Diablo 2 Hex Editing Tutorial

Warning!!
These files are for Diablo II LOD Version 1.09 only

Hi this is for those who want to learn some basic hexing

HEX EDIT TUTORIAL
By NightShiver

Editors you will need for this project Jamella , Winhex and ericjwins Single charm maker (not the 6 skills ver).
Firstly you need to get a hex editor there are many good editors available but for the purpose of this tutorial
we will use WinHex available trough most search engines. Win Hex is free another good thing about it.
Winhex ver 10.3 can be downloaded from this site http://www.sf-soft.de/winhex/index-m.html
Win hex comes with its own set-up program

HEX CODES
What is Hex …Well hex is a 16 based number system we normally count in Decimal a 10 based system 0,1,2,3,4,5,6,7,8,9
Well hex is similar except with letters 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f,10,11,12,13,14,15,16,17,18,19,1a,1b,1c,1d,1e,1f,20

So in comparing decimal and hex we see 10 in decimal = a in hex, 11=b, 12=c and ff=255
Easy so far………..

QUESTION ONE
What does hex value 17 = …in decimal
What is the hex value for decimal 36

FIRST PROJECT
The first Project we will try is altering the skills on a charge charm. You will need to make a charm with ericjwins charm maker Single charm version………
Make a charm with skill charge 6 magic arrow and open in Jamella
Next you need to open winhex and locate the charm you have made ……Open in Win Hex…..
You will now see 3 columns and 2 rows in the far left column are the addresses this tell the program where things are located they start at offset 0 and goto offset 28.
you can see the offset number at the bottom of the editor as you click on a particular address it will also show you the decimal value of that address

Go to offset 24 it should say 03 this is the hex value and = magic arrow
Change the value to 04 save file what happens … to check load in Jamella you will see it has changed to inner sight
There is a huge range of skills available all can be made by the charm maker but this is a brief intro into a process we will use in a later project to find addresses.

Bits, Bytes, nibbles, characters. A quick review....
A byte is the standard unit of measurement of computer memory. e.g. most folks have at least 64 megabytes of random access memory (RAM). thats 64 million bytes.
One byte is roughly equivalent to one character, e.g. the word "character" has 9 characters and would take 9 bytes of memory to store.
A byte consists of 8 bits. A bit is a binary digit and can contain only the values 1 or 0. two bits can contain any number from 0 to 3.... and so on.
So 8 bits can store up to 2 multiplied by itself 8 times (minus 1). 2 to the 8th power is 256,
so 8 bits can store any number from 0 to 255, 9 bits can store any number from 0 to 511.
A nibble is half a byte, 4 bits, or one HEX digit.

Converting Hex to decimal
Multiply the first hex digit by 16 and add the second. e.g. 2C = 2*16 + 12 = 44, 5F = 5*16 + 15 = 95, 1B = 1*16 + 11 = 27

Diablo II makes extensive use of bit fields. Bit fields can be any length and are padded with zeroes to complete an exact number of bytes.
for example Skills charms. 4 fields are required: Skill number, Level, charges, out of charges. The skill number has a value from 0 to 511,
the level has a value from 0 to 31, the charges both have values 0 to 255.
So, the skill number is a 9 bit field, the level is a 5 bit field and the charges are both 8 bit fields (or whole bytes). So the Skill charm settings is a total of 30 bits, the value is padded with 2 zeroes to make a total of 32 bits or exactly 4 bytes.

Well, if you can change values in specific locations and create charms from scratch, you're pretty much past the tutorial stage.

How about setting your level in hex?
First you need to find it, cause the address is variable. Convert your level to hex, open your d2s file and find the location.
Don't forget hex values are entered in reverse. e.g. if your level is 99,999 the hex is 01 86 9F, so you have to search for 9F 86 01.

Want a tough one? Try to change a skill on a charge charm. These are bit fields, so MUCH harder to find. Hint, make two identical charms except for one value.
P.S. You may find the D2DataDump.zip program usefull for this one.
Dumps all Character files and/or all Item files to .csv files
Creates one .csv file for each Character file, and gives Decimal location and value in Hex, Decimal, and ASCII
Creates one .csv file for all Item files, and gives the bit values for each location.

Damage Reduce % -- Hex tutorial -- bit fields
Create a new charm by typing the following
4A4D 1000 8000 6400 2A32 D616 0302 07F5 80A8 C000 24FE FFFF
This gives you dmg red 255%... Why???
Where is the code for FF (255)...

This is an example of an 8 bit field spread accross two bytes.
If you recall, hex codes... and numbers are written backwards.
So... the 255 is embedded in bytes 21 & 22 FE FF
The first (high order) bit is the LAST bit of FF (byte 22)
the other 7 bits are the FIRST 7 bits of FE (byte 21)
FE FF is 11111110 11111111 in binary

Lets say you want DR of 56%
56 is 0x38 which is 00111000 in binary
So the high order bit is (the one on the left) 0
So we need to change 11111111 to 11111110
In other words the FF we change to FE
The other 7 bits 0111000 go at the beginning of byte 21
so byte 21 (FE) becomes 0111000(0) we MUST pick up the existing 0 at the end.
and 01110000 is 70 hex
so for 56% DR we need to replace the 24FE FFFF with 2470 FEFF

The Hex Editor Thanks to icpdogg
Let’s get down to business. Open the file you want to edit in the hex editor and you will see a large array of numbers staring back at you. most hex editors will have the same setup and it will look somewhat like this:

00000010: 4D5A 0000 0000 0000 0000 0000 0000 0000 MZ.............
00000020: 0000 0000 0000 0000 0000 0000 0000 0000 ...............
00000030: 0000 4361 7074 6169 6E00 0000 0000 0000 ..Captain......
00000040: 0000 0064 0000 0000 0000 0000 0000 0000 ...d...........
** 1 *** ***************** 2 ******************* ****** 3 ******
1 The first column shows the position or "offset" of a particular line of code. The larger the file the more digits in the offset.
2 The second column shows the hex code in your file. This would be the column you will want to change things in.
3 The last columns should be the most familiar: It shows the entire code in plain text.

This is of course only an example of what you can encounter. It is not uncommon to see the entire hex-column show weird looking codes. (all in hex though).

General and Precise Offsets
The third column has been left out here because it has no relevance to the following explanation.
00858A10: 1100 2200 3300 4400 5500 6600 7700 8800
00858A20: 0011 0022 0033 0044 0055 0066 0077 0088
As you can see the offset is 8 digits long and there are 8 blocks of 4 digits to the right of the offset. This is called a line of code. You will notice looking at the offsets that the offset of the second line of code is 10 "higher" than the previous line. Every 2 digits in a block have been given their own offset value.
0000000X: AABB CCDD EEFF GGHH IIJJ KKLL MMNN OOPP
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F
In a general offset the last digit (the is always 0. In a precise offset the X is either 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, or F. A precise offset refers not only to a single line of code (which is all that a general offset refers to), but also one of the 16 two digit blocks in the line of code. So 00000002 would refer to CC. You could also say that CCDD starts at precise offset 00000002. Likewise, EEFF would start at precise offset 00000004. Precise offsets are important because they are used to indicate which block or blocks in a line of code you need to edit. So if a hex cheat told you find offset 00000006 then enter 6400, this is what you would do:
00000000: AABB CCDD EEFF GGHH IIJJ KKLL MMNN OOPP - Before
00000000: AABB CCDD EEFF 6400 IIJJ KKLL MMNN OOPP - After
In Hex Workshop you will notice the precise offset value in the bottom right hand corner, left of the value indicator.
well i hope this help any one