All your hacking needs - Printable Version

Section I
[SIZE=2]Updated Hacks (1.11)
[/SIZE][INDENT]

skidude Wrote:Warning: Use caution when using hacks -- ALWAYS keep in mind use of hacks will result in an account /CD-key ban.

b1.11 said to be working hacks

New hacks added in blue.

Show your thankfulness! Vote for Blizzsector every month to keep us in our rightful spot!

http://www.gamesites200.com/diablo/in.php?id=575

Thanks to FrogMan for uploading files

Farcast v2
TO INSTALL:
1) Copy the contents of 'data' folder to your Diablo II folder.
2) Right click the shortcut you use to play D2 with. Click properties.
3) In the Target box add "-direct -txt" after the file path. ex."C:\Program Files\Diablo II\Diablo II.exe" -direct -txt
4) To "farcast" a target, hold shift and click on them with either charged strike OR lightning strike. These are the only two skills which can be farcasted. Farcasting targets through walls is possible if you use NightLight or maphack to give full light radius.
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » Farcast version 2

Nightlight Mod 1.9
TO INSTALL WITH NIGHTLIGHT:
1) Install NightLight first.
2) Replace the Skills.txt that came with NightLight with this one.

Modded patch_d2.mpq file, that works on closed Battle.net, which boosts fps, gives full screen light radius & more.
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » Nightlight Mod 1.9

Fail to join delay reducer read the readme
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » Fail to join delay reducer

ilvl Program
show ilvl of items only reads diablo 2 memory
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » ilvl Program
xAim
AutoIt script
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » xAim

TorchID by R1CH
Reveals stats of torch,anni,gheeds when dropped on floor... Doesn't show stats of unided stuff..
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » TorchID by R1CH
SOJ Counter
Counts Sojs and tells you if diablo walks the earth in yr game
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » SOJ Counter
AutoYou2 v1.0
What does this program do? You start the program, just start clicking stuff, when you're done press HOME, the script for what you just did will be written for you. The script will mimic your actions almost perfectly.
Diablo II Sector Downloads » Diablo II » Utilities » AutoYou2 v1.0

D2Chicken v1.0 by KG
I think I don't have to explain what the chicken is. In basis it's a program which automatically make an instant save&exit when you're situation is getting hot.
Diablo II Sector Downloads » Diablo II » Hacks - v1.11b » D2Chicken v1.0 by KG

Sting's Hackmap v2.24
Reveals acts and gives some indications on the automap for the specific targets and it works on both windows 9X and NT based OS's
[URL="http://www.d2sector.net/downloads/pafiledb.php?action=file&id=235"]http://www.d2sector.net/downloads/pafiledb.php?action=file&id=235
[/URL]

Trade Scam
The use of this program is very simple. Double-click the .exe then start Diablo. The program will exit when you close Diablo. You can run around, fight, trade and chat normaly. Once you find a player (sucker) to trade with you, go into the trade window and set up your items according to the .jpg's.

Refer to the included .jpg's for item locations.

Crappy Item Location.jpg - This is where, in your inventory, the crappy item needs to be located. Although I used a small charm for the screenie, the size of the item does not matter. It could be boots or it could be armor. Regardless of what the item is, it *** MUST *** occupy the square you see the charm in.

Insert Key Location.jpg - If you wish to use the 'Insert' key to trigger the scam, this is the location, in the trade screen, of the good item. This is the one case where size does not matter and location is everything. No matter what the size of the item, it *** MUST *** occupy the square you see the charm in.

Home Key Location.jpg - If you wish to use the 'Home' key to trigger the scam, this is the location, in the trade screen, of the good item. This is the one case where size does not matter and location is everything. No matter what the size of the item, it *** MUST *** occupy the square you see the charm in.

This program assumes that the name of your Diablo window is 'Diablo II'. If you are using Onlyer's no CD loader please ensure you title your window accordingly. It is possible that lag may effect the effectiveness of this program. Sucks to be you, don't lag.

=================== History ===================

11 June 04 - Version 1.0

Seems my directions are to complicated for some. Let's see if I can make them a bit clearer:

1) Start Diablo.
2) Log in.
3) Select your character.
4) Enter chat or a game. If in chat, find someone to trade with.
5) Once in a game, enter trade.
6) Place you good, or 'bait', item in either the Insert key or Home key location. It can be one or the other but not both.
7) Place your crappy, or 'switch', item where the picture shows it belongs.
8) Let your victim, or 'sucker', get a good look at the bait item.
9) Tell them some B.S. story about how you do not want to be trade hacked and in order to avoid being trade hacked you want to move the item around.
10) Press either the Insert or Home key on your keyboard. The program will automaticly move the good item around and, at a selected point, switch it out with the crappy item.
11) If all goes according to plan and you choose your vitcim wisley, they will not re-check the item, the checkmark will turn green and you will now become the uber-scammer.

Download TradeScam [134Kb]

GateCrasher 1.0 [by Snarg]

The purpose of this program is rather simple. Given a game name it will continue to try passwords untill either it finds the correct one, you stop the program or you get tired of running it. To use this program follow the steps below:

1) Start Diablo in window mode. If you do not know how to do this, search.
2) Log your account into the lobby.
3) Select a game you wish to attempt to enter.
4) Run GateCrasher and enter the 'exact' game name.
5) Sit back and wait.

To stop the program press 'END' on your keyboard. The program will also stop when it runs out of passwords to try. The first password it will try will always be the game name. After that, it opens up and reads from passfile.txt. passfile.txt should always be located in the same directory as this program.

This program has almost *NO* error checking!! It is very easy and quite possible that lag will cause this program to crash. If it does crash, you should be able to press 'END' on your keyboard to make it stop.

The password list included with this program is very small and quite limited. You are more then welcome to edit it as you see fit. The program is able to use special characters. If you do choose to edit the list, it must be formated as so:

word one
word two
wordthree
wordfour

I.E. every word, except the last one, must be followed by a carrige return (press enter).

There is no in-town pickit that I know of so you must be attentive. Once you get in a game, press 'END' on your keyboard and do what you wish from that point.

Code:

SplashTextOn ( 'GateCrasher', 'GateCrasher 1.0 by Snarg ([email protected])', 200, 100,824,0 )
Sleep (3000)
SplashOff ()

Global $PassFile = FileOpen ( "passfile.txt", 0 )

If $PassFile = -1 Then
MsgBox ( 0, "Error", "Unable to open passfile.txt." )
Exit
EndIf

$GameName = InputBox ( "Game Name", "Input Game Name", "" )

WinActivate ( "Diablo II" )
Sleep ( 500 )
WinMove ( "Diablo II", '', 0, 0 )
Sleep ( 500 )

Global $QuitIt = HotKeySet ( "{END}", "QuitIt" )

;====== Main Body =======================

TryCurrentName ()
ReadPassList ()

;====== Current Name Function =======================

Func TryCurrentName ()

MouseMove ( 715, 475, 1 )
MouseClick( "left", 715, 475 ) ;Click 'Join'

Sleep ( 500 )
Send ( $GameName , 0 )
Send ( '{TAB}' )
Send ( $GameName , 0 )

MouseMove ( 685, 435, 1 )
MouseClick( "left", 685, 435 ) ;Click 'Join'

Return
EndFunc

;====== QuitIt Function =======================

Func QuitIt ()

FileClose ( $PassFile )
Exit

Return
EndFunc

;====== Passlist =======================

Func ReadPassList ()

While 1

$Password = FileReadLine ( $PassFile )
If @ERROR = -1 Then ExitLoop

MouseMove ( 715, 475, 1 )
MouseClick( "left", 715, 475 ) ;Click 'Join'

Sleep ( 600 )
Send ( $GameName , 0 )
Send ( '{TAB}' )
Send ( $Password , 0 )
Send ( '{ENTER}' )
Sleep ( 600 )
Wend

FileClose ( $PassFile )

EndFunc

Download GateCrasher v1.0 [89Kb]

MulePermer v2.02 Beta - MulePermer working with patch 1.11 Features:
* Automatically perm's one full account in 16 hours.
* Automatically restart game if some error come up. (example: disconnection in game...)
* Show/hide counter (Display # of seconds when mule will be permed)
* Easy Setup
* Can run in fullscreen mode
MulePermer v2.02 Beta
[162 Kb]

No-cd crack working with 1.11.

