Assembly Language (any cpu)

Author	Message	Time
UserLoser	Is there anyone here willing to write a short tutorial on how to use IDA Pro, and WinDbg, showing how to find things such as where the recieved data from battle.net is processed in storm.dll (or battle.snp, i don't know that's why i'm asking), where data is sent, packet ids and names, ect, for starcraft? this way from there, i can hopefully teach my self, along with reading other documents - so i could start to understand this, and learn it hopefully	November 1, 2003, 8:15 PM
iago	Id' recommend Softice :)	November 1, 2003, 10:26 PM
indulgence	[quote author=UserLoser link=board=7;threadid=3361;start=0#msg26830 date=1067717752] Is there anyone here willing to write a short tutorial on how to use IDA Pro, and WinDbg, showing how to find things such as where the recieved data from battle.net is processed in storm.dll (or battle.snp, i don't know that's why i'm asking), where data is sent, packet ids and names, ect, for starcraft? this way from there, i can hopefully teach my self, along with reading other documents - so i could start to understand this, and learn it hopefully [/quote] It's initially processed through battle.snp ;) just load battle.snp up in IDA (its just a renamed dll)	November 2, 2003, 4:35 AM
Paul	Expanding on iago's comment... Finding send(): 1.) Launch Starcraft 2.) Load WSOCK32.dll into SoftICE's Symbol Loader. Ctrl+D into Ice and type: bpx send from the command line. 3.) Return to Stracraft 4.) /join Random Channel 5.) SoftICE will pop up. Press F11 to goto the piece of code that called send(). 6.) Check registers for packet data. Cmd in SoftICE to do this is: d register. Example: d ecx, d eax, d edx etc... Finding recv(): Steps above, but bpx recv! Some crappy hack I wrote along time ago for Diablo Shareware V1.09 that might help you asfar as the recv'd data is handled in Battle.snp. It can be found here: http://gamehackers.net/garbage/Decensor.dat If you're interested in finding send() you can point yourself to this thread, it might help somewhat: http://forums.blizzhackers.com/phpBB2/viewtopic.php?t=105629	November 2, 2003, 4:55 AM
indulgence	If you are going to use IDA - Use 4.5+ as it has a built in debugger (not a system level debugger like softice -- but you are only debugging starcraft/diablo/warcraft im sure, and not device drivers or the like) http://www.exetools.com/forum/ - find the ftp address + login info [its in the news & announcements forum] they have 4.50 on the ftp in the incoming folder	November 2, 2003, 12:09 PM
Etheran	[quote author=Paul link=board=7;threadid=3361;start=0#msg26953 date=1067748944] Expanding on iago's comment... Finding send(): 1.) Launch Starcraft 2.) Load WSOCK32.dll into SoftICE's Symbol Loader. Ctrl+D into Ice and type: bpx send from the command line. 3.) Return to Stracraft 4.) /join Random Channel 5.) SoftICE will pop up. Press F11 to goto the piece of code that called send(). 6.) Check registers for packet data. Cmd in SoftICE to do this is: d register. Example: d ecx, d eax, d edx etc... Finding recv(): Steps above, but bpx recv! Some crappy hack I wrote along time ago for Diablo Shareware V1.09 that might help you asfar as the recv'd data is handled in Battle.snp. It can be found here: http://gamehackers.net/garbage/Decensor.dat If you're interested in finding send() you can point yourself to this thread, it might help somewhat: http://forums.blizzhackers.com/phpBB2/viewtopic.php?t=105629 [/quote]WinDbg can do all of that too! and it doesn't crash my computer like softice does..	November 3, 2003, 11:07 PM
iago	Softice writes directly to the display adapter. I find that when I use windbg and other debuggers, they popup below a fullscreen ap like Starcraft so I can't see what's happening. Softice displays on top of everything.	November 4, 2003, 5:13 AM
Skywing	[quote author=iago link=board=7;threadid=3361;start=0#msg27296 date=1067922783] Softice writes directly to the display adapter. I find that when I use windbg and other debuggers, they popup below a fullscreen ap like Starcraft so I can't see what's happening. Softice displays on top of everything. [/quote] Run Starcraft in a desktop other than Winsta0\Default and run WinDbg in Winsta0\Default. Then you simply need to switch desktops (say, by an application running on both desktops that registers a hotkey) and you're set. Alternatively you could run Starcraft in a Terminal Server session.	November 4, 2003, 6:51 PM

