Battle.net Bot Development | storm.dll ordinals?

Author	Message	Time
BreW	Does anyone know how or where to get an updated list of storm exported function names and their ordinals? The one he posted a while back is lacking 493 among others. I tried to find it myself, but I am unable to locate the exports section, or maybe I did, but it's compressed: [quote] PKWARE Data Compression Library for Win32 Copyright 1989-1995 PKWARE Inc. All Rights Reserved Patent No. 5,051,745 PKWARE Data Compression Library Reg. U.S. Pat. and Tm. Off. [/quote]	December 4, 2007, 12:39 AM
dlStevens	[code] note - these are all __stdcall unless otherwise noted 102 SNetDestroy() 117 SNetInitializePRovider() 119 SNetLeaveGame() 120 SNetPerformUpgrade(int) 122 SNetReceiveTurns(void ,int,int,int,int); 123 SNetRegisterEventHandler() 132 int __fastcall 0CDebugSCritSect(LPCRITICAL_SECTION lpCriticalSection) 141 __thiscall CDebugSRWLock::CDebugSRWLock(void) 142 __thiscall CSRWLock::CSRWLock(void) 143 __thiscall SCritSect::SCritSect(void) 144 __thiscall SEvent::SEvent(BOOL bManualReset,BOOL bInitialState) 145 __thiscall SSyncObject::SSyncObject(void) 146 __thiscall CDebugSCritSect::~CDebugSCritSect(void) 147 __thiscall CDebugSRWLock::~CDebugSRWLock(void) 148 __thiscall CSRWLock::~CSRWLock(void) 149 __thiscall SCritSect::~SCritSect(void) 152 __thiscall SSyncObject::~SSyncObject(void) 153 SFile::Close(SFile ) 154 int __fastcall SThread::Create(unsigned int (__stdcall )(void ),void ,class SThread &,char ) 155 SFile::CreateOverlapped(SOVERLAPPED ) 156 SFile::DestroyOverlapped(OVERLAPPED ) 157 SFile::EnableHash(bool) 158 void __thiscall CDebugSCritSect::Enter(char const ,unsigned long) 159 void __thiscall CDebugSRWLock::Enter(int,char const ,unsigned long) 160 void __thiscall CSRWLock::Enter(int) 161 int SCritSect::enter(void) 162 SFile::FileExists(char const ) 163 SFile::GetActualFileName(SFile ,char ,unsigned long) 164 SFile::GetBasePath(char ,unsigned long) 165 SFile::GetFileSize(SFile ,unsigned long) 166 void __thiscall CDebugSCritSect::Leave(char const ,unsigned long) 167 void __thiscall CDebugSRWLock::Leave(int,char const ,unsigned long) 168 void __thiscall CSRWLock::Leave(int) 169 int SCritSect::leave(void) 170 SFile::Load(SArchive ,char const ,void *,unsigned long ,unsigned long,unsigned long,SOVERLAPPED ) 171 SFile::LoadFile(char const ,void *,unsigned long ,unsigned long, SOVERLAPPED ) 172 SFile::Open(char const ,SFile *) 173 SFile::PollOverlapped(SOVERLAPPED ) 174 SFile::Read(class SFile ,void ,unsigned long,unsigned long ,struct SOVERLAPPED ,struct _TASYNCPARAMBLOCK ) 175 int __thiscall SEvent::Reset(void) 176 SFile::ResetOverlapped(SOVERLAPPED ) 177 int __fastcall SCreateThread(unsigned int (__stdcall )(void),void,unsigned int,void,char); 188 int __thiscall SEvent::Set(void) 189 SFile::SetBasePath(char const ) 190 SFile::SetFilePointer(SFile ,long,long,unsigned long) 191 SFile::Unload(void ) 193 int __stdcall WaitMultiplePtr(BOOL bWaitAll,DWORD dwMilliseconds) 194 SFile::WaitOverlapped(struct SOVERLAPPED )192 int __stdcall Wait(DWORD dwMilliseconds) 251 SFileAuthenticateArchive(int,int) 252 SFileCloseArchive(HANDLE hArchive) 253 SFileCloseFile(HANDLE hFile) 262 SFileDestroy() 264 SFileGetFileArchive(HANDLE hFile,int) 265 SFileGetFileSize(HANDLE hFile, int fileSizeHigh) 266 SFileOpenArchive(char name, int flags, int, HANDLE hArchive) 267 SFileOpenFile(int,int) 268 SFileOpenFileEx(HANDLE hArchive, char fileName, int, HANDLE