Valhalla Legends Forums Archive | Battle.net Bot Development | Question about D2GS 0x68

AuthorMessageTime
JayTee
Hi guys,

firstly, thanks for many productive posts that helped me to understand the basics of BNCS, MCP and D2GS ... but now I have a question:

My programming was based on your D2GS documentation from https://davnit.net/bnet/vL/index.php/topic,11756.msg115221.html#msg115221.

The format of the D2GS 0x68 packet seems to have changed (maybe with the last patch, 1.13 ?), here is a log from my sniffer:

0030:                              68 32 CE C9 16 DB 01 03 0D 00
0040:  00 00 50 CC 5D ED B6 19 A5 91 02 6C 77 73 00 68
0050:  A8 75 4A 29 AF 6F 01 00 00 00 00

- D2GS Hash: 32 CE C9 16 (OK)
- D2GS Token: DB 01 (OK)
- Char: 03 (Pala - OK)
- Version: 0D 00 00 00 (differs from documentation - surely because of the new patch ?!)
- Constant 1: 50 CC 5D ED (OK)
- Constant 2: B6 19 A5 91 (OK)
- Unknown Byte: 02 (not OK - your documentation says 00)
- Strand with integrated character name: 6C 77 73 00 68 A8 75 4A 29 AF 6F 01 00 00 00 00 (not OK)

My main problem is the last point of the list: The name of my character is "lws", followed by 00. But this strand doesn't look like the one in your documentation.

Another interesting fact: I compared this to a network log I captured about two weeks ago - and found a third strand:

00 00 00 00 B5 D6 77 9A 81 B3 6F 4B 00 00 00 00 <- strand from documentation
00 00 00 00 68 A8 75 4A 29 AF 6F 01 00 00 00 00 <- strand generated from my log
00 00 00 00 68 57 77 4A 29 AF 6F 01 00 00 00 00 <- strand generated from my log (two weeks ago)

As you can see, bytes 6 and 7 seem to vary ...

I am really confused about this stuff - can anyone help me, please ?
May 15, 2011, 10:34 AM
Ribose
[quote author=JayTee link=topic=18286.msg185213#msg185213 date=1305455666]
- Version: 0D 00 00 00 (differs from documentation - surely because of the new patch ?!)
[/quote]
Since the verbyte at the time of that post was 0x0B and now it's 0x0D, it's obviously the verbyte (the same one you need to log on). If you didn't realize that from the post you linked to, you should probably stop...

I've never worked with D2GS so I couldn't tell you where that data comes from, but I just wanted to answer that part for you.
May 16, 2011, 6:29 AM
JayTee
Thanks for your answer, of course I have identified the verbyte, but did not explain that clearly, sorry ...  ::)

But, as said above, I am really interested in the hex strand - and it seems to change per day ...
Today, it is 00 00 00 00 68 29 77 4A 29 AF 6F 01 00 00 00 00


EDIT: Okay, after a long time I took another look on this stuff and found the easy answer: It's just random stack rubbish. The function which constructs the 0x68-packet calls SUB ESP, 28h in the beginning and starts to write the data. Because it doesn't zero the strand before copying the character's name to it, these bytes remain. At the moment, for example, there are two returning addresses (one inside USER32.DLL, another inside D2CLIENT.DLL) and a parameter for GetSystemMetrics() in it, but this may change from patch to patch.

The other unknown byte (00 in documentation, 02 in my post) results from a call to D2Lang_10001 and retrieves the language ID which was English in the documentation and German for me.
May 16, 2011, 3:37 PM

Search