Author

Message

Time

UserLoser

Is there anyone here willing to write a short tutorial on how to use IDA Pro, and WinDbg, showing how to find things such as where the recieved data from battle.net is processed in storm.dll (or battle.snp, i don't know that's why i'm asking), where data is sent, packet ids and names, ect, for starcraft? this way from there, i can hopefully teach my self, along with reading other documents - so i could start to understand this, and learn it hopefully

November 1, 2003, 8:15 PM

iago

Id' recommend Softice :)

November 1, 2003, 10:26 PM

indulgence

[quote author=UserLoser link=board=7;threadid=3361;start=0#msg26830 date=1067717752]
Is there anyone here willing to write a short tutorial on how to use IDA Pro, and WinDbg, showing how to find things such as where the recieved data from battle.net is processed in storm.dll (or battle.snp, i don't know that's why i'm asking), where data is sent, packet ids and names, ect, for starcraft? this way from there, i can hopefully teach my self, along with reading other documents - so i could start to understand this, and learn it hopefully
[/quote]

It's initially processed through battle.snp ;) just load battle.snp up in IDA (its just a renamed dll)

November 2, 2003, 4:35 AM

Paul

Expanding on iago's comment...

Finding send():
1.) Launch Starcraft
2.) Load WSOCK32.dll into SoftICE's Symbol Loader. Ctrl+D into Ice and type: bpx send from the command line.
3.) Return to Stracraft
4.) /join Random Channel
5.) SoftICE will pop up. Press F11 to goto the piece of code that called send().
6.) Check registers for packet data. Cmd in SoftICE to do this is: d register. Example: d ecx, d eax, d edx etc...

Finding recv():
Steps above, but bpx recv!

Some crappy hack I wrote along time ago for Diablo Shareware V1.09 that might help you asfar as the recv'd data is handled in Battle.snp. It can be found here: http://gamehackers.net/garbage/Decensor.dat

If you're interested in finding send() you can point yourself to this thread, it might help somewhat: http://forums.blizzhackers.com/phpBB2/viewtopic.php?t=105629

November 2, 2003, 4:55 AM

indulgence

If you are going to use IDA - Use 4.5+ as it has a built in debugger (not a system level debugger like softice -- but you are only debugging starcraft/diablo/warcraft im sure, and not device drivers or the like)

http://www.exetools.com/forum/ - find the ftp address + login info [its in the news & announcements forum]
they have 4.50 on the ftp in the incoming folder

November 2, 2003, 12:09 PM

Etheran

[quote author=Paul link=board=7;threadid=3361;start=0#msg26953 date=1067748944]
Expanding on iago's comment...

Finding send():
1.) Launch Starcraft
2.) Load WSOCK32.dll into SoftICE's Symbol Loader. Ctrl+D into Ice and type: bpx send from the command line.
3.) Return to Stracraft
4.) /join Random Channel
5.) SoftICE will pop up. Press F11 to goto the piece of code that called send().
6.) Check registers for packet data. Cmd in SoftICE to do this is: d register. Example: d ecx, d eax, d edx etc...

Finding recv():
Steps above, but bpx recv!

Some crappy hack I wrote along time ago for Diablo Shareware V1.09 that might help you asfar as the recv'd data is handled in Battle.snp. It can be found here: http://gamehackers.net/garbage/Decensor.dat

If you're interested in finding send() you can point yourself to this thread, it might help somewhat: http://forums.blizzhackers.com/phpBB2/viewtopic.php?t=105629
[/quote]WinDbg can do all of that too! and it doesn't crash my computer like softice does..

November 3, 2003, 11:07 PM

iago

Softice writes directly to the display adapter. I find that when I use windbg and other debuggers, they popup below a fullscreen ap like Starcraft so I can't see what's happening. Softice displays on top of everything.

November 4, 2003, 5:13 AM

Skywing

[quote author=iago link=board=7;threadid=3361;start=0#msg27296 date=1067922783]
Softice writes directly to the display adapter. I find that when I use windbg and other debuggers, they popup below a fullscreen ap like Starcraft so I can't see what's happening. Softice displays on top of everything.
[/quote]
Run Starcraft in a desktop other than Winsta0\Default and run WinDbg in Winsta0\Default. Then you simply need to switch desktops (say, by an application running on both desktops that registers a hotkey) and you're set.

Alternatively you could run Starcraft in a Terminal Server session.

November 4, 2003, 6:51 PM

Valhalla Legends Forums Archive | Assembly Language (any cpu) | WinDbg & IDA