How to install:

1) Download it
2) Open with winzip or program able to extract .zip files
3) Extract it to your Diablo 2 directory
4) Replace it with old d2loader (1.10) or original Diablo exe.

How to play with no cd

1) Put your diablo cd into cd-rom
2) Go to my computer, right click on the diablo head (press open). Copy the files called d2xvideo.mpq and d2xmusic.mpq
3) Go back to your Diablo 2 directory. Paste those two .mpq files here.
4) Double click on the diablo loader icon, it should now run.
YOU MUST DELETE ALL 1.10 PLUGINS, THEY ARE NOT COMPATIBLE WITH 1.11
D2 Loader 1.11
[17 Kb]

Simple Gold Dropper for Diablo 2 :) - created in AutoIt
Sniper Bourne's Gold Dropper v1.0
[65 Kb]

clone hunterv2.2
This program will allow you to automaticly find what is called a 'hot' IP address. The hot IP's are those where the Diablo Clone is most likely to appear. This program saves you the trouble of having to manualy create the games and check the IP by yourself.
Clone Hunter v2.2
[253 Kb]

1.11 D2LOADER
Official URL
-----
D2Loader Hacks >> D2Loader Hacks

About
-----
This is an unofficial, hacked version of D2Loader v1.10 to make it compatible
with Diablo II 1.11b. Most of the 1.10 parameters and what-not still work, so
please refer to the v1.10 D2Loader docs for more info about D2Loader.

Version numbering is now done completely by date to avoid confusion when there
is a Diablo II "v1.11b" and D2Loader "v1.11b02". When looking for the latest
release, look for the one with the latest date.

For the latest versions, please see D2Loader Hacks which will
redirect you to a page which has (hopefully) safe versions of the latest
builds. I can't promise whoever hosts the files will not replace them with
trojans and such, so please be careful as with any D2 related executables.

Installation
------------
Remove any existing v1.10 plugins - they will likely crash. Then copy the
.exe to your Diablo II directory and run it or whatever you want to do with
it. Below are some useful command line parameters you may wish to use:

-w Run in windowed mode.
-ns Disable sound (warning, can cause some crashes)
-nohide Don't hide the Diablo II window when losing focus.
-res800 Start at 800x600 (avoids window moving off-centre on load)
-sleepy Call sleep(1) to avoid D2 using 100% CPU time.
-title "foo" Set the Diablo II window title to foo.
-mpq foo.mpq Load foo.mpq (useful for additional CD keys)
-skiptobnet Skip straight to the BNet login screen.

Small editing has been done, grammar and whatnot.

Section II
[SIZE=2]D2Loader

[/SIZE]

wm_hunter's D2Loader guide.

wm_hunter Wrote:The latest version of D2Loader can ALWAYS be found on this link

Although it is useless now, I have decided to keep the TorchID plugin in the guide

I have decided to write a guide for D2Loader. I do not think that the hack is found in the download section of this site, you may ask a mod to scan the files to ensure they are virus free. D2Loader will not ban you. I have used it myself for over three months.

Its main purposes are:

- Running multiple copies of Diablo II
- Running Diablo II without a CD
- Using plugins, such as the one that protects from the Act2 Drophack or one that lists the type and stats of a Torch when dropped
- It is required for some hacks such as RGX Mod

If you decide to use the TorchID plugin (instructions below), then I cannot guarantee that you will not be banned. I have used the other plugins for a long time and I have not been banned in over three months. The TorchID will not currently get you banned, but may in the future.

Once you have download D2Loader...

The default Diablo II folder location is C:\Program Files\Diablo II

1 Rename your original Diablo II game file to whatever you want, I made mine Diablo II original.exe. You can move it or keep it in the Diablo II folder. Rename D2Loader to DiabloII.exe.

2 Extract the Diablo II.exe (the D2Loader one if you didn't change name of old) from the ZIP and place it in the Diablo II folder.

3 You can now run Diablo II without problems.

Note: If you had any shortcuts on the desktop, they will open this file automatically (as it is in the same place with the same name as the old one).

Once D2Loader is up and running, you can now do a number of things you were not able to do before.

To Run Diablo II Without The CD

1 Put the Diablo LoD CD into your CD-ROM (the one you need in the CD drive to play)

2 In My Computer, right click on the CD and select open.

3 Copy the d2xvideo.mpq and d2xmusic.mpq, paste them in your Diablo2 folder.

Run Multiple Copies of Diablo 2

Before We Start

- You will need more then one set of Classic\Expans CD keys. How do you get one? It is up to you to figure out a way to get more then one copy. Mods please PM me, I have a text file with a list of a bunch of CD keys, I do not want this post deleted and I am not sure if I can post it and not get in trouble.

- You will need a modified D2gfx.dll
- You will need Onlyer's Tool Package

Getting Down to Business

1 Open your Diablo II folder. Make a backup of your old d2gfx.dll
Right click on the old version, click cut. Paste it to a location that you will remember. Now extract the d2gfx.dll from the ZIP file into your Diablo2 folder.

If you were wondering: The d2gfx.dll has been modified to allow two Diablo II windows to be open at the same time

2 Make a copy of the shortcut to d2loader (Diablo II) on the desktop, and paste another one on the desktop. You will need two shortcuts on the desktop for later, each will use a different set of CD keys.

3 Extract the entire d2-cdkey.zip into its own folder.

4 Copy the cdkey.mpq into your Diablo II folder.

5 Right click on the auto-cdkey.reg and choose edit.

Modify the entry to look like this

Code:
REGEDIT4 [HKEY_CURRENT_USER\Software\Blizzard Entertainment\Diablo II] "owner"="[B]NAMEFROMKEYHERE[/B]" "d2cdkeympq"="cdkey.mpq" "d2xcdkeympq"="cdkey.mpq" "d2cdkey"="[B]Extra CD Key Here[/B]" "d2xcdkey"="[B]Extra CD Key Here[/B]"
The bold text needs to be changed to what it says.

6 Save the file. Right click on auto-cdkey.reg and select Merge

7 Open the d2-cdkey.exe from Onlyer's pack and Refill Both CD Keys

8 Right click on one of the desktop shorcuts. Choose Properties. Modify the Target box to look like the one below.

"*Your Diablo2 File, DO NOT CHANGE THIS*" -mpq cdkey.mpq

The dash and the add-on must be added to one of the two shortcuts only. If you are wondering what other kinds of target effects you can use (There are D2Loader only ones that are usefull), see My Guide [B]
9 You should now be able to run both at the same time. You may encounter problems trying to use the same Diablo II account on both keys.