hFile) 269 SFileReadFile(HANDLE hFile, void buffer, int toRead, int read, int) 270 SFileSetBasePath(int) 271 SFileSetFilePointer(HANDLE hFile, int filePos, int filePosHigh, int method) 272 SFileSetLocale(__int16) 273 SFileGetBasePath(int,int) 275 SFileGetArchiveName(int,int,int) 276 SFileGetFileName(int,int,int) 299 SFileAuthenticateArchiveEx(int,int,int,LONG lDistanceToMove,int,DWORD NumberOfBytesRead) 301 StormDestroy 321 SBmpDecodeImage 323 SBmpLoadImage(int,int,int,int,int,int,int) 324 SBmpSaveImageSBmpSaveImage(int,int,int,int,int,int) 325 SBmpAllocLoadImage(char filename,int,int,int,int,int,int,int) 326 SBmpSaveImageEx(char str,int,int,int,DWORD NumberOfBytesWritten,int,LPCVOID lpBuffer) 331 SCodeCompile(char src,int,int,int,int,int) 332 SCodeDelete() 335 SCodeGetPseudocode(int,int,int) 341 SDrawVidDriverInitialize() 342 SDrawCaptureScreen(char path); 343 SDrawShowCursor (?) 344 SDrawDestroy() 372 SEvtDispatch() 373 SEvtRegisterHandler() 375 SEvtUnregisterType 382 SGdi1 383 SGdi2 392 SGdi4 401 void __stdcall SMemAlloc(int amount,char filename,int line,int defaultValue) 403 SMemFree(int,int,int,int) 404 SMemGetSize() 405 SMemReAlloc(int,int,int,int,int); 421 int SRegLoadData(HKEY hKey,LPCSTR lpValueName,HKEY phkResult,LPBYTE lpData,int,DWORD Type); 423 int SRegQueryValue(char key,char value,BYTE flags,char result) 434 STrans1 436 STrans2 437 STrans4 438 STrans3 439 STransLoadI(int,int,int,int); 440 STrans7 443 STrans5 447 STransLoadE(int,int,int,int); 451 SVidDestroy 453 SVidInitialize 454 SVidPlayBegin 455 SVidPlayBeginFromMemory 456 SVidPlayContinue 457 SVidPlayContinueSingle 461 SErrDisplayError(int,int,DWORD ExitCode,int,int,UINT uExitCode) 462 SErrGetErrorStr 463 SErrGetLastError 465 SErrSetLastError(DWORD dwErrCode) 475 ? - ProcessToken 481 SMemFindNextBlock() 482 SMemFindNextHeap() 483 SMemGetHeapByCaller() 484 SMemGetHeapByPtr() 485 SMemHeapAlloc() 486 SMemHeapCreate() 487 SMemHeapDestroy() 488 SMemHeapFree() 489 SMemHeapRealloc() 490 SMemHeapSize() 491 int SMemCpy(void dest, void src, int count) 494 int SMemZero(void buf, int count) 497 SMemDumpState() 501 int SStrNCpy(char dst, char src, int count) 502 DWORD SStrHash(LPCSTR String, BOOLEAN IsFilename, DWORD Seed) 501 int SStrNCat(char base, char new, int max_length); 508 int SStrCmp(char str1,char str2,size_t size); 509 int SStrCmpI(char str1,char str2,size_t size);510 int SStrUpr(char str) Note - 569,571 and 570,572 are the same functions 569 char __fastcall SStrChr(char str,char c); 570 char __fastcall SStrChrR(const char str,char c); 571 char __stdcall SStrChr(char str,char c); 572 char __fastcall SStrChrR(const char str,char c); 578 SStrPrintf(char str, size_t size, const char format, ...); 579 SStrLwr(char str) 548 Add to log file (not sure about official name) 601 SBigAdd(int,int,int) 602 SBigAnd(int,int,int) 603 SBigCompare(BigBuffer buf1,BigBuffer buf2) 604 SBigCopy(int,int) 605 SBigDec(int,int) 606 SBigDel(BigBuffer buf) 607 SBigDiv(int,int,int) 608 SBigFindPrime(int,int,int,int) 609 SBigFromBinary(BigBuffer ,const void str,unsigned int num) 610 SBigFromStr(int,int) 611 SBigFromStream(int,int,int,int) 612 SBigFromUnsigned(BigBuffer buf,unsigned int value) 613 SBigGcd(int,int,int) 614 SBigInc(int,int) 615 SBigInvMod(int,int,int) 616 SBigIsEven(BigBuffer buf) 617 SBigIsOdd(BigBuffer buf) 618 SBigIsOne(BigBuffer buf) 619 SBigIsPrime(BigBuffer buf) 620 SBigIsZero(BigBuffer buf) 621 SBigMod(int,int,int) 622 