[1.13c] Function Tables

This forum is for discussions on how to edit what can not be edited through the txt files, needless to say this isn't about battle net hacking.

Moderators: Nefarius, Havvoric

Post Reply
User avatar
kidpaddle94
Forum Legend
Principality
Posts: 2057
Joined: Thu Aug 13, 2009 2:54 pm
Location: localhost
Canada

[1.13c] Function Tables

Post by kidpaddle94 » Mon Jul 22, 2013 6:28 am

Diablo II 1.13c Function Tables

This thread is meant to document various function tables used by the game.
Credits are due to various users here @The Phrozenkeep
D2GS Client->Server Packets (D2Game.0xFA078)
This table contains receptor functions for D2GS packets sent by the clients to the server.
Don't know what the field labeled as BOOL b does. I believe it may be related to hack detection, although I'm pretty sure it's not used outside of realm.

Code: Select all

struct
{
	int (__fastcall* D2GsClt2SrvPacket_t)(D2GameStrc* pGame, D2UnitStrc* pUnit, void* pPacket, int nPacketSize);
	BOOL b;
};
********************************************************************

D2GS Server->Client Packets (D2Client.0xDDE60)
This table contains the receptor functions for D2GS packets sent by the server to the client.
A size of -1 in the the nPacketSize field means the packet has variable size

Code: Select all

struct
{
	void (__fastcall* D2GsSrv2CltPacket_t)(void* pPacket);
	int nPacketSize;
	void (__fastcall* D2GsSrv2CltPacketEx_t)(D2UnitStrc* pUnit, void* pPacket)
};
********************************************************************

Skills SrvStFunc (D2Game.0x107338)
This table contains the skills SrvStFunc functions.

Code: Select all

struct
{
	int (__fastcall* D2SkillSrvStFunc_t)(D2GameStrc* pGame, D2UnitStrc* pUnit, int nSkill, int nSkillLevel);
};
********************************************************************

Skills SrvDoFunc (D2Game.0x1074A8)
This table contains the skills SrvDoFunc functions.

Code: Select all

struct
{
	int (__fastcall* D2SkillSrvDoFunc_t)(D2GameStrc* pGame, D2UnitStrc* pUnit, int nSkill, int nSkillLevel);
};
********************************************************************

Skills CltStFunc (D2Client.0xDE928)
This table contains the skills CltStFunc functions.

Code: Select all

struct
{
	int (__fastcall* D2SkillCltStFunc_t)(D2UnitStrc* pUnit, int nSkill, int nSkillLevel);
};
********************************************************************

Skills CltDoFunc (D2Client.0xDEA48)
This table contains the skills CltDoFunc functions.

Code: Select all

struct
{
	int (__fastcall* D2SkillCltDoFunc_t)(D2UnitStrc* pUnit, int nSkill, int nSkillLevel);
};
********************************************************************

Objects Server Init (D2Game.0x10E050)
This table contains object init functions (InitFn in Objects.txt)

Code: Select all

struct D2ObjInitFnStrc
{
	D2GameStrc* pGame;				//0x00
	D2UnitStrc* pObject;			//0x04
	D2RoomStrc* pRoom;				//0x08
	D2ObjDataStrc* pObjData;		//0x0C
	D2ObjectsTXT* pObjectRecord;	//0x10
	int nX;							//0x14
	int nY;							//0x18
};

struct
{
	int (__fastcall* D2ObjInit_t)(D2ObjInitFnStrc* pInitFn);
};
********************************************************************

Objects Server Operate (D2Game.0x107BB8)
This table contains objects operating functions (OperateFn in Objects.txt)

Code: Select all

struct D2ObjOperateFnStrc
{
	D2GameStrc* pGame;			//0x00
	D2UnitStrc* pObject;		//0x04
	D2UnitStrc* pPlayer;		//0x08
	D2ObjDataStrc* pObjData;	//0x0C
	int nObjectClass;			//0x10
};

struct
{
	int (__fastcall* D2ObjOperate_t)(D2ObjOperateFnStrc* pOperateFn);
};

********************************************************************

Items Spell Functions (D2Game.0x107238)
This table contains item spell functions (pSpell column from Armor/Misc/Weapons.txt)
On the second callback, the return value defines whether the item is destroyed or not (0 = no, 1 = yes)