RUNNING MORE THEN TWO?

If you wish to run more then two D2Loaders at once:
Change the text in the registry key to have a different name to it, fill it in as normal. By changing the registry key, you have changed the name of the MPQ file that has come out. When you go onto a third Diablo II shortcut, you can edit the target section in it's properties like this:

Code:
[align=left][I]C:\Program Files\Diablo II\DiabloII.exe[/I] [B]-mpq NEWNAME.mpq [/B][/align]
If you have something different then what I put in ittallics (different drive maybe), that does not change anything. Replace NEWNAME.mpq with how you have edited the registry key.

Drop hack PROTECTION

I do not believe in scamming. I will not supply links to the drop hack itself.

With D2Loader, you can also use small plug-ins in the form of DLLs. The only one I know for sure is safe, working and will not ban you, is the Act2 Drop Protection one. Drop hack scammers like to use an Act2 drop hack, which disconnects you from the game when you are in Act2. This is often used to scam drop-trades. After following the directions below (make sure you have D2Loader :)), you will no longer be effected.

Get the file from here

I really apologize for having it hosted on RapidShare. I will try to find a better source. Once you click the link, there should be a free button. After you click it, type the letters you see in the box, and click the download from *server name* box.

After you have it, you may need to create a new folder called Plugin in your Diablo II folder if it does not already exist. Extract the dropprotect.dll from the ZIP into there. You are now protected from the Act 2 drophack.

See Torch Stats When Dropped

I can not guarantee that this will not get you banned, I have only used it for a short time

As I mentioned above, with D2Loader you can use small plug-ins in the form of DLLs. I am not sure if this plugin is completley safe, as of this moment the people that use it including myself have not had any problems, but that may change in the future. This, along with the running multiple copies, should be USED AT YOUR OWN RISK!.

PICTURE HERE
Get the file from here

After you have it, you may need to create a new folder called Plugin in your Diablo II folder if it does not already exist. Extract the torchid.dll from the ZIP into there. You can now see the stats on a torch when one is dropped, as you can see in the above picture.

Torch ID will show the stats of the following

Gheeds
Annis
Torches

If you have any questions, reply here or PM me. If you feel I left anything out, reply here or PM me.

Edited for: Fixed typos, missing information, etc. Now used Onlyers to make the key change, easier for most people. Added TorchID plugin. Changed the guide to mention that running multi copies is safe.

Fixed some broken links. Fixed the renaming of Loader problem.

Kept latest version of D2Loader linked DECEMBER 31, 2006 is the latest

Added information for running more then two D2Loaders at one time.

No editing needed, perfect.

Section II - Continued

Spitfire's D2Loader guide.

Spitfire Wrote:Official URL
-----
D2Loader Hacks >> D2Loader Hacks

About
-----
This is an unofficial, hacked version of D2Loader v1.10 to make it compatible
with Diablo II 1.11b. Most of the 1.10 parameters and what-not still work, so
please refer to the v1.10 D2Loader docs for more info about D2Loader.

Version numbering is now done completely by date to avoid confusion when there
is a Diablo II "v1.11b" and D2Loader "v1.11b02". When looking for the latest
release, look for the one with the latest date.

For the latest versions, please see D2Loader Hacks which will
redirect you to a page which has (hopefully) safe versions of the latest
builds. I can't promise whoever hosts the files will not replace them with
trojans and such, so please be careful as with any D2 related executables.

Installation
------------
Remove any existing v1.10 plugins - they will likely crash. Then copy the
.exe to your Diablo II directory and run it or whatever you want to do with
it. Below are some useful command line parameters you may wish to use:

-w Run in windowed mode.
-ns Disable sound (warning, can cause some crashes)
-nohide Don't hide the Diablo II window when losing focus.
-res800 Start at 800x600 (avoids window moving off-centre on load)
-sleepy Call sleep(1) to avoid D2 using 100% CPU time.
-title "foo" Set the Diablo II window title to foo.
-mpq foo.mpq Load foo.mpq (useful for additional CD keys)
-skiptobnet Skip straight to the BNet login screen.

Version History
---------------
D2Loader v1.11b (Nov 11 2005)
-----------------------------
Added -altcolor option for windowed mode, will use different colors when
drawing the monster name / hp box so it is more visible. Yes, this uses more
code patches, but I really hope Blizzard doesn't mind this accessibilty option
as it's pretty hard to see it in windowed mode without this fix.

D2Loader v1.11b (Oct 04 2005)
-----------------------------
Fixed -sleepy behavior acting weird sometimes (ie high CPU usage / random D2
window 'freezing' on menu). I'm amazed this didn't actually crash since there
was a jump into the middle of an opcode (*blushes*) :D.

Bound the executable to Diablo II v1.11b and WinXP SP2 entry points for maybe
a slight improvement in load time.

D2Loader v1.11b (Sep 22 2005)
-----------------------------
Patched the D2Lang.dll patches so -locale works again. Since I don't have a
Korean D2 or whatever, I can't test this actually works, but it looks like it
should - my D2 crashes looking for some Korean fonts with -locale Korean.

Added ability to read extra command line options. This allows further features
that would require a command line option. Such as...

-nohide command line option. If set, will subclass the main D2 window handle
and block WM_ACTIVATEAPP/0 from reaching D2, which will prevent the D2 window
from hiding when it loses focus. Diablo II usually gobbles up 100% CPU time
when not hidden (see below for a 'fix' for this), so running multiple windows
with -nohide could cause some significant slowdown. Don't use this in full
screen mode for obvious reasons.

-sleepy command line option. If set, will patch the arguments to sleep() in
D2Client and D2Win so they aren't zero. This results in the Diablo II process
using much less CPU time since it isn't stuck in such a tight loop. Note that
this *might* result in oh-so-barely lower FPS, but I don't think that's a
concern in D2 :-). The benefits of this should be apparent to anyone with a
fast system... and why Blizz are calling sleep(0) is beyond me :D. Note that
there are still some areas that use 100% CPU time regardless since they aren't
part of the menu / game loop.

Fixed a small jmp to the wrong place on the rare chance you had any plugins
installed.

Fixed VirtualProtect not restoring correct memory access options after
applying patches (yeah I suck at the x86 asm :P).

Fixed BNClient and other future patches being applied more than once when
re-entering the main menu.

Edited the PE header to provide the correct code size. This shuts up OllyDbg's
SFX warning so I don't get quite so frustrated each time I have to restart :).

Also a tip to any people who are making Diablo II hacks that install by
finding the D2 window: EnumWindows / GetClassName / GetWindowThreadProcessId
are your friends. Don't go enumerating the executable names as these aren't
100% reliable due to renaming. The D2 window classname is "Diablo II".

Small note, the last version recommended using '-nocleanup' to do a 'nice'
shutdown of D2 - a word of warning - don't use -nocleanup with -skiptobnet or
every time D2 tries to exit by going back to the menu, it will reconnect to
bnet and you'll be stuck in a rather nasty foreground-hogging infinite loop.

A forewarning, the next release may have another 2KB added on to the file size
as I'm running quite short on space in the current executable to continue
adding more features. It probably doesn't help that my code is so bloated :).