SBigMul(int,int,int) 623 SBigMulMod(int,int,int,int) 624 SBigNew(BigBuffer Buffer) 625 SBigNot(int,int) 626 SBigOr(int,int,int) 627 SBigPow(int,int,int) 628 SBigPowMod(int,int,int,int) 629 SBigRand(int,int,int) 630 SBigSet2Exp(int,int) 631 SBigSetOne(BigBuffer buf) 632 SBigSetZero(BigBuffer buf) 633 SBigShl(int,int,int) 634 SBigShr(int,int,int) 635 SBigSquare(int,int) 636 SBigSub(int,int,int) 637 SBigToBinaryArray(int,int,int) 638 SBigToBinaryBuffer(int,int,int,int) 639 SBigToBinaryPtr(int,int,int) 640 SBigToStrArray(int,int) 641 SBigToStrBuffer(int,char dst,int count) 642 SBigToStrPtr(int,int) 643 SBigToStreamArray(int,int,int) 644 SBigToStreamBuffer(int,int,int,int) 645 SBigToStreamPtr(int,int,int) 646 SBigToUnsigned(int,int) 647 SBigXor(int,int,int) 649 SSignatureVerifyStream_Begin(int) 648 SSignatureVerify(int,int,int,int) 650 SSignatureVerifyStream_ProvideData(int) 651 SSignatureVerifyStream_Finish(int) 652 SSignatureGenerate(int,int,int,int,int,int) 653 SSignatureVerifyStream_GetSignatureLength() [/code] Thanks goes to iago, not myself.	December 4, 2007, 1:31 AM
BreW	[quote author=brew link=topic=17204.msg175208#msg175208 date=1196728787] The one posted a while back is lacking 493 among others [/quote]	December 4, 2007, 2:07 AM
dlStevens	That's lacking 493 of them?	December 4, 2007, 3:00 AM
Barabajagal	Ordinal #493, entry point 0x00022410.	December 4, 2007, 3:15 AM
warz	The question is... are the rest significant?	December 4, 2007, 7:32 AM
iago	As far as I know, my list (http://www.javaop.com/~ron/documents/Storm.txt) is the most complete one that's ever been posted. If you need others, ask me about my consultancy fees. ;)	December 4, 2007, 2:58 PM
Barabajagal	Just wondering, but what's all the SBig stuff about?	December 4, 2007, 8:38 PM
BreW	[quote author=Andy link=topic=17204.msg175236#msg175236 date=1196800713] Just wondering, but what's all the SBig stuff about? [/quote] Probably BigInteger arithmetic operations for something that requires big integers. (nls) iago: What method did you use to find them in the first place? and what are the consultancy fees that you speak of?	December 4, 2007, 9:04 PM
Barabajagal	why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?	December 4, 2007, 9:33 PM
BreW	[quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037] why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data? [/quote] probably. My guess is that they'd be actually int pointers. I'm still not sure about #493, but i think i have a good idea of what it does: [code] 19019DFA 85C0 TEST EAX,EAX 19019DFC 76 24 JBE SHORT battle.19019E22 19019DFE 3BF8 CMP EDI,EAX 19019E00 76 11 JBE SHORT battle.19019E13 19019E02 8BD7 MOV EDX,EDI edi = globaldwordarray[5] 19019E04 2BD0 SUB EDX,EAX 19019E06 52 PUSH EDX 19019E07 03C6 ADD EAX,ESI 19019E09 50 PUSH EAX 19019E0A 56 PUSH ESI 19019E0B E8 629EFEFF CALL <JMP.&storm.#493> 19019E10 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] //notice how eax isn't very important here 19019E13 2BF8 SUB EDI,EAX //subtract the base addr of the warden crap ptr from edi, probably another length 19019E15 A1 18640419 MOV EAX,DWORD PTR DS:[19046418] // that one global that points to a base address for the interesting dword array [/code] [code] .... if (eax) { if (edi >= eax) { storm493(esi, esi + eax, edx - eax); eax = wardendataptr; edi -= eax; } } .... [/code] esi is the dest. esi + eax is the source. edx - eax is the length. it looks like it's a memmove, because it's copying over the lower memory address from a higher one (they look close), and to guarentee no corruption, it MUST be a memmove. so this should be added to that ordinal listing: 493 int SMemMove(void dest, void src, int count)	December 4, 2007, 10:36 PM
