versions, including a C++ program (source code included) that I wrote to load Diablo without a virtual CD-ROM drive, Diablo image file and allowing you to play on Battle.net.
What you will need is the *.MPQ file (DIABDAT.MPQ; Size on disk: 493 MB (517,505,024 bytes)) on the harddrive somewhere. The registry entry will point to the file; I saw another potential entry method, where it will locally load the *.MPQ and avoid using the registry pointer, but I'll leave that for someone else who is interested in exploiting that.
Patch offsets (Diablo.exe process):
Code:
v1.09:
1501867A: 74 to EB
v1.08:
15017E8A: 74 to EB
v1.07:
1501278C: 74 to EB
v1.00:
1500D516: 74 to EBRegistry entries (x86 and x64 store the HKEY_LOCAL_MACHINE differently; Patch v1.08+ uses HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE):
Code:
HKEY_CURRENT_USER/Software/Blizzard Entertainment/Archives/DiabloCD
x86 OS: HKEY_LOCAL_MACHINE/Software/Blizzard Entertainment/Archives/DiabloCD
x64 OS: HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Blizzard Entertainment/Archives/DiabloCDBlizzard's official "color fix" for Windows 7 (x86 + x64):
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\Compatibility\Diablo109]
"Name"="Diablo.exe"
"ID"=hex:7c,89,fc,3a
"Flags"=hex:00,08,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\Diablo109]
"Name"="Diablo.exe"
"ID"=hex:7c,89,fc,3a
"Flags"=hex:00,08,00,00If you prefer (for whatever reason) to use a cracked storm.dll copy for v1.09 (cannot play on Battle.net without 'uncracking' storm.dll after loading the game up):
Code:
storm.dll size on disk: 264 KB (270,336 bytes)
Comparing files Storm.dll and STORM.DLL.CRACK
0001867A: 74 EBMy no-patch loader for Diablo v1.09 simply loads the game, waits 1 second, then attempts to 'unload' the fix (allowing you to connect and play on Battle.net):
(The program attempts to read the local path of the DiabloCD (used for the DiabDat.MPQ) from the HKEY_LOCAL_MACHINE entry in the registry)
Code:
#include <windows.h>
#include <iostream>
int main() {
HKEY hkey;
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Blizzard Entertainment\\Archives", NULL, KEY_QUERY_VALUE, &hkey);
const DWORD SIZE = 1024;
char szValue[SIZE];
DWORD dwValue = SIZE;
DWORD dwType = 0;
RegQueryValueEx(hkey, "DiabloCD", NULL, &dwType, (LPBYTE)&szValue, &dwValue);
RegCloseKey(hkey);
strcat(szValue, "Diablo.exe");
ShellExecute(NULL, "open", szValue, NULL, NULL, SW_SHOWDEFAULT);
hwnd hwnd = NULL;
while (hwnd == NULL) {
hwnd = FindWindow(0, "DIABLO");
}
DWORD proc_id;
GetWindowThreadProcessId(hwnd, &proc_id);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, proc_id);
BYTE data[] = { 0xEB };
DWORD dataSize = sizeof(data);
WriteProcessMemory(hProcess, (LPVOID)0x1501867A, &data, dataSize, NULL);
Sleep(1000);
BYTE data2[] = { 0x74 };
dataSize = sizeof(data2);
WriteProcessMemory(hProcess, (LPVOID)0x1501867A, &data2, dataSize, NULL);
CloseHandle(hProcess);
}NOTE: You do NOT need a CD / CD-ROM drive / virtual CD-drive to install Diablo.
What you do need is from the Diablo disc:
Code:
(v1.00) AUTORUN.exe 4.22 MB (4,431,872 bytes)
(v1.08) INSTALL.EXE 6.76 MB (7,098,368 bytes)
DIABDAT.MPQ 493 MB (517,505,024 bytes)Run the "AUTORUN.exe" with the DiabDat.MPQ file in the same directory. Then apply the desired patch manually (Battle.net will not automatically download the patch).
or
Run the "INSTALL.exe" with the DiabDat.MPQ file in the same directory. Then attempt to log on Battle.net and the server will supply the latest patch.
As of the current writing of this post: It would appear that Zamal's site is no longer online.
Their humongous collection of all offsets and data accumulated from Diablo reverse engineering is lost, unless someone has a local copy.
"The Dark Forums" are no longer with us; I have noticed that: Sir Krist is on this forum (however, incredibly inactive).