D2Loader v1.11b (Sep 15 2005)
-----------------------------
Few fixes here, the first new hack I'd added I accidentally called XP SP2
DLL addresses instead of using the import table for the new error box stuff.
Oops. Now all Windows versions should get the error dialogs when there is
a problem initing. I also added a version check so that the executable won't
even run if it detects a new version of D2. Due to the amount of stuff that
Blizz seem to change each release, it's extremely unlikely that an old loader
version would work with a new patch.

This version also has EVERY ordinal fixed, even ones that were missing from
the original v1.11 loader. As such, obscure parameters such as -gamma, -lq
and -vsync now work correctly. I figured if Blizz release 1.11c anytime soon I
wouldn't want to go checking back three versions worth of changes :).

Point of interest: it seems -nocleanup works backwards, ie "no cleanup" is on
by default and if you specify -nocleanup, D2Loader will go through the normal
D2 shutdown procedures (close sound, unload DLLs, etc). Now that the cleanup
ordinals are mapped, -nocleanup works nicely and does a 'graceful' close of
Diablo II. While I don't want to change any defaults, I'd recommend you use
-nocleanup on your command line to do a graceful exit instead of ExitProcess.

This version is really what I wanted the last version to be when I released
it, but sadly I didn't have time to do all these things. I decided to just
get a version out there that worked with v1.11b to keep all the people happy
who depend on D2Loader to be able to play the game.

D2Loader v1.11b (Sep 14 2005)
-----------------------------
Just to add further confusion, Blizz released v1.11b and a lot of people saw
the "v1.11b02" and thought it was for v1.11b. The b is for the build number.
I've changed how the version string is now written to reduce further mixups.
This version simply fixes the ordinals for v1.11b and again, D2Loader is back
in business. One small fix, if you Alt+F4 out of D2, the cache file handle is
properly closed and deleted. As usual, keep an eye on the D2Loader redirect -
D2Loader Hacks for the latest versions.

D2Loader v1.11b02 Sep 09 2005
-----------------------------
Added some code to the resource section to support extra hacks which wouldn't
fit in any other places. This may cause some virus scanners to go crazy since
code shouldn't be running from the resource section :). It's quite safe, just
heuristic scanners may give false positives. This new code section also makes
it much easier to extend D2Loader functionality at a later time if needed.

New in this build is a bnclient.dll patch to generate the bncache name based
on the PID of the D2Loader process. This prevents multiple D2s trying to lock
the file (and subsequently one of them dropping with C/I). If you missed the
point there, multiple D2Loaders can now run on bnet at the same time without
having to copy a ton of .exe/.dll files all over the place.

Also a few minor improvements, SetErrorMode is called on init to prevent the
annoying "No Disc In Drive / Continue/Try Again/Ignore" dialog boxes that can
occur if you run D2Loader with virtual CD and/or empty CD drives. Any fatal
errors such as missing MPQ files on startup are now shown in a message box so
you can actually see what the problem is rather than having the loader exit.
Finally, FlushInstructionCache is called after patches are done to ensure no
problems arise from not doing so.

A word of warning, "Warden" - Blizzard's new hack detection software - can
easily be updated (if it doesn't already) to detect D2Loader usage. You take
a risk as with any 3rd party hacks - while I personally would hope something
as simple as self-muling and running without the CD is fairly harmless, it's
ultimately up to Blizzard. This version of the loader is unable to load any
plugins so it can't be used to load any further hacks, but again, it's your
choice to run it.

D2Loader v1.11b01 Aug 01 2005
-----------------------------
Hacked with love ;-)

Fixed up imports from D2 DLL ordinals and bam, it works with v1.11. Note that
the plugin system seems to work, but individual plugins will likely need many
changes to be compatible with 1.11. I strongly recommend you remove all v1.10
plugins before trying to use this. Enjoy.

Fullscreen/D3d UNTESTED, not recommended!

Again no editing necessary.

Section III
[SIZE=2]Sting's Maphack
[/SIZE]

Siris Wrote:Do to the fact that i have been seeing various threads and also ppl flooding me with pm's/emails/msn mgr i have desided i should write a new guide. Also a lot of the ppl have said that the previous guide is confusing. This is just basic show full automap guide.

Note: I will be constantly editing this guide. If you have any suggestions p/m them to me. Also if you spot any errors also fell free to p/m me.

Step 1
Click here to download Sting's Maphack

Step 2
Extract the program to where ever you desire. (i put it into my Program Files directory.) For easy access to it right click on the d2hackmap.exe and then click create shortcut. (d2hackmap is located: "\d2hackmap_v2.24\bin" The d2hackmap.exe icon looks like bart simpson with a magnifying glass) You can then move the shortcut to your desktop and/or your start menu.

Step 3
Run Sting's Maphack by clicking on the d2hackmap.exe or on your shortcuts. Next click options. Then under Reveal Act select the option auto reveal act without IScan. Next click Apply then Okay. (See below.)

Step 4
Minimize Sting's Maphack and play Diablo II. If you have followed these steps you never need to click on reveal act. just run Sting's Maphack and then run Diablo II.

The Plugin
Only click on the install plugin if you are going to play on Single Player or Open Battle.net. When you click on install plugin you will get an error msg saying this is detectable. If you are going to use it on Single Player or open bnet then just ignore it and click on yes/okay (dont remember if it is yes or okay.) To turn off the plugin mode just click on unload plugin. For those of you that use the plugin the button to reveal players equipment is zero. (NOT the numpad zero, it's the zero above the alphabet.)
-------------------------------------------------------------------------------------------------------------------------------

Now if you choose to continue to click on reveal act (you dont need to anymore because when you selected auto reveal and therefor it will reveal act whenever you join/create and change acts for you. That way you never need to minimize Diablo II.) you will can an error msg. A major error msg you will get is if you are using D2loader. It will detect that you are using another hack and warn you. Just click yes and ignore the message. (For the D2loader error msg see below.)

But remember if you follow these easy steps you will never have to click on reveal act. Now if you get another error msg besides the one that says you are using another hack just ignore it. it will still reveal the act. If it asks you to continue then select yes.

If you get another error msg and it doesnt reveal that act, post me a picture of it and/or type it word for word. I will then help you the best i can. Just post you problems here instead of making all the new threads.

And again if you have followed these steps you will never have to click on reveal act. The reason i keep saying this is because ppl seem to not understandd that when they select auto reveal they dont need to click on reveal act. Trust me i have had many many many pm's/emails/msn msg's on this.

And if you still have questions feel free to post them here and not make new threads. However, before you post here be sure that when the error msg that pops yup can be ignored. When the error msg pops up make still see if it actually does reveal act. If the error msg asks for you to continue then continue. Also just folow these steps so that you dont have to or need to click on reveal act. And since you dont need to click on reveal act anymore you should get any error msgs.

Making and Hosting a Picture:
To make a picture you must first goto the image you want to make a picture out of. (like if you want to make a picture of the error message on Sting's Maphack.) Once you have the image you want to save on screen press Print Screen on your keyboard. (to the right of F12) Then open paint and make a new document. Next goto Edit>Paste. This will paste the picture of your image into paint. Then press the rectangle select button from the paint toolbar. (See below for a picture of the select button.) Next click and hold at the top left corner of the section of the picture that way what to save. (like i just selected the MH and left out my desktop.) then drag down to the buttom right corner of the section you want to save. Then release your mouse and go to Edit>Paste. Then goto File>New and click no to save your old pic. Then once the new document is up goto Edit>Paste. And thus you have a picture of a select portion of an image from your desktop. Next goto File>Save As and name the document anything you wantand save it as a jpeg. Next goto ImageShack® - Hosting or Image hosting, free photo sharing & video sharing at Photobucket. (photobucket is easier for ppl to use.) and register there. Once you have registured goto your album and on the upload images spot click browse. Next select the picture you just saved and click open. Then press host it/upload. next scroll down and you should see your image. Then to make i easier highlight the link that says directlink and right click and press copy. Then when you want to show the image here at the forums just type [img]LinkOfThePictureHere[/img]. And thus you have hosted and image.