Code: Select all

struct
{
	int (__fastcall* D2ItemSpellInit_t)(D2GameStrc* pGame, D2UnitStrc* pUnit, D2UnitStrc* pItem, D2UnitStrc* pTarget, int nX, int nY, int nSkill);
	int (__fastcall* D2ItemSpell_t)(D2GameStrc* pGame, D2UnitStrc* pUnit, D2UnitStrc* pItem, D2UnitStrc* pTarget, int nX, int nY, int nSkill);
};
********************************************************************

Event Functions (D2Game.0x1077A8)
This table is used both by skills and item stats.
In the case of items it's used for ItemEventFuncs, and for skills it's used by various things in skills.txt
The prototype args are polymorphic.

Code: Select all

struct
{
	union
	{
		int (__fastcall* D2ItemEventFunc)(D2GameStrc* pGame, int nEvent, D2UnitStrc* pUnit, D2UnitStrc* pTarget, D2DamageStrc* pDamage, DWORD dwStat, DWORD dwArg);
		int (__fastcall* D2SkillEventFunc)(D2GameStrc* pGame, int nEvent, D2UnitStrc* pUnit, D2UnitStrc* pTarget, D2DamageStrc* pDamage, int nSkill, int nSkillLevel);
	};
};
********************************************************************

Item Properties Functions (D2Common.0x9B0C8)
This table contains functions used to handle item properties. More information can be found here

Code: Select all

struct
{
	int (__fastcall* D2PropFunc_t)(int nPropType, D2UnitStrc* pSrcUnit, D2UnitStrc* pUnit, D2PropertyStrc* pProp, int nSet, int nStat, int nParam, int nPrevValue, int nState, DWORD dwListFlags, DWORD dw0);
};
********************************************************************

Cube Special Outputs (D2Game.0xFA5E8)
This table contains functions for special cube outputs, like the cow level portal.
However only one entry is used in single player. (The functions for uber trist aren't available, they just return 0)

Code: Select all

struct
{
	int (__fastcall* D2CubeOutput_t)(D2GameStrc* pGame, D2UnitStrc* pUnit);
};
********************************************************************

Missiles SrvDoFunc Functions (D2Game.0x10D970)
This table contains missiles SrvDoFunc functions (pSrvDoFunc field in Missiles.txt)

Code: Select all

struct
{
	void (__fastcall* D2MslSrvDoFunc_t)(D2GameStrc* pGame, D2UnitStrc* pMissile);
};
********************************************************************

Missiles SrvHitFunc Functions (D2Game.0x10DA48)
This table contains missiles SrvHitFunc functions (pSrvHitFunc field in Missiles.txt)

Code: Select all

struct
{
	int (__fastcall* D2MslSrvHitFunc_t)(D2GameStrc* pGame, D2UnitStrc* pMissile, D2UnitStrc* pTarget);
};
********************************************************************

Missiles SrvDmgFunc Functions (D2Game.0x10DB68)
This table contains missiles SrvDmgFunc functions (pSrvDmgFunc field in Missiles.txt)

Code: Select all

struct
{
	void (__fastcall* D2MslSrvDmgFunc_t)(D2GameStrc* pGame, D2UnitStrc* pMissile, D2UnitStrc* pTarget, D2DamageStrc* pDamage);
};
********************************************************************

Missiles CltDoFunc Functions (D2Client.0xDD8A0)
This table contains missiles CltDoFunc functions (pCltDoFunc field in Missiles.txt)

Code: Select all

struct
{
	void (__fastcall* D2MslCltDoFunc_t)(D2UnitStrc* pMissile);
};
********************************************************************

Missiles CltHitFunc Functions (D2Client.0xDDA10)
This table contains missiles CltHitFunc functions (pCltHitFunc field in Missiles.txt)

Code: Select all

struct
{
	int (__fastcall* D2MslCltHitFunc_t)(D2UnitStrc* pMissile, D2UnitStrc* pTarget);
};
Last edited by kidpaddle94 on Tue Apr 12, 2016 1:34 pm, edited 9 times in total.

User avatar
JDS
Junior Member
Paladin
Posts: 198
Joined: Wed Jun 05, 2013 8:31 pm

Re: [1.13c] Major Function Tables

Post by JDS » Mon Jul 22, 2013 11:45 am

Seems like we need function table category and pages in our wiki. Thanks for the share.