iago	[quote author=brew link=topic=17204.msg175239#msg175239 date=1196802271] [quote author=Andy link=topic=17204.msg175236#msg175236 date=1196800713] Just wondering, but what's all the SBig stuff about? [/quote] Probably BigInteger arithmetic operations for something that requires big integers. (nls) iago: What method did you use to find them in the first place? and what are the consultancy fees that you speak of? [/quote] Depends. In some cases I reverse engineered them, and in others I compared the normal storm.dll to the mac storm.dll (which has names), and found which functions call which other functions, and sometimes which functions do the same thing. You can figure out quite a lot from just those simple things without barely knowing assembly. But I think I got all the easy ones like that. :) [quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037] why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data? [/quote] int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.	December 5, 2007, 1:36 AM
Barabajagal	[quote author=iago link=topic=17204.msg175260#msg175260 date=1196818593] [quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037] why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data? [/quote] int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like. [/quote]Ya, Blake said they were most likely pointers. Maybe if I care enough some day, I'll add NLS handling to my little hashing DLL using Storm for BigInt.	December 5, 2007, 2:14 AM
iago	[quote author=Andy link=topic=17204.msg175263#msg175263 date=1196820891] [quote author=iago link=topic=17204.msg175260#msg175260 date=1196818593] [quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037] why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data? [/quote] int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like. [/quote]Ya, Blake said they were most likely pointers. Maybe if I care enough some day, I'll add NLS handling to my little hashing DLL using Storm for BigInt. [/quote] I don't recommend using storm.dll for bigint stuff, it isn't the best library. There are several free ones if you look.	December 5, 2007, 2:40 AM
Barabajagal	The point would be that the user already has storm.dll...	December 5, 2007, 3:11 AM
iago	I don't have storm.dll installed anywhere on my machine. Though I suppose if you're using it for a hash file, that's possible, but if you're distributing storm.dll then you're already walking the line between legal and illegal use, calling functions might make that problem worse. Wouldn't it make more sense to link in a library, then you don't have to worry? Or even to install a binary library along with your program?	December 5, 2007, 5:09 PM
warz	I pray for the day to come, when Andy cares enough to implement storm stuff into his whatever dll. ::)	December 5, 2007, 6:36 PM
Barabajagal	Ow. Your sarcasm has caused great damage to my feelings. I will forever hang my head in shame. iago, storm.dll is required for Warcraft 3 local hashing, and my dll is used as part of local hashing. Therefore, it would only make logical sense to use the tools that must already exist to get a job done.	December 5, 2007, 8:29 PM