Note: I will be constantly editing this guide. If you have any suggestions p/m them to me. Also if you spot any errors also fell free to p/m me.

Yet another guide we're thankful to have done by one of our better members, no editing needed.

Section IV
[SIZE=2]Unperms

[/SIZE]

eskimo Wrote:This is a guide to let people know about unperms and dupes

Magical and Unique Items
There is no way to make duped magical or unique items permanent

You can't sell / rebuy to a vendor.

You can't rejewel or rerune it

Cannot be renamed

Using socket quests does not make the item permanent

These ways are not real~

Runewords

Each item has an ID, when you make something a rune word then it changes it's ID. After it;s ID has changed it stays changed (Re-runing doesn't change an ID again), if it's duped then every one will be unperm. You cannot hel it and make it into a runeword again, it will still stay unperm because the ID has changed. Also if you have duped runes and put them into a socketed item they will become perm. (Unless a full ruststorm is ran)

Example

Perm
1. You have a Shield (for example).
2. You dupe it.
3. You socket it and make it into a Spirit.
4. It's now perm

(Also, if the shield was socketed, then duped BUT never made into a runeword, after its duped and made into a runeword its perm.)

Unperm
1. You have a Spirit Shield.
2. You dupe it.
3. It's unperm.

(Even if you unsocket the shield, and make it into a runeword again, it is still unperm)

Some people dupe white items with one rune missing. As long as the item has not been made into a runeword previously then it will be perm once the last rune will be added because that will make it change its id and therefor be permanent.

Items poofing

Many people may say that their items are perm just because they had them a long time. But this does not mean they are perm. For an item to poof it needs to be in the same server as another item with the same id. So for example 2 people wanted to have a Zon or something and 1 person buys 1 set of gear Dupes the whole thing and gives to second person. As long as these 2 people never join the same server then their gear will never poof. So this is where many people are confused, if you buy an item that is not widely duped that means you have a very slim chance of meeting in a game and have the item poof, so many people thinks that this means their item is legit or perm. The Way to temp perm which keep's your item's temporarly permed is you enter trade screen, and then exit trade screen and leave all with in 2-5 second's KEEP IN MIND YOU MUST DO THIS EACH GAME IF YOU DONT WANT YOUR ITEMS TO POOF!!!

Other Items

Some regular items have no id, so when they are duped they will always be perm. Some of these items are;

1. Gold
2. P Gems
3. Organs
4. Keys
5. ANY 0 socket white item.
6. When duped jewels are put into an item, they become perm
7. Duped unidentified items, are unperm, even when identfied.

Minor grammar editing done.

Section V
[SIZE=2]How to (dis)prove dupes

[/SIZE]

Siris Wrote:Due to the fact that many many people call others liars and say that they can't dupe and it is fake, I have desided to make a guide on how to prove you're on Closed Battle.net. Not only will this prove your dupes but it can also help others identify if various dupe programs are real or just a farce. This will be relatively short because there is not much explaining to it. Just the simple use of the right Battle.net command.

Step 1
Log into Battle.net (closed) onto your accout. Then select the character that has your dupes or the char you are going to dupe with. Next join a game.

Step2
Now do what ever you are going to do with your dupes. When you are ready to take a screenshot of your dupes, program, etc; simple press enter to open the chat box. Then type the command /whoami. Then just take the screen shot.

Closed Battle.net
Now if you are Closed Battle.net it will say (in blue text): You are CharacterNameHere (*AccountNameHere), using Diablo II Lord of Destruction in a private game. For me it seems to always say private game even if I am not. However, it may also say you are in game <GameNameHere>.

Open Battle.net
When you type the command /whoami on open it will say: You are *AccountNameHere, using Diablo II Lord of Desctruction in a private game. Again it also may display game name.

Now obviosuly if you play nox (not on expasion, in other words classic d2) then it will only say Diablo II. Also you can see the difference between open bnet and closed. First it will display you Character name on closed. Also your account name will be displayed in ( ) on closed.

Note
Skilled people at graphics can doctor the picture to look like it is on closed. Just look closely at it and see if you see any flaws in the test and bakground to see if everything lines up. Now this there will always be people that can perfectly doc a picture but this guide should be handy for most instances. Also note that this does not prove they are actually duping this just proves they are on closed bnet. Like said at times people can be really rich and just have the runes. However, if you show a video and have this then it will help a lot. In other words there is no 100% way to prove but again this should help a lot more.

Also When the duped items are on the ground and the person holds alt (or what ever you switched the show items key too) to show the items, look to see if the background of the item name is the same. If they are then the items name has just been coppied and paste a bunch of times. This has been done here at blizzsector and the link is below. (Thank you wm__hunter. credit for this goes to him)
http://img231.imageshack.us/img231/8512/screenshot0048vv.png (Thanks to Bloodangel who has found the link)
So when you go to that thread you can see clearly the names are some what over lapped and the backgrounds of the item names are all the same. That will give you to hints so that when you look at other screenshots you know what to look for.

Making and Hosting a Picture (Copied from my Sting's mh guide)
To make a picture you must first goto the image you want to make a picture out of. (like if you want to make a picture of the error message on Sting's Maphack.) Once you have the image you want to save on screen press Print Screen on your keyboard. (to the right of F12) Then open paint and make a new document. Next goto Edit>Paste. This will paste the picture of your image into paint. Then press the rectangle select button from the paint toolbar. (See below for a picture of the select button.) Next click and hold at the top left corner of the section of the picture that way what to save. (like i just selected the MH and left out my desktop.) then drag down to the buttom right corner of the section you want to save. Then release your mouse and go to Edit>Paste. Then goto File>New and click no to save your old pic. Then once the new document is up goto Edit>Paste. And thus you have a picture of a select portion of an image from your desktop. Next goto File>Save As and name the document anything you wantand save it as a jpeg. Next goto ImageShack® - Hosting or Image hosting, free photo sharing & video sharing at Photobucket. (photobucket is easier for ppl to use.) and register there. Once you have registured goto your album and on the upload images spot click browse. Next select the picture you just saved and click open. Then press host it/upload. next scroll down and you should see your image. Then to make i easier highlight the link that says directlink and right click and press copy. Then when you want to show the image here at the forums just type [img]LinkOfThePictureHere[/img]. And thus you have hosted and image.

I hope this helps to bust scammers and to help actual dupers. P/m with more information and I will up date my guide. Feel free to post or p/m me with questions, comments, or concerns.

No editing needed.