EDIT:

Are these the base addresses of the tables? If so, what are the sizes of the tables?

User avatar
kingpin
Retired Admin
Cherub
Posts: 10954
Joined: Sat Jan 11, 2003 12:51 pm
Contact:
Sweden

Hand-picked

Re: [1.13c] Major Function Tables

Post by kingpin » Mon Jul 22, 2013 11:49 am

it's the relative address to tables, so base address is not included.

User avatar
kidpaddle94
Forum Legend
Principality
Posts: 2057
Joined: Thu Aug 13, 2009 2:54 pm
Location: localhost
Canada

Re: [1.13c] Major Function Tables

Post by kidpaddle94 » Mon Jul 22, 2013 11:56 am

kingpin" wrote:it's the relative address to tables, so base address is not included.
^ This

I post addresses using the file offset at 90% of time, as these addresses do not reallocate.
It just makes it simpler for everyone I think.

User avatar
kingpin
Retired Admin
Cherub
Posts: 10954
Joined: Sat Jan 11, 2003 12:51 pm
Contact:
Sweden

Hand-picked

Re: [1.13c] Major Function Tables

Post by kingpin » Mon Jul 22, 2013 11:59 am

I would probably say use both.

User avatar
JDS
Junior Member
Paladin
Posts: 198
Joined: Wed Jun 05, 2013 8:31 pm

Re: [1.13c] Major Function Tables

Post by JDS » Mon Jul 22, 2013 12:38 pm

Slight miscommunication there on my side, what I meant was "is this the displacement for the beginning of the table" (and I suppose the answer is yes), not "is this the displacement or the base address". I could see from the size of the numbers that it can't be the base address ; ) Thanks anyhow, you answered that part of my question.

So how large are the tables? Same as what Nefarius posted?

User avatar
kidpaddle94
Forum Legend
Principality
Posts: 2057
Joined: Thu Aug 13, 2009 2:54 pm
Location: localhost
Canada

Re: [1.13c] Major Function Tables

Post by kidpaddle94 » Mon Jul 22, 2013 1:01 pm

JDS" wrote:Slight miscommunication there on my side, what I meant was "is this the displacement for the beginning of the table" (and I suppose the answer is yes), not "is this the displacement or the base address". I could see from the size of the numbers that it can't be the base address ; ) Thanks anyhow, you answered that part of my question.

So how large are the tables? Same as what Nefarius posted?
Oh okay. Well, every address listed are the address of the beginning of the table.
As for the size, I didn't feel the need of listing it as you can easily find it out by looking at the table.

Just by looking at code where the table base address is referenced, at 80% of time you will find all kind of checks that look like this:

Code: Select all

6FCB1D29  |.  66:3D BF00    |CMP AX,0BF
6FCB1D2D  |.  7D 39         |JGE SHORT D2Game.6FCB1D68
Some times it's a constant reference, but some times it point to a variable pointer (which most of time is located at the end of the table)
Like in the case of items pspells

Code: Select all

6FCCD175  |>  3B1D 3073D26F CMP EBX,DWORD PTR DS:[6FD27330]
6FCCD17B  |.  0F8D 87000000 JGE D2Game.6FCCD208

6FD27330              1F 00 00 00                   ...
Those are IMO the most convenient as you can easily patch the lookup to your own variable
Last edited by kidpaddle94 on Tue Jul 23, 2013 7:30 am, edited 1 time in total.

User avatar
kingpin
Retired Admin
Cherub
Posts: 10954
Joined: Sat Jan 11, 2003 12:51 pm
Contact:
Sweden

Hand-picked

Re: [1.13c] Major Function Tables

Post by kingpin » Mon Jul 22, 2013 1:14 pm

Remember some tables may have multiple places where it's used, so hope you posting all places it's loaded at. Didn't check the entries you added, but know from alot tables I moved into c++. There have been multiple entries to take care off.

Also, add the limit is kinda important if you want extend the table, or basically just want to know how many free table entries there is that you can add directly in asm. I think for general knowledge it's good also. But, know that takes time, so maybe something's to think about in future.

