Any idea on a practical way of developing a parser for these packets? Most of the time the packets do not come with a length value within them, and those that don't are normally a set length. The problem with that is, it seems like one would need to know the sizes of all definite existing packets before writing a suitable parser to handle packets that have no length specifiers in them.

Any ideas? *frustrated*

IIRC, that's the only way to do it. Easiest way is to setup a large table where each index corresponds to the packet id and the value at that index is the length of the packet or some special value (-1) if it is a packet that has a dynamic size.

Sigh, I suppose I could just keep parsing all the packets I can and grab their sizes. I'll post in the D2GS forum or BnetDocs forum regarding all the sizes I find, for the lazier of us. :P

[quote author=LivedKrad.fe link=topic=12188.msg120364#msg120364 date=1121192646]
Sigh, I suppose I could just keep parsing all the packets I can and grab their sizes. I'll post in the D2GS forum or BnetDocs forum regarding all the sizes I find, for the lazier of us. :P
[/quote]

Can always look at the disassembly. Someone posted the packet sizes for all packets a while back and I think they even posted the offset where they found them.

References:

https://davnit.net/bnet/vL/phpbbs/index.php?topic=7783.0
https://davnit.net/bnet/vL/phpbbs/index.php?topic=9752.0
https://davnit.net/bnet/vL/phpbbs/index.php?topic=10929.0

As I see in one of the posts,
[quote]For those of you interested in this look in D2Net.dll @ .data:6FC08148 PacketSizeTable.  It seems to be:


Code:
DWORD PacketSizeTable[] = { 0x1, 0x8, 0x1, 0xc, ... };

Where 0x1, would be length of packet 0x0, 0x8 is length of packet 0x1, and so on.[/quote]

Is there anywhere I can find a full copy of this table?
I don't know disassembly at all, just wondering.

Not sure if this link will help, but you never know till you try.

https://davnit.net/bnet/vL/phpbbs/index.php?topic=585.0

I'm looking at the following, don't know how to access the table he mentioned.
.data:6FC08148 dword_6FC08148  dd 1                    ; DATA XREF: D2Net_10030+38r

I'm using IDA 4.8

Any help? :)

[quote]Not sure if this link will help, but you never know till you try.

https://davnit.net/bnet/vL/phpbbs/index.php?topic=585.0[/quote]
I believe that's just for decompression.

I dont see why you think its so important to know all the packet lengh's, all you need to think of is a better method of data handling.
A debugger/dissembler is not needed, only a small bit of brain power.

This is a research project iv been working on, it only has 4 packets in its decompression parser:
[code]
[00:43:59] Creating Game Approoved!
[00:43:59] Join Game Approoved!
[00:43:59] Connected To D2GS!!
[00:43:59] Got D2GS Startup Packet
[00:43:59]  AE 01
[00:43:59] Sent Logon
[00:43:59] Got 2nd D2GS Startup Packet
[00:43:59]  02 5C
[00:43:59] Entering World..
[00:43:59] 0x59 We Are In View and are pid is FC A5 99 6E
[00:43:59] We are standing at X=5733 Y=5998
[00:43:59] Asigned Charsi to the map at X=5694 Y=5987
[00:43:59] Asigned a Act1 Waypoint to the map at X=5714 Y=5969
[00:43:59] Asigned a Stash to the map at X=5726 Y=5999
[00:43:59] Are merc is standing at X=5733 Y=5998
[00:43:59] Asigned Alkara to the map at X=5792 Y=5976
[00:43:59] Asigned Warriv to the map at X=5726 Y=6005
[00:43:59] Asigned Kashya to the map at X=5753 Y=6006
[00:43:59] Asigned Deckard Cain to the map at X=5743 Y=6015
[/code]

And the packets that do have fixed legnhs are soo easy to spot.
Its the ones with out lenghs that maybe a problem.

Well, I maybe found what he was talking about...