Section VI[SIZE=2]
How to hack DII - Edition #1

[/SIZE]

skidude Wrote:File: HowToHackD2_Edition1.txt
Author: Jan Miller

Requirements

-C Language basic knowledge
-x88 intel ASM basics
-Windows API / Windows programming basic knowledge
-OllyDbg (You can get it here: OllyDbg v1.10 - but if you don't have it yet, you might aswell just skip this paper for the moment *g*)

.. and most importantly: Diablo II: Lord of Destruction with v1.11 Patch

General Introduction

This paper is going to be the first of a series of papers I plan to publish in the future. The series of papers has been designed for "regular coders" that are at interest to enhance their knowledge in the field of game-hacking. That means: IF you're already an experienced game-hacker, this paper might be quite a bore for you ;-). I plan on increasing the difficulty with the upcoming papers, so essentially my readers can grow and increase their qualities while we walk the road. I will also do my best at keeping the language as clear and straightforward as possible.
--

OK, now that we've got that stuff out of the way, let's get things 'rollin. Today we will take a deeper look at the red life-ball that displays your life when hovering the mouse above it. We will essentially try to reverse engineer Diablo II functions along the way - figure out how everything works - and to finish it off, write a hack that will ALWAYS display the life above the red life ball! :-) This may seem like alot of work at first, but hopefully you will get the catch sooner or later. "Reverse engineering" isn't that hard, if you take your time and make sensable assumptions. In the end, you're basically re-constructing a crime, sort-of like Sherlock holmes :-).

Chapter I - The Theory

Why do we need to find an entrypoint? Well, Diablo II has a few million lines of code, so we should try to imagine how the code-flow in Diablo II will probably be looking like, that draws the "Life: Min/Max" text above the red ball. In the end, all Diablo II functions will boil down to the basic system functions, so they will be our entry-point.

First, let's use our well-functional brain and gather some basic information, before starting (note: Using a moment of silence to think about the problem before tackling it, will be referred to as the "zen approach").

What do we know about text-drawing in Diablo II?

1) Diablo II is an international game that is sold in asian countries aswell. We assume that they handle strings in UNICODE format, to support countries such as "Korea"
2) In order for Diablo II to draw a text at a specific location, it needs to gather infos about the text it is drawing and where it is drawing. The infos gathered will be: "String length", "Screen Dimensions", "Text Color", etc.

What do we know about the red ball?

The most important fact about the life being drawn above the red ball is that the text is centered. The life of a player is variable, so the string length of the "Life: Min/Max" string will be variable aswell. So, in order for Diablo II to draw that string, it needs to somehow calculate its string-length - that is definate!

OK, so in this case I will use the fact that Diablo II needs to calculate the string length as our approach to get an entrypoint into a code-location that is near the "Draw Life to screen" function. This is the code-flow that I am assuming:

Quote:
<table border="0" cellpadding="6" cellspacing="0" width="100%"> <tbody><tr> <td class="alt2" style="border: 1px inset ;"> -> Diablo II gets mouse info
-> Diablo II checks if mouse is hovering the life ball
-> Diablo II calculates the players life
-> Diablo II sets up the output string (we will probably see a referrence to d2lang.dll here, as the Prefix may be "Life", "Leben" or any other language-dependent output)
-> Diablo II will print the string to the screen
---> Diablo II will calculate the string length in here, somewhere (THIS IS OUR ENTRYPOINT!!) </td> </tr> </tbody></table>

So basically, we will be breaking into Diablo II's code very deeply and use the stack to "walk back" to the callee functions. More to that later!

Chapter II - The Approach

So, fire up Diablo II and join a singleplayer game. That's my "preferred" environment for Diablo II reversing, as you will not "timeout" from a game if it's paused for too long (unlike battle.net, where you will be booted from the server for missing ping responses).

Alright, after you joined a singleplayer game and successfully attached OllyDbg to Diablo II, let your mouse hover over the life-bar so Diablo II's code passes the "IsMouseHoveringBall" check and actually draws the life. As soon as your mouse is hovered above the life-ball, use alt-tab to tab back to olly (be sure to not move your mouse before tabbing out of Diablo II). This is necessary, because we want Diablo II to save our mouse-position above the ball. The next time we maximize Diablo II the "IsMouseHoveringBall" check will pass and the code location's we breakpointed will be executed.

We will now try to find the "string-length" function as suggested in Chapter I and set an execution breakpoint there. You should have Diablo II minimized with your mouse hovering over the life-ball with ollydbg attached to the process before following these steps.

1) Press ALT-E to open the module list of Diablo II (lists all .dll files that Diablo II is using)
2) Find d2lang.dll and select it. Now Press CTRL-N to get a list of imported/exported function names
3) Find the mangled "strlen(UNICODE)" function and set an execution breakpoint (F2)

4) Now we are ready to maximize Diablo II, do so. You should be breaking at the strlen function now. Obviously, this function is being called by many different functions in Diablo, so you should press F9 (run) so many times until you actually see the "Life: Current/Max" string in the ECX register (used as parameter, if you take a close look at the function). You should eventually end up looking at something like this

Note: It displays "Leben" instead of "Life" in the screenshot, because I am using the german d2lang.dll

5) Now take a look at the stack, it should be looking like this:

As we can see, the d2lang.strlen(UNICODE) function is being called by D2Win.6F8EDFB9, which is probably inside the "TextDraw" function (we are making this assumption, based on the code-flow we created in Chapter I). We can also see, that the *supposed* "TextDraw" function is being called by a function in D2CLIENT (the second return address in the stack, see picture above).

6) Right-click the second return address in the stack and select the "Follow in Disassembler" option in the drop-down menu. You should now be at this code location:

As you see, I've commented it abit. At this point (now that we know where the "TextDraw" for the life-ball hover-text is called) you should clear the breakpoint on the string function and set a new one abit futher above the new code location we found and repeat the process of maximizing Diablo II and breaking at the new location you chose. Do that until you understand what is going on and can make judgements about what the code is actually doing.

On a side note: We can derrive from the analysis of the d2lang.#10005 function call, that the function has this syntax:

Quote:
<table border="0" cellpadding="6" cellspacing="0" width="100%"> <tbody><tr> <td class="alt2" style="border: 1px inset ;"> typedef wchar_t* (__stdcall* fnGetLangStringByID) (DWORD dwID) </td> </tr> </tbody></table>

7) Now that we know what function actually draws the text, let's investigate how Diablo II actually gets the players life. Clear all your current execution breakpoints and make a new one at d2client.6FADD6C0 (the first instruction of the "DrawLifeAboveLifeBall" function). Restart the entire process (press F9 to let d2 execute itself, maximize d2 and then move your mouse over the life ball so olly breaks) so we can get a fresh start.

8) Now that we breaked at d2client.6FADD6C0 let's follow the code-flow and learn how Diablo II gets the players life. To do this, it'd be a good idea to get the hex-value of your current (and max) life. In this case, the hex value is: 0x2C (45 decimal). IF you really don't know what you're doing, you just follow the code flow by single-stepping (with F7) until the EAX register (which holds the return value of a function) returns our life, which is 0x2D (all values in ollydbg are displayed in hexadecimal). The first referrence of our current life is found here:

As you can see in the image, EAX holds the value 0x2D00 and is (a few instructions later) shifted to the right by 8 bits, which would result in 0x2D. IF you remember, our current life is 0x2D! BINGO!