User avatar
Necrolis
Senior Admin
Throne
Posts: 9125
Joined: Sat Mar 25, 2006 1:22 pm
Location: The Land of the Dead
Contact:
South Africa

Hand-picked

Re: [1.13c] Major Function Tables

Post by Necrolis » Mon Jul 22, 2013 2:16 pm

kingpin" wrote:Remember some tables may have multiple places where it's used, so hope you posting all places it's loaded at. Didn't check the entries you added, but know from alot tables I moved into c++. There have been multiple entries to take care off.

Also, add the limit is kinda important if you want extend the table, or basically just want to know how many free table entries there is that you can add directly in asm. I think for general knowledge it's good also. But, know that takes time, so maybe something's to think about in future.
More importantly, in later versions (1.11b+) where the more aggressive optimizer is used, certain refs to constant entries in tables are inlined (the pointers are copied out and used for compares or directly as defaults etc), certain tables may also be disjointly referenced (ie: there are refs to element 0, 1 etc. or the base of the table is offset because of optimizations).

Also be careful with free entries etc, I've caught a few case where something looks like free space but gets overwritten by massive memsets/init loops (and as an addendum to this, the starts of some tables are actually used as sentinel/end addresses for compiler optimized loops, if you replace them without checking, you can cause many memory related problems).
Image
Netiquette, Do you USE it?!?! | Nefarius' Fixed TXT Files | Terms Of Service
Blackened | Day of Death | D2GFEx
"What was yours is mine. Your land, your people, and now your life." - Lim-Dul, the Necromancer
Judgement is Final, Death is Eternal

User avatar
JDS
Junior Member
Paladin
Posts: 198
Joined: Wed Jun 05, 2013 8:31 pm

Re: [1.13c] Major Function Tables

Post by JDS » Mon Jul 22, 2013 3:39 pm

Are they loaded directly from the data region of some dll, or are they put there by some other init code? I.e., if I modify the table in memory and write my changes to the executable (assuming that's possible), while the changes still be there when I load the dll the next time?

Sorry for all the questions but I'm currently putting up this: http://phrozen-library.wikia.com/wiki/C ... tion_Table

User avatar
kingpin
Retired Admin
Cherub
Posts: 10954
Joined: Sat Jan 11, 2003 12:51 pm
Contact:
Sweden

Hand-picked

Re: [1.13c] Major Function Tables

Post by kingpin » Mon Jul 22, 2013 4:11 pm

changes are there as long as you do BaseAddress + relative address. This because of ASLR or like they did in 1.10+, dll got reallocated and if you did full address it would very probably crash because it tries access a memory it shouldn't.

in c++ you would do this:

static DWORD CommonOffset = (DWORD)LoadLibrary("D2Common.dll");

then access the adress you do this: (CommonOffset + relativeaddress).

What could be important is to mention LoadLibrary.

Just as a note for other modders, always follow this and don't try to cheat it, because if you do your mod will be incompatible with win7/vista.

User avatar
JDS
Junior Member
Paladin
Posts: 198
Joined: Wed Jun 05, 2013 8:31 pm

Re: [1.13c] Major Function Tables

Post by JDS » Mon Jul 22, 2013 6:26 pm

Thanks, that answered my question :)

User avatar
kidpaddle94
Forum Legend
Principality
Posts: 2057
Joined: Thu Aug 13, 2009 2:54 pm
Location: localhost
Canada

Re: [1.13c] Function Tables

Post by kidpaddle94 » Tue Mar 15, 2016 4:21 pm

Updated.

User avatar
kain_abel_666
Posts: 68
Joined: Fri Apr 03, 2020 12:13 pm
Location: Canada
Canada

Re: [1.13c] Function Tables

Post by kain_abel_666 » Tue Apr 07, 2020 9:05 pm

JDS wrote:
Mon Jul 22, 2013 3:39 pm
Are they loaded directly from the data region of some dll, or are they put there by some other init code? I.e., if I modify the table in memory and write my changes to the executable (assuming that's possible), while the changes still be there when I load the dll the next time?

Sorry for all the questions but I'm currently putting up this: http://phrozen-library.wikia.com/wiki/C ... tion_Table
Seems like he only ever uploaded 3 functions.
I've stayed quite a while and heard what you have to say. Now it is time for the real Kain to emerge.

Post Reply

Return to “Code Editing”