Yup. I'm inserting two DWORDs and then a string. My packet buffer isn't down with that aparently.

Code to create packet:
[code]  function bnls_checkrevision($gameID, $mpq, $formula) {
  global $BV_VERHASH;
  global $BV_CHECKSUM;
  insert_int32(bnls_productID($gameID));
  insert_int32(extractMPQNum($mpq));
  insert_string($formula);
  bnls_send(return_bnls(0x09));
    output("Yellow", "[BNLS] Performing CheckRevision..");
    setbuffer(substr(bnls_recv(), 3));
    if(remove_int32() == 0) {
    output("Red", "[BNLS] CheckRevision failed");
    die();
    } else {
    $BV_VERHASH  = remove_int32();
    $BV_CHECKSUM = remove_int32();
    }
    buffer_clear();
  }[/code]

BNLS Send/Recieve:
[code]
  function bnls_send($data) {
  global $SCK_BNLS;
  global $CNFG_DEBUG;
  if($CNFG_DEBUG == "true") { output("Grey", "BNLS SEND: " . debugOutput($data)); }
  socket_write($SCK_BNLS, $data, strlen($data));
  }
  function bnls_recv() {
  global $SCK_BNLS;
  global $CNFG_DEBUG;
  $arysck = array($SCK_BNLS); socket_select($arysck, $a=NULL, $b=NULL, 1);
  $ret = socket_read($SCK_BNLS, 1024, PHP_BINARY_READ);
  if($CNFG_DEBUG == "true") { output("Grey", "BNLS RECV: " . debugOutput($ret)); }
  return $ret;
  }[/code]

Resulting packet:

[code]BNLS SEND:

4b 00 09 00 41 3d 32 31 35 33 35 33 34 30 37 20 K...A=215353407
42 3d 37 32 37 30 39 37 33 37 36 20 43 3d 38 30 B=727097376 C=80
30 33 37 33 32 38 33 20 34 20 41 3d 41 5e 53 20 0373283 4 A=A^S
42 3d 42 5e 43 20 43 3d 43 5e 41 20 41 3d 41 5e B=B^C C=C^A A=A^
42 00 02 00 00 00 00 00 00 00 00                B..........
Length: 75[/code]

It may be worth noting I'm having an abnormal bad-luck streak. I installed a faulty hard drive, broke a NIC, knocked several things off my desk, fried a microwave, and accidentally convinced a kid to grab a popcorn bucket from a garbage can and ask for a refill. No joke. =(.

Classic beginner's mistake, all solved in 3 minutes of debugging.

Change:

[code]
  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position);
    return $ret;
  }
[/code]

To:

[code]
  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position+1);
    return $ret;
  }
[/code]

edit: argh @ bold tags.

[quote author=dxoigmn link=topic=13558.msg140356#msg140356 date=1136339722]
Classic beginner's mistake, all solved in 3 minutes of debugging.

Change:

[code]
  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position+1);
    return $ret;
  }
[/code]

To:

[code]
  function remove_string() {
    global $buffer;
    $position = strpos($buffer, chr(0));
    $ret = substr($buffer, 0, $position);   
    $buffer = substr($buffer, $position+1);
    return $ret;
  }
[/code]

edit: argh @ bold tags.
[/quote]

Those 2 functions are exactly the same..?

EDIT:
lol after dling the source code i see what was changed. yeah in the remove_string:

[code]
$buffer = substr($buffer, $position);
[/code]

should be:

[code]
$buffer = substr($buffer, $position+1);
[/code]

The problem was an outgoing packet, though =/

Hehe whoops about the code samples. They're fixed now. Forgot to remove the +1 for the original example :P

[quote author=Joe link=topic=13558.msg140449#msg140449 date=1136380247]
The problem was an outgoing packet, though =/
[/quote]

Yeah but you were not removing stuff from the buffer, so the contents were left in the buffer, namely a null from the MPQ filename, and the rest of the equation string. Also, you're 2 DWORDs are being inserted, just at the end of the buffer. This fixed the problem, at least it worked for me.