We can now derrive from the analysis the following functions:

Quote:
<table border="0" cellpadding="6" cellspacing="0" width="100%"> <tbody><tr> <td class="alt2" style="border: 1px inset ;"> typedef DWORD (__fastcall* fnGetOwnPlayerStat) (DWORD StatID) //d2client.6FADCCC0 param passed in EAX! </td> </tr> </tbody></table>

Quote:
<table border="0" cellpadding="6" cellspacing="0" width="100%"> <tbody><tr> <td class="alt2" style="border: 1px inset ;"> typedef DWORD (__stdcall* fnGetMaxLifeFromUnit) (unit* ptrToUnit) //d2common.#10907 </td> </tr> </tbody></table>

As you know, __stdcall passes the parameter on stack and __fastcall passes the first two parameters in ECX and EDX, the rest on stack. ODDLY enough though, the "GetOwnPlayerStat" function passes the parameter in the EAX register, which is very uncommon. This is the case, because Blizzard changed their compiler settings to call functions in a very optimized way (MSVC++ 7.0 might've been the cause). The only way we can actually call the function is to build a "wrapper" that adjusts the parameters for us. You'd call "GetOwnPlayerStat" like this:

Quote:
<table border="0" cellpadding="6" cellspacing="0" width="100%"> <tbody><tr> <td class="alt2" style="border: 1px inset ;"> DWORD __declspec(naked) __fastcall GetOwnPlayerStatWrapper(DWORD StatID) {
__asm { mov eax, ecx //first parameter is in ECX, so we move it to EAX, as the D2 function requires it
call fnGeOwnPlayerStat
ret
}
} </td> </tr> </tbody></table>

9) Now that we have completed the analysis, let's move on to our actual goal: Making a hack that always enables the life display above the life-bar, irregardless if the mouse is hovering. We're taking the same approach as in step 5) - we will breakpoint at the first instruction of the "DrawLifeAboveLifeBall" function, let olly break at it, and check out the stack as to who is calling us. Then we will investigate at -what condition- we are being called. It turns out, that actually the function is called *no matter where our mouse is located* - so the conditional check has to be somewhere between the first instruction (d2client.6FADD6C0) and the call that gets our current life (d2client.6FADD742). A little "guessing work" will make us come up with these results:

10) Now that we know where the actual check happens, we can circumvent it easily. A possibility to do so is to add an unconditional jump at d2client.6FADD710, as shown in the image:

Chapter III - Writing the hack

Basically, to make the hack that displays the life above the life-bar at all times, we have to only change 2 bytes in Diablo II's code. We need to write 0x2BEB at d2client.6FADD6C0. You could achieve that by changing the memory protection of that memory page to EXECUTE_READ_WRITE and calling WriteProcessMemory - or just simply overwriting the location. Your .dll file could look like this (very dirty code):

Code:
[align=left]BOOL WINAPI DllMain(HINSTANCE hDll,DWORD dwReason,LPVOID lpReserved) { switch (dwReason) { case DLL_PROCESS_ATTACH: *(WORD*)&0x6FADD6C0 = 0x2BEB; //enable life display above life-bar at all times break; case DLL_PROCESS_DETACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: default: break; } return TRUE; }[/align]
This would actually do the job. Detectability is another issue, but that is not the aim of this essay. We might address that in another future edition.

I hope you enjoyed this essay and I hope you have tasted and increased your interest in game hacking. :-) This essay was written with a "few" beers in my body, so it is very possible that I've done some mistakes. Feel free to point them out!

Remember: Free information for the free mind!

Absolutly NO editing necessary, nice job skidude.

Section VII

Beginner's Guide to Packets

etanol Wrote:Posted @ BH by Electrical Magic

OK, now you know something. Lets try some old patched methods. You need d2hackit and snifferxp or snuff. Snuff is better and easier to use, so try with it.

This method is the old potmatrix dupe, try it in single player since it's patched in realms. Originally posted @ BH by Comi.

I'll make it a little clearer.
- use d2 in windowed mode
- first load snuff with ".load snuff"
- since you need to see packets 13 and 19/24 type ".snuff show s 13 19 24"

The rest you should figure out by yourself. If everything goes fine, the potion should be sold at npc and you should still have it in your belt buffer.

all this was added by skidude under here

Beginner's Guide to Packets by EvilCheese

Here's a little tutorial I wrote some time ago. I've dusted it off and updated it a touch for 1.10. I dont know how useful it will be, but I'm sure someone will get something from it.

It covers basic loading of modules, sniffing, packet sending etc... as well as some simple theory.

Anyway... here it is:

************************************************** ****
D2Hackit / Packet sending FAQ/Tutorial for ******s (and oldies)

Version 0.6

Written by EvilCheese for Blizzhackers

If you see it anywhere else then it's not where it should be.
************************************************** ****

Contents

1)Introduction
1.1)What is D2Hackit?
1.2)Essential Files.
1.3)Installing D2Hackit and modules.
1.4)Running D2Hackit and modules.

2)Packets
2.1)What are packets?
2.2)Why send packet?
2.3)How do I send packets?
2.4)What does the "receive" command do?
2.5)How do I find out which packet does what?
2.6)What's a BYTE / WORD / DWORD?

3)Using packets to do something.
3.1)Getting IDs.
3.2)Picking up an item from your inventory.
3.3)Selling an item using packets.

4)Afterword.

************************************************** *****

1) Introduction.

1.1) What is D2Hackit?

D2Hackit is a program that loads itself "into" the D2 game. It ties into several of the core game functions, allowing module coders access to those functions to perform actions such as sending packets, as though it was the game itself that was carrying out those actions.

Although it has several very useful functions, D2Hackit is not an end in itself, but merely a means to an end. The real functionality and usefulness of it lies in the Modules which we use with it.

These can be as simple as packet senders/sniffers, or as complicated as a shopping bot.

1.2) Essential Files.

For the purposes of the tutorial sections, you will need the following files:

-D2Hackit
-Diablo2
-Sniffer module
-Bind module

Be careful, and make sure you only download these files from trusted sites. Scan them thoroughly with up-to-date virus scanning software, and check your system after running, to make sure you havent inadvertantly installed a keylogger on your machine.

1.3) Installing D2hackit and modules.

Installation of D2Hackit is extremely simple. Just extract all the files from the zip to any directory on your hard drive. It doesnt matter in the slightest where you put it, so long as you know where it is.

Installing modules is exactly the same. Extract any modules you wish to use into the same directory as D2Hackit. There will normally be a .d2h file, and perhaps an .ini file and a .txt file also. Make sure these are all in the same directory as loader.exe.

1.4) Running D2Hackit and modules.

Once you have D2Hackit installed, and any modules you wish to load, you then need to get them working. This is done in the following way:

-Load Diablo2.
-Join/Create a game.
-Alt-tab to desktop.
-Find your D2Hackit directory.
-Double-Click Loader.exe
-Go back to D2.

You should see some text telling you that D2Hackit has loaded successfully. Now to load our modules. I'm going to assume that we're loading the modules for the tutorials, but the process is identical for any others too:

-Press enter to get a chat box.
-Type .load <modulename> (eg .load sniffer .load bind .load block)

You should see a message saying the module is loaded, and perhaps a brief mention of the author.

If you want to get help or see a list of commands available in a module, type:

.help

to see all of the basic D2Hackit commands, or:

.<modulename> help

For a list of all commands in a specific module.

For help on a specific command, use:

.<command> help

or

.<modulename> <command> help

Eg.

.pickit toggle help
.sniffer hide help
.bind set help

2) Packets

2.1) What are packets?

To understand what packets are, and how they relate to D2, you first need a little background on how D2 works when playing on closed bnet.

D2 runs as two different pieces, a server program and a client program. The server program is what actually runs the "game"... it's where everything actually happens.