Author

Message

Time

BreW

Does anyone know how or where to get an updated list of storm exported function names and their ordinals? The one he posted a while back is lacking 493 among others. I tried to find it myself, but I am unable to locate the exports section, or maybe I did, but it's compressed:
[quote]
PKWARE Data Compression Library for Win32
Copyright 1989-1995 PKWARE Inc. All Rights Reserved
Patent No. 5,051,745
PKWARE Data Compression Library Reg. U.S. Pat. and Tm. Off.
[/quote]

December 4, 2007, 12:39 AM

dlStevens

[code]
**note - these are all __stdcall unless otherwise noted

102 SNetDestroy()
117 SNetInitializePRovider()
119 SNetLeaveGame()
120 SNetPerformUpgrade(int)
122 SNetReceiveTurns(void **,int,int,int,int);
123 SNetRegisterEventHandler()

132 int __fastcall 0CDebugSCritSect(LPCRITICAL_SECTION lpCriticalSection)
141 __thiscall CDebugSRWLock::CDebugSRWLock(void)
142 __thiscall CSRWLock::CSRWLock(void)
143 __thiscall SCritSect::SCritSect(void)
144 __thiscall SEvent::SEvent(BOOL bManualReset,BOOL bInitialState)
145 __thiscall SSyncObject::SSyncObject(void)
146 __thiscall CDebugSCritSect::~CDebugSCritSect(void)
147 __thiscall CDebugSRWLock::~CDebugSRWLock(void)
148 __thiscall CSRWLock::~CSRWLock(void)
149 __thiscall SCritSect::~SCritSect(void)
152 __thiscall SSyncObject::~SSyncObject(void)
153 SFile::Close(SFile *)
154 int __fastcall SThread::Create(unsigned int (__stdcall *)(void *),void *,class SThread &,char *)
155 SFile::CreateOverlapped(SOVERLAPPED *)
156 SFile::DestroyOverlapped(OVERLAPPED *)
157 SFile::EnableHash(bool)
158 void __thiscall CDebugSCritSect::Enter(char const *,unsigned long)
159 void __thiscall CDebugSRWLock::Enter(int,char const *,unsigned long)
160 void __thiscall CSRWLock::Enter(int)
161 int SCritSect::enter(void)
162 SFile::FileExists(char const *)
163 SFile::GetActualFileName(SFile *,char *,unsigned long)
164 SFile::GetBasePath(char *,unsigned long)
165 SFile::GetFileSize(SFile *,unsigned long)
166 void __thiscall CDebugSCritSect::Leave(char const *,unsigned long)
167 void __thiscall CDebugSRWLock::Leave(int,char const *,unsigned long)
168 void __thiscall CSRWLock::Leave(int)
169 int SCritSect::leave(void)
170 SFile::Load(SArchive *,char const *,void **,unsigned long *,unsigned long,unsigned long,SOVERLAPPED *)
171 SFile::LoadFile(char const *,void **,unsigned long *,unsigned long, SOVERLAPPED *)
172 SFile::Open(char const *,SFile **)
173 SFile::PollOverlapped(SOVERLAPPED *)
174 SFile::Read(class SFile *,void *,unsigned long,unsigned long *,struct SOVERLAPPED *,struct _TASYNCPARAMBLOCK *)
175 int __thiscall SEvent::Reset(void)
176 SFile::ResetOverlapped(SOVERLAPPED *)
177 int __fastcall SCreateThread(unsigned int (__stdcall *)(void*),void*,unsigned int*,void*,char*);
188 int __thiscall SEvent::Set(void)
189 SFile::SetBasePath(char const *)
190 SFile::SetFilePointer(SFile *,long,long*,unsigned long)
191 SFile::Unload(void *)
193 int __stdcall WaitMultiplePtr(BOOL bWaitAll,DWORD dwMilliseconds)
194 SFile::WaitOverlapped(struct SOVERLAPPED *)192 int __stdcall Wait(DWORD dwMilliseconds)

