| Author | Message | Time |
|---|---|---|
| n00blar | This information is from a jump table called in the RecvThreadProc, my brother indulg traced and documented the packets! heh =p [code] // jump table called in RecvDataThread to identify the packet type // PKT_GAMEDATA = 0x00 // PKT_CLIENTREQ = 0x03 // PKT_SERVERPING = 0x05 // PKT_SELFPING = 0x06 // PKT_KEEPALIVE = 0x07 // PKT_CONNTEST = 0x08 // PKT_CONNTEST2 = 0x09 // SID_NULL = 0x00 // SID_STOPADV = 0x05 // SID_SERVERLIST = 0x06 // SID_CLIENTID = 0x07 // SID_STARTVERSIONING = 0x08 // SID_REPORTVERSION = 0x09 // SID_GETADVLISTEX = 0x0A // SID_ENTERCHAT = 0x0B // SID_GETCHANNELLIST = 0x0C // SID_JOINCHANNEL = 0x0D // SID_CHATCOMMAND = 0x0E // SID_CHATEVENT = 0x0F // SID_LEAVECHAT = 0x10 // SID_LOCALEINFO = 0x12 // SID_FLOODDETECTED = 0x13 // SID_UDPPINGRESPONSE = 0x14 // SID_CHECKAD = 0x15 // SID_CLICKAD = 0x17 // SID_QUERYMEM = 0x18 // SID_MESSAGEBOX = 0x19 // SID_STARTADVEX2 = 0x1A // SID_GAMEDATAADDRESS = 0x1