The client program acts as a "window" into that game, allowing you to see what's going on, and to interact with the game.

When you play on closed bnet, the server is run on Blizzard's machines, and only the client is run on your personal computer.

Packets are pieces of information and instructions sent to and from your machine allowing you to see and interact with the game. Almost every action you do (Walking, Attacking, Picking up items) involves a packet being sent to the server, and everything you see happening (other people attacking, other people dropping items) involves a packet being sent from the server to you so that you can see it.

Diablo 2 packets typically consist of a single byte (2 numbers) identifier (such as 13) and then several pieces of data, usually organised into DWORDS (groups of 4 bytes, or 8 numbers).

2.2) Why send packets?

There are many reasons why you would want to send packets.

At the basic level, packet sending can be used to perform basic tasks within the game. You can pick up items, drop them, interact with NPCs etc just using packets.

At a more advanced level, packet sending can be used to perform actions at the wrong times, or in a way which you would not be able to do using the standard game client. This is useful for discovering loopholes, and exploits, which can then be turned into hacks.

2.3) How do I send packets?

Very handily, D2Hackit has a built in command which allows you to send any packet you like to the game server.

This command is .send, and is used like this:

.send xxxxxxxx....

Where xx represents the packet you wish to send, and varies in length according to the packet type.

Please note that all packets are in Hexadecimal (base-16) notation, and therefore must be an even number of letters/numbers in length. For more information on using hex, search Google.com, there are many tutorials available on how to use it.

Information on different packets and their uses can be found on the Blizzhackers forums in a permanently stickied thread called "packet list" and several of the more common packets will be covered later in this tutorial.

2.4) What does the "receive" command do?

Packets are sent both ways whilst you are playing D2. Some of them are sent from you to the server, but some are also sent from the server to you.

You may be curious to find out what happens when you receive a particular packet, and to find this out, the receive command is used. It fools D2 into thinking that the packet came from the server.

The use of the function is exactly the same as the send command, and is:

.receive xxxxxxxx....

Where xx is the packet you wish to receive, and can vary in length. Again, the packet is in Hex, and the usual rules apply.

2.5) How do I find out what packet does what?

There are many different ways to do this.

The simplest way is to look in a packet list, such as the one on Blizzhackers, which lists most common packets and what they do.

If you want more detailed information, then you may need to sniff packets.

For sniffing packets, we use a sniffer module. Most people use either Sniffer or SnifferXP, it's a matter of personal choice, either functions well, but for this tutorial I am assuming you are using the basic Sniffer module.

To sniff packets with sniffer, there are two ways to go about it. You can either sniff for specific packets, or sniff for all packets.

To sniff for a specific packet, use the following method:

-Ensure D2hackit and sniffer module are loaded.
-Type ".sniffer show s xx" to show all packets sent with the ID xx
-Type ".sniffer show r xx" to show all packets received with the ID xx

When the packets are sent or received, you will see them shown at the top left of the screen.

Sometimes you will want to find a packet for an action, but wont know the ID. For this you can sniff all packets. To do this:

-Ensure sniffer/D2HAckit are loaded.
-Type ".sniffer load show-all"

All packets sent and received will now appear.

To disable it, type ".sniffer load default".

2.6) What's a BYTE/WORD/DWORD?

All of these refer to hexadecimal numbers of a specific length. The precise meaning of WORD and DWORD varies from platform to platform and processor to processor, but for the purposes of D2 hacking and available packet lists, the meanings are as follows:

BYTE = 8 bit binary number = 2 digit hex number

XX

eg 2F

WORD = 16 bit binary number = 4 digit hex number

XX XX

eg 2F 09

DWORD = 32 bit binary number = 8 digit hex number

XX XX XX XX

eg AB 2E FD 04

3) Using packets to do something.

Okay, so now you know what packets are, how to send them, receive them, and see them, so what can we actually do with them?

The examples I will give here are only basic ideas to show you how to go about using packets, and are in no way the be-all and end-all of packet techniques, but they will give you a place to start, so you can explore more fully on your own.

3.1) Getting IDs.

Everything in the Diablo-2 world has a unique id number. This is so the server can keep track of all the items, monsters, NPCs and players.

Most packet actions will require one or more IDs to function correctly. This may be an NPC ID, a player ID, an item ID, or one of many others.

Getting an ID is usually just a case of sniffing an interaction packet and looking in the right place.

To find an NPC ID:

-Sniff sent 13 packets (.sniffer show s 13)
-Click on an NPC.

You should get a packet that looks like this:

13xxxxxxxxyyyyyyyy

xxxxxxxx is the interaction type.
yyyyyyyy is the ID of the thing you're interacting with.

You can use this to get the IDs of other things too, like your stash, quest objectives, waypoints etc.

To find an Item ID:

-Put the item into your inventory.
-Sniff sent 19 packets (.sniffer show s 19)
-Pick up the item from your inventory.

You should get a packet like this:

19xxxxxxxx

xxxxxxxx is the ID of the item.

3.2) Picking up an item from your inventory.

This may sound like a simple task, but it will give us a little practice at using both the sniffer module, the bind module, and the send function in D2hackit.

We are now going to make it so that we can lift an item out of our inventory onto the pointer just by pressing a key.

-First make sure D2hackit, Sniffer, and bind are loaded.
-Sniff the ID of the item (as described above)
-Put the item back in your inv.
-Send the packet again. ( 19[Item ID] )

This should lift the item out of your inventory and place it on the cursor. But wouldnt it be great if we could do that just by pressing a key? Here's how:

-Put the item back into your inv again.
-Enter the command ".bind keycode" and then hit a key, this will give you a 2-digit number which is the keycode for that key, we will call that "xx" from now on.
-Enter the command ".bind set xx xx send 19yyyyyyyy" where xx is the keycode (yes, enter it twice) and yyyyyyy is the item code.
-Now, close your inventory and hit the key you just bound.

This should lift the item from your inventory without the screen being open at all.

You can bind any commands you like to any key you like using this method.

It's handy for sending packets in situations where typing is not allowed (imbue screen for example)

3.3) Selling an item with packets.

Now we've sussed out how to pick up an item from our inventory, let's see if we can tackle something a little more tricky. This time we will sell an item to an NPC using packets.

For this we will need both an NPC ID and an Item ID, so follow the steps above to find those.

For this exercise, we are going to be using the "Sell item" packet. This has the general format:

33[NPC ID][Item ID][DWORD][Cost]

-Get your NPC ID and Item ID ready, then get into the tradescreen with your chosen NPC.
-Make sure the item you are selling is in your inventory.
-Use the command ".send 33xxxxxxxxyyyyyyyy00000000zzzzzzzz" Where is x is the NPC ID, y is the item ID, and z is the cost (use any value you like, it wont make a difference).

Bingo, item is gone from your inv, and is sold to the NPC, using packets.

4) Afterword

This is only the first draft of this document. I will be adding more and more information and examples to it as I have the inspiration and time. If you would like to see a topic covered, or have a question that you think should be in here, then please feel to reply on this thread, email me, or send me a private message. All suggestions and feedback are welcome.

NO editing, maybe one of our best guides on the forum.

Note: this thread will be updated with every future DII Hacking guide, so check back frequently and any suggestions, errors you'd like to report, or guides you'd like to submit just PM me, or contact me via any other method.

Credits:
skidude
wm_hunter
Spitfire
Siris
eskimo
etanol

[/INDENT]