[code]1, 3 dup(0)
8, 3 dup(0)
1, 3 dup(0)
Ch, 3 dup(0) ;0

1, 3 dup(0)
1, 3 dup(0)
1, 3 dup(0)
6, 3 dup(0)  ;16

6, 3 dup(0)
0Bh, 3 dup(0)
6, 3 dup(0)
6, 3 dup(0)  ;32

9, 3 dup(0)
0Dh, 3 dup(0)
0Ch, 3 dup(0)
10h, 3 dup(0) ;48

10h, 3 dup(0)
8, 3 dup(0)
1Ah, 3 dup(0)
0Eh, 3 dup(0) ;64

12h, 3 dup(0)
0Bh, 3 dup(0)
4 dup(0FFh)
4 dup(0)      ;80

0Fh, 3 dup(0)
2, 3 dup(0)
2, 3 dup(0)
3, 3 dup(0)   ;96

5, 3 dup(0)
3, 3 dup(0)
4, 3 dup(0)
6, 3 dup(0)   ;112

0Ah, 3 dup(0)
0Ch, 3 dup(0)
0Ch, 3 dup(0)
0Dh, 3 dup(0) ;128

5Ah, 3 dup(0)
5Ah, 3 dup(0)
4 dup(0FFh)
28h, 3 dup(0) ;144

67h, 3 dup(0)
61h, 3 dup(0)
0Fh, 3 dup(0)
8, 47h dup(0) ;160

4 dup(0FFh)
8, 3 dup(0)
0Dh, 7 dup(0)
6, 0Bh dup(0) ;248

0Dh, 7 dup(0)
0Bh, 3 dup(0)
0Bh, 0Fh dup(0)
10h, 3 dup(0) ;276

11h, 3 dup(0)
7, 3 dup(0)
1, 3 dup(0)
0Fh, 3 dup(0) ;305

0Eh, 3 dup(0)
2Ah, 3 dup(0)
0Ah, 3 dup(0) ;321

3, 0Bh dup(0)
0Eh, 3 dup(0)
7, 3 dup(0)
1Ah, 3 dup(0) ;336

28h, 3 dup(0)
4 dup(0FFh)
5, 3 dup(0)
6, 3 dup(0)   ;360

26h, 3 dup(0)
5, 3 dup(0)
7, 3 dup(0)
2, 3 dup(0)   ;376

7, 3 dup(0)
15h, 7 dup(0)
7, 3 dup(0)
7, 3 dup(0)   ;392

10h, 3 dup(0)
15h, 3 dup(0)
0Ch, 3 dup(0)
0Ch, 3 dup(0) ;412

10h, 3 dup(0)
10h, 3 dup(0)
0Ah, 3 dup(0)
1, 3 dup(0)   ;428

1, 3 dup(0)
1, 3 dup(0)
1, 3 dup(0)
1, 3 dup(0)   ;444

20h, 3 dup(0)
0Ah, 3 dup(0)
0Dh, 3 dup(0)
6, 3 dup(0)   ;460

2, 3 dup(0)
15h, 3 dup(0)
6, 3 dup(0)
0Dh, 3 dup(0) ;476

8, 3 dup(0)
6, 3 dup(0)
12h, 3 dup(0)
5, 3 dup(0)   ;492

0Ah, 7 dup(0)
14h, 3 dup(0)
1Dh, 1Bh dup(0)
2, 3 dup(0)   ;508

6, 3 dup(0)
6, 3 dup(0)
0Bh, 3 dup(0)
7, 3 dup(0)   ;552

0Ah, 3 dup(0)
21h, 3 dup(0)
0D, 3 dup(0)
1Ah, 3 dup(0) ;568

6, 3 dup(0)
8, 3 dup(0)
4 dup(0FFh)
0Dh, 3 dup(0) ;584

9, 3 dup(0)
1, 3 dup(0)
7, 3 dup(0)
10h, 3 dup(0) ;600

11h, 3 dup(0)
7, 3 dup(0)
8 dup(0FFh)
7, 3 dup(0)   ;616

8, 3 dup(0)
0Ah, 3 dup(0)
7, 3 dup(0)
8, 3 dup(0)   ;636

18h, 3 dup(0)
3, 3 dup(0)
8, 3 dup(0)
4 dup(0FFh)   ;652

7, 3 dup(0)
4 dup(0FFh)
7, 3 dup(0)
4 dup(0FFh)   ;668

7, 3 dup(0)
4 dup(0FFh)
9, 3 dup(0)
4 dup(0FFh)   ;684

1, 7 dup(0)
35h, 3 dup(0)
4 dup(0FFh)
5, 3 dup(0)   ;700[/code]

As seen in the first chunk..
1, 8, 1, C

Is this what he was talking about?

