| Author | Message | Time |
|---|---|---|
| laurion | Okay. I need to know how to read packets (sry, excuse my newness). I need to know... a) where to find and identify the packet [ i.e. 0x05 ] b) how to find what is a dword, ntstring, etc. This is a sample log I have taken, and I would appreciate it if you could analyze it and break it down, and show me how to read it. 0000 FF 1C 5F 00 00 00 00 00 00 00 00 00 02 00 01 00 .._............. 0010 1F 00 00 00 00 00 00 00 70 62 6F 74 74 65 73 74 ........pbottest 0020 69 6E 67 32 30 30 33 00 00 2C 34 34 2C 31 34 2C ing2003..,44,14, 0030 36 2C 32 2C 32 2C 31 2C 36 32 30 65 33 63 31 33 6,2,2,1,620e3c13 0050 65 20 4C 6F 73 74 20 54 65 6D 70 6C 65 0D 00 e Lost Temple.. | May 12, 2003, 8:56 PM |
| Tuberload | http://www.valhallalegends.com/arta/bnetdocs/ You can easily find the answers to all your questions with just a little bit of effort on your part. | May 12, 2003, 9:01 PM |
| laurion | I don't see anything on reading packets... I don't want to know about BNET packets, I want to know how to read packets in general. | May 12, 2003, 9:05 PM |
| tA-Kane | [quote author=laurion link=board=17;threadid=1312;start=0#msg9782 date=1052773552]I don't want to know about BNET packets, I want to know how to read packets in general.[/quote]That's really beyond the scope of Battle.net Bot Development and should be asked in the General Programming forum. | May 12, 2003, 9:28 PM |
| iago | a DWORD is any 4 bytes beside each other a WORD is any 2 bytes a BYTE is .. a byte. a ntstring is any length of characters with a null (00) at the end That's the most basic, how to convert a dword to a decimal number is a little different, but I'll let somebody else answer that. | May 12, 2003, 11:17 PM |
| laurion | OK, how would I identify the packet ID? i.e. 0x26 Would this be 0x1C? I saw the FF 1C, just a guess. ALSO, Is there a program that will find the DWORDS, WORDS, NTSTRINGS, and all the other er uh 'things' :-p for me? I.e. it will analyze the data and say, "This is a DWORD", etc. | May 12, 2003, 11:56 PM |
| Noodlez | A program has no way of knowing what data type a packet is, unless of course it recognizes the packet. What is so hard about this? [code] 0000 FF 1C 5F 00 00 00 00 00 00 00 00 00 02 00 01 00 .._............. 0010 1F 00 00 00 00 00 00 00 70 62 6F 74 74 65 73 74 ........pbottest 0020 69 6E 67 32 30 30 33 00 00 2C 34 34 2C 31 34 2C ing2003..,44,14, 0030 36 2C 32 2C 32 2C 31 2C 36 32 30 65 33 63 31 33 6,2,2,1,620e3c13 0050 65 20 4C 6F 73 74 20 54 65 6D 70 6C 65 0D 00 e Lost Temple.. [/code] The BNet packet header is 0xFF PacketID(BYTE) Length(WORD)... which makes 0x1C the packet id, 0x5F00 the length, and everything after that the data. A DWORD is 4 bytes, following FF 1C 5F 00 there is a possible dword (4 bytes) [color=red]00 00 00 00[/color] which is displayed as [color=red]....[/color] in plain text format. | May 13, 2003, 1:14 AM |
| Camel | the first 4 bytes (FF 1C 5F 00) are the packet header 0xFF is always going to be the first byte in a BNCS packet 0x1C is the packet id 0x005F (in network order) is the packet length (including the packet header) you want to look at the packet length (in this case, 0x5F is 95 in decimal), and count up that number of bytes then, go to bnetdocs and look up s->c 0x1C split up the packet based on the types [code](Byte) FF (Byte) 1C (Word) 5F 00 (QWord) 00 00 00 00 00 00 00 00 (Word) 02 00 (Word) 01 00 (DWord) 1F 00 00 00 (DWord) 00 00 00 00 (NTString) 70 62 6F 74 74 65 73 74 69 6E 67 32 30 30 33 00 00 2C 34 34 2C 31 34 2C 36 2C 32 2C 32 2C 31 2C 36 32 30 65 33 63 31 33 65 20 4C 6F 73 74 20 54 65 6D 70 6C 65 0D 00[/code] | May 13, 2003, 1:23 AM |
| laurion | Thanks a lot for all your help! | May 13, 2003, 10:27 AM |
| Skywing | [quote author=Camel link=board=17;threadid=1312;start=0#msg9815 date=1052789000] 0x005F (in network order) is the packet length (including the packet header) [/quote]Every numerical value transmitted on the wire and not as a string representation of a number is little endian with the Battle.net protocol. | May 13, 2003, 12:28 PM |
| Camel | [quote author=Skywing link=board=17;threadid=1312;start=0#msg9853 date=1052828926] [quote author=Camel link=board=17;threadid=1312;start=0#msg9815 date=1052789000] 0x005F (in network order) is the packet length (including the packet header) [/quote]Every numerical value transmitted on the wire and not as a string representation of a number is little endian with the Battle.net protocol. [/quote] more specificly, in network order ;) | May 13, 2003, 12:57 PM |
| iago | Isn't network order Big Endian? Yes, this confirms it: [quote]network order is the only one in this collection which contains the additional initials "pp" network order is "big network order is backed by the petals network guarantee of satisfaction network order is big network order is 0 1 network order is %u\n network order is big endian page 17 network order is a list of attributes or value pairs set on the processes network order is submitted to the ddmgateway process to execute a network order policy network order is any order coming from a yahoo network order is big endian network order is little network order is host order network order is different on network order is the same as host order network order is > big endian without a formal proof network order is submitted network order is 13 episodes network order is in hand network order is assured network order is equivalent to big network order is different from intel's host byte order network order is sparc order network order is the same as sparc/motorola order network order is bigendian network order is used network order is based on an expansion of the familiar class of series network order is msb of each octet network order is important mostly when transmitting data over a network network order is be network order is always network order is always 296 network order is returned network order is relevant network order is big endian and intels aren't network order is seen in experiments with mus musculus network order is a pasted as "metricus can easy network order is discussed network order is msb of each octet first network order is for 260 units of equipment network order is always 00323 network order is msb of each byte first network order is used for network order is always * msb network order is big endian so we can use htonl to make sure big really is * big endian */ big = htonl network order is msb of each first[/quote] | May 13, 2003, 5:22 PM |
| Skywing | [quote author=Camel link=board=17;threadid=1312;start=0#msg9854 date=1052830654] more specificly, in network order ;) [/quote]No, network byte order is just the opposite (big endian). Using network byte order for the Battle.net protocol is exactly wrong. | May 13, 2003, 8:21 PM |
| Camel | [quote author=Skywing link=board=17;threadid=1312;start=0#msg9882 date=1052857306] [quote author=Camel link=board=17;threadid=1312;start=0#msg9854 date=1052830654] more specificly, in network order ;) [/quote]No, network byte order is just the opposite (big endian). Using network byte order for the Battle.net protocol is exactly wrong. [/quote] hrm STFU N00B! -.- | May 13, 2003, 8:51 PM |