251 SFileAuthenticateArchive(int,int)
252 SFileCloseArchive(HANDLE hArchive)
253 SFileCloseFile(HANDLE hFile)
262 SFileDestroy()
264 SFileGetFileArchive(HANDLE hFile,int)
265 SFileGetFileSize(HANDLE hFile, int *fileSizeHigh)
266 SFileOpenArchive(char *name, int flags, int, HANDLE *hArchive)
267 SFileOpenFile(int,int)
268 SFileOpenFileEx(HANDLE hArchive, char *fileName, int, HANDLE *hFile)
269 SFileReadFile(HANDLE hFile, void *buffer, int toRead, int *read, int)
270 SFileSetBasePath(int)
271 SFileSetFilePointer(HANDLE hFile, int filePos, int *filePosHigh, int method)
272 SFileSetLocale(__int16)
273 SFileGetBasePath(int,int)
275 SFileGetArchiveName(int,int,int)
276 SFileGetFileName(int,int,int)
299 SFileAuthenticateArchiveEx(int,int,int,LONG lDistanceToMove,int,DWORD NumberOfBytesRead)

301 StormDestroy

321 SBmpDecodeImage
323 SBmpLoadImage(int,int,int,int,int,int,int)
324 SBmpSaveImageSBmpSaveImage(int,int,int,int,int,int)
325 SBmpAllocLoadImage(char *filename,int,int,int,int,int,int,int)
326 SBmpSaveImageEx(char *str,int,int,int,DWORD NumberOfBytesWritten,int,LPCVOID lpBuffer)

331 SCodeCompile(char *src,int,int,int,int,int)
332 SCodeDelete()
335 SCodeGetPseudocode(int,int,int)

341 SDrawVidDriverInitialize()
342 SDrawCaptureScreen(char *path);
343 SDrawShowCursor (?)
344 SDrawDestroy()

372 SEvtDispatch()
373 SEvtRegisterHandler()
375 SEvtUnregisterType

382 SGdi1
383 SGdi2
392 SGdi4

401 void *__stdcall SMemAlloc(int amount,char *filename,int line,int defaultValue)
403 SMemFree(int,int,int,int)
404 SMemGetSize()
405 SMemReAlloc(int,int,int,int,int);

421 int SRegLoadData(HKEY hKey,LPCSTR lpValueName,HKEY phkResult,LPBYTE lpData,int,DWORD Type);
423 int SRegQueryValue(char *key,char *value,BYTE flags,char *result)

434 STrans1
436 STrans2
437 STrans4
438 STrans3
439 STransLoadI(int,int,int,int);
440 STrans7
443 STrans5
447 STransLoadE(int,int,int,int);

451 SVidDestroy
453 SVidInitialize
454 SVidPlayBegin
455 SVidPlayBeginFromMemory
456 SVidPlayContinue
457 SVidPlayContinueSingle

461 SErrDisplayError(int,int,DWORD ExitCode,int,int,UINT uExitCode)
462 SErrGetErrorStr
463 SErrGetLastError
465 SErrSetLastError(DWORD dwErrCode)

475 ? - ProcessToken

481 SMemFindNextBlock()
482 SMemFindNextHeap()
483 SMemGetHeapByCaller()
484 SMemGetHeapByPtr()
485 SMemHeapAlloc()
486 SMemHeapCreate()
487 SMemHeapDestroy()
488 SMemHeapFree()
489 SMemHeapRealloc()
490 SMemHeapSize()
491 int SMemCpy(void *dest, void *src, int count)
494 int SMemZero(void *buf, int count)
497 SMemDumpState()

501 int SStrNCpy(char *dst, char *src, int count)
502 DWORD SStrHash(LPCSTR String, BOOLEAN IsFilename, DWORD Seed)
501 int SStrNCat(char *base, char *new, int max_length);
508 int SStrCmp(char *str1,char *str2,size_t size);
509 int SStrCmpI(char *str1,char *str2,size_t size);510 int SStrUpr(char *str)

Note - 569,571 and 570,572 are the same functions
569 char *__fastcall SStrChr(char *str,char c);
570 char *__fastcall SStrChrR(const char *str,char c);
571 char *__stdcall SStrChr(char *str,char c);
572 char *__fastcall SStrChrR(const char *str,char c);
578 SStrPrintf(char *str, size_t size, const char *format, ...);
579 SStrLwr(char *str)