*Edit*: If this is correct, I guess there's 175 packets total. Looking at the numbers ";0 ;16; ;32", it looks as if it counts each part by 4. (Once again, I know nothing about dissasembly, please correct me if i'm wrong)

I didnt mean to be nasty by my reply, im just pointing out that even if you knew all the fixed lengh packets (witch isnt much more than iv documented already) it wont help you much, and looking in a dll file is not going to teach you anything when it comes to problem solving :(
Im presuming you guys are having problems with the join data?

It's nothing to do with the join data.
Everytime I try to get something done an unknown packet pops up, blocking the wanted packets from coming in.
Everytime I research a unknown packet it ends up having like 5 more unknowns after it.

Either my parsing sucks, or there's just so many packets (175) to try and guess how long they are/what they do.

hm, im guessing you mean when you change sections.
Could you post a log?

[edit]
When you say get things done, what do you mean?

I would assume it is your parsing, cause every packet that comes in is easily identified against the data that I put together, or the data that Ringo was gracious enough to put together and with help from others and exsisting data already available. Are you making sure that you are only parsing incoming game packets, or are you getting a jumbled mess from ingame and out of game packets to?

D2GS sometimes don't have a byte assigned to the packet for how long it is.
This is why in your parser, you must have it loop back through the parser, with it's determined length.

I'm having problems where when I try to get a certain packet (like for example: a player leaving), unknown packets arrive. When I research one of these unknown packet, I parse it, then another one comes. This happens for a while, and takes a lot of research, to get past all the unknowns.

Instead of researching every single one of the 180 packets, I'm using this address UserLoser found in D2Net.dll. I found out what he's talking about.. (in a different format than what I posted), and I put it together inside of Visual Basic.

I'm about to try out this, I'll post my results here :-p.

You're welcome, Elneroth. :P

Yes, TY for fixing what format I had it in :-p

Lookin good!
[code][10:35:25 PM] 51
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] E
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] 51
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] E
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] 51
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] E
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] AC[/code]

[quote author=Elneroth link=topic=12188.msg120441#msg120441 date=1121222075]
Lookin good!
[code][10:35:25 PM] 51
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] E
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] 51
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] E
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] 51
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] E
[10:35:25 PM] Unknown Found!, But reparsing it!!! :)
[10:35:25 PM] AC[/code]
[/quote]

Your having problems with them packets?

[edit]
[https://davnit.net/bnet/vL/phpbbs/index.php?topic=11756.msg120454#msg120454

No, it just looks like they arrive more than once, but in a clump.
When I find an unknown, it get's the length of the packet determined by lengths I took from the .dll.
It cuts that packet's length out of the data and reparses it.
Took mee and krad forever to make up arrays for these lengths.   :D

I plan on researching unknowns still though. It'll be much easier now. I'll post the research I find.

*Edit*: Thanks for the packet information :)

ok cool, well i posted what they mean anyways ;)

[quote author=Ringo link=topic=12188.msg120446#msg120446 date=1121223074]
ok cool, well i posted what they mean anyways ;)
[/quote]

Heh, you got all the packets parsed?

My bots been round the world and back and hasnt seen unknowns for days, im getting tired of it :(

Nice Ringo, must have taken so long to research all of that :-p.

Once I get all the packet I have right now organized, I'll start researching unknowns, but it will be quite more easier now since that I have the packet length for every single packet there is. All 180 of them :).

It tolk time to start with, but once u get into the swing of how packets were sent to d2 clients, its like reading the news paper.
The highest packet i have is 0xB3

[size=6]0xB3[/size]
D2GS_OMGFFS
[color=yellow]
B3 06 00 00 00
(DWORD) IP BAN! - 0x06
[/color]
:o

[quote author=Elneroth link=topic=12188.msg120449#msg120449 date=1121223953]
Nice Ringo, must have taken so long to research all of that :-p.

Once I get all the packet I have right now organized, I'll start researching unknowns, but it will be quite more easier now since that I have the packet length for every single packet there is. All 180 of them :).
[/quote]

what about posting them :D :D :D.

Here they are.

*EDIT*: List moved to: https://davnit.net/bnet/vL/phpbbs/index.php?topic=12195.0

Undefined means that it has a variable size, meaning it has a size byte within the packet.

*Edit*: This is all thanks to UserLoser for posting that D2Net.dll address before. TY UserLoser
I would never have found it without that address.

That looks about right.  In a table the undefined should be set as -1, that way it tells your handler to look for a variable packet length

LOL, removed the Visual Basic code for no copy + paste? ^^ ;)

lol, yes.