| Author | Message | Time |
|---|---|---|
| Fr3DBr | The following is one of the analisys im performing on 0x02 packet. [code] [WARDEN REQUEST S->C] [OPCODE : 0x02] [LENGTH : 000156 BYTES] OFFSET 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | 0123456789ABCDEF -------------------------------------------------------------------------- 000000 0C 44 32 43 6C 69 65 6E 74 2E 64 6C 6C 09 44 32 .D2Client.dll.D2 000010 57 69 6E 2E 64 6C 6C 0A 75 73 65 72 33 32 2E 64 Win.dll.user32.d 000020 6C 6C 0C 50 65 65 6B 4D 65 73 73 61 67 65 41 00 ll.PeekMessageA. 000030 BC 39 0D 10 EB 12 7A A7 CD 99 55 A0 A3 57 25 57 .9....z...U..W%W 000040 9D 2F E9 DB A5 A4 12 3B 82 E4 E8 00 00 0D 38 01 ./.....;......8. 000050 60 BB 07 00 04 38 02 8F D9 00 00 08 BC 0F E6 C0 `....8.......... 000060 57 6F 6F DF 01 ED EB 70 9D 63 2D 02 02 F1 DB 05 Woo....p.c-..... 000070 23 9A 0B 00 FA F8 D7 06 00 30 D3 D2 7B E0 63 92 #........0..{.c. 000080 E0 C6 03 27 51 43 AF 0F C5 6D 6D B4 2A 3D 18 7F ...'QC...mm.*=.. 000090 6B 97 C7 03 04 02 33 0C 00 1E 29 k.....3...) -------------------------------------------------------------------------- C:\Users\Fr3DBr\Desktop\D2 Bot\Debug>TestSec.exe - Parsing String Array : - [01] D2Client.dll - [02] D2Win.dll - [03] user32.dll - [04] PeekMessageA - Parsing Command Instructions - Page Check : ADDR[ 0x0D0000E8 ] - Hex : BC390D10EB127AA7CD9955A0A35725579D2FE9DBA5A4123B82E4E800000D - Memory Check : FILE[ D2Client.dll ] ADDR[ 0x0007BB60 ] - Hex : 380160BB070004 - Memory Check : FILE[ D2Win.dll ] ADDR[ 0x0000D98F ] - Hex : 38028FD9000008 - Page Check : ADDR[ 0x300006D7 ] - Hex : BC0FE6C0576F6FDF01EDEB709D632D0202F1DB05239A0B00FAF8D7060030 - Unknown Check - Hex : D3D2 - Windows API Check : FILE[ user32.dll ] SYMBOL[ PeekMessageA ] - Hex : 7BE06392E0C603275143AF0FC56D6DB42A3D187F6B97C7030402330C001E C:\Users\Fr3DBr\Desktop\D2 Bot\Debug> [/code] The question is, anyone wonder what are the bytes D3D2 ? i didnt found any 'matching' condition and i dunno what to answer in that case. | January 27, 2010, 3:07 AM |
| HdxBmx27 | [code]MEM_CHECK: S->C: (UInt8) Library Index (UInt32) Address (UInt8) Length C->S: (UInt8) Result: 0: Success, 1: Failure If Result == Success Then (UInt8[Length]) Memory Data PAGE_CHECK_A/B: S->C: (UInt32) Seed (UInt8[20]) SHA1 (UInt32) Address (UInt8) Length C->S: (UInt8) Result: Module specific, 0x00, or 0xE9 for failure MPQ_FILE_CHECK: S->C: (UInt8) File Name Index C->S: (UInt8) Result: 0: Success 1: Failed If Result == Success Then (UInt8[20]) SHA1 Hash of file LUA_STRING_CHECK: S->C: (UInt8) String Index C->S: (UInt8) Result? Only ever seen 0x00 (UInt8) Length (UInt8[Length]) Data DRIVER_CHECK: S->C: (UInt32) Seed (UInt8[20]) SHA1 (UInt8) Name Index C->S: (UInt8) Result: Module specific, 0x00, or 0xE9 for failure TIMING_CHECK: S->C: [Blank] C->S: (UInt32) GetTickCount FUNCTION_CHECK: S->C: (UInt32) Seed (UInt8[20]) SHA1 (UInt8) Library Index (UInt8) Function Index (UInt32) Address (UInt8) Length C->S: (UInt8) Result: Module specific, 0x00, or 0xE9 for failure MODULE_CHECK: S->C: (UInt32) Seed (UInt8[20]) SHA1 C->S: (UInt8) Result: Module specific, 0x00, or 0xE9 for failure[/code] Anyways those 2 bytes are part of the function check | January 28, 2010, 8:58 PM |
| Fr3DBr | wow very nice hdx, coding this right now :) so we can see the stability | January 30, 2010, 1:16 PM |