548 Add to log file (not sure about official name)

601 SBigAdd(int,int,int)
602 SBigAnd(int,int,int)
603 SBigCompare(BigBuffer buf1,BigBuffer buf2)
604 SBigCopy(int,int)
605 SBigDec(int,int)
606 SBigDel(BigBuffer buf)
607 SBigDiv(int,int,int)
608 SBigFindPrime(int,int,int,int)
609 SBigFromBinary(BigBuffer *,const void *str,unsigned int num)
610 SBigFromStr(int,int)
611 SBigFromStream(int,int,int,int)
612 SBigFromUnsigned(BigBuffer buf,unsigned int value)
613 SBigGcd(int,int,int)
614 SBigInc(int,int)
615 SBigInvMod(int,int,int)
616 SBigIsEven(BigBuffer buf)
617 SBigIsOdd(BigBuffer buf)
618 SBigIsOne(BigBuffer buf)
619 SBigIsPrime(BigBuffer buf)
620 SBigIsZero(BigBuffer buf)
621 SBigMod(int,int,int)
622 SBigMul(int,int,int)
623 SBigMulMod(int,int,int,int)
624 SBigNew(BigBuffer **Buffer)
625 SBigNot(int,int)
626 SBigOr(int,int,int)
627 SBigPow(int,int,int)
628 SBigPowMod(int,int,int,int)
629 SBigRand(int,int,int)
630 SBigSet2Exp(int,int)
631 SBigSetOne(BigBuffer *buf)
632 SBigSetZero(BigBuffer *buf)
633 SBigShl(int,int,int)
634 SBigShr(int,int,int)
635 SBigSquare(int,int)
636 SBigSub(int,int,int)
637 SBigToBinaryArray(int,int,int)
638 SBigToBinaryBuffer(int,int,int,int)
639 SBigToBinaryPtr(int,int,int)
640 SBigToStrArray(int,int)
641 SBigToStrBuffer(int,char *dst,int count)
642 SBigToStrPtr(int,int)
643 SBigToStreamArray(int,int,int)
644 SBigToStreamBuffer(int,int,int,int)
645 SBigToStreamPtr(int,int,int)
646 SBigToUnsigned(int,int)
647 SBigXor(int,int,int)

649 SSignatureVerifyStream_Begin(int)
648 SSignatureVerify(int,int,int,int)
650 SSignatureVerifyStream_ProvideData(int)
651 SSignatureVerifyStream_Finish(int)
652 SSignatureGenerate(int,int,int,int,int,int)
653 SSignatureVerifyStream_GetSignatureLength()

[/code]

Thanks goes to iago, not myself.

December 4, 2007, 1:31 AM

BreW

[quote author=brew link=topic=17204.msg175208#msg175208 date=1196728787]
The one posted a while back is lacking 493 among others
[/quote]

December 4, 2007, 2:07 AM

dlStevens

That's lacking 493 of them?

December 4, 2007, 3:00 AM

Barabajagal

Ordinal #493, entry point 0x00022410.

December 4, 2007, 3:15 AM

warz

The question is... are the rest significant?

December 4, 2007, 7:32 AM

iago

As far as I know, my list (http://www.javaop.com/~ron/documents/Storm.txt) is the most complete one that's ever been posted. If you need others, ask me about my consultancy fees. ;)

December 4, 2007, 2:58 PM

Barabajagal

Just wondering, but what's all the SBig stuff about?

December 4, 2007, 8:38 PM

BreW

[quote author=Andy link=topic=17204.msg175236#msg175236 date=1196800713]
Just wondering, but what's all the SBig stuff about?
[/quote]
Probably BigInteger arithmetic operations for something that requires big integers. (nls)

iago: What method did you use to find them in the first place? and what are the consultancy fees that you speak of?

December 4, 2007, 9:04 PM

Barabajagal

why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?

December 4, 2007, 9:33 PM

BreW

[quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037]
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
[/quote]
probably. My guess is that they'd be actually int pointers.
I'm still not sure about #493, but i think i have a good idea of what it does:
[code]
19019DFA 85C0 TEST EAX,EAX
19019DFC 76 24 JBE SHORT battle.19019E22
19019DFE 3BF8 CMP EDI,EAX
19019E00 76 11 JBE SHORT battle.19019E13
19019E02 8BD7 MOV EDX,EDI
edi = globaldwordarray[5]
19019E04 2BD0 SUB EDX,EAX
19019E06 52 PUSH EDX
19019E07 03C6 ADD EAX,ESI
19019E09 50 PUSH EAX
19019E0A 56 PUSH ESI
19019E0B E8 629EFEFF CALL <JMP.&storm.#493>
19019E10 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
//notice how eax isn't very important here
19019E13 2BF8 SUB EDI,EAX //subtract the base addr of the warden crap ptr from edi, probably another length
19019E15 A1 18640419 MOV EAX,DWORD PTR DS:[19046418]
// that one global that points to a base address for the interesting dword array
[/code]

[code]
....
if (eax) {
if (edi >= eax) {
storm493(esi, esi + eax, edx - eax);
eax = wardendataptr;
edi -= eax;
}
}
....
[/code]
esi is the dest.
esi + eax is the source.
edx - eax is the length.
it looks like it's a memmove, because it's copying over the lower memory address from a higher one (they look close), and to guarentee no corruption, it MUST be a memmove.
so this should be added to that ordinal listing:
493 int SMemMove(void *dest, void *src, int count)

December 4, 2007, 10:36 PM

iago

[quote author=brew link=topic=17204.msg175239#msg175239 date=1196802271]
[quote author=Andy link=topic=17204.msg175236#msg175236 date=1196800713]
Just wondering, but what's all the SBig stuff about?
[/quote]
Probably BigInteger arithmetic operations for something that requires big integers. (nls)

iago: What method did you use to find them in the first place? and what are the consultancy fees that you speak of?
[/quote]

Depends. In some cases I reverse engineered them, and in others I compared the normal storm.dll to the mac storm.dll (which has names), and found which functions call which other functions, and sometimes which functions do the same thing. You can figure out quite a lot from just those simple things without barely knowing assembly. But I think I got all the easy ones like that. :)

[quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037]
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
[/quote]
int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.

December 5, 2007, 1:36 AM

Barabajagal

[quote author=iago link=topic=17204.msg175260#msg175260 date=1196818593]
[quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037]
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
[/quote]
int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.
[/quote]Ya, Blake said they were most likely pointers. Maybe if I care enough some day, I'll add NLS handling to my little hashing DLL using Storm for BigInt.

December 5, 2007, 2:14 AM

iago

[quote author=Andy link=topic=17204.msg175263#msg175263 date=1196820891]
[quote author=iago link=topic=17204.msg175260#msg175260 date=1196818593]
[quote author=Andy link=topic=17204.msg175241#msg175241 date=1196804037]
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
[/quote]
int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.
[/quote]Ya, Blake said they were most likely pointers. Maybe if I care enough some day, I'll add NLS handling to my little hashing DLL using Storm for BigInt.
[/quote]
I don't recommend using storm.dll for bigint stuff, it isn't the best library. There are several free ones if you look.

December 5, 2007, 2:40 AM

Barabajagal

The point would be that the user already has storm.dll...

December 5, 2007, 3:11 AM

iago

I don't have storm.dll installed anywhere on my machine. Though I suppose if you're using it for a hash file, that's possible, but if you're distributing storm.dll then you're already walking the line between legal and illegal use, calling functions might make that problem worse.

Wouldn't it make more sense to link in a library, then you don't have to worry? Or even to install a binary library along with your program?

December 5, 2007, 5:09 PM

warz

I pray for the day to come, when Andy cares enough to implement storm stuff into his whatever dll. ::)

December 5, 2007, 6:36 PM

Barabajagal

Ow. Your sarcasm has caused great damage to my feelings. I will forever hang my head in shame.

iago, storm.dll is required for Warcraft 3 local hashing, and my dll is used as part of local hashing. Therefore, it would only make logical sense to use the tools that must already exist to get a job done.

December 5, 2007, 8:29 PM

Valhalla Legends Forums Archive | Battle.net Bot Development | storm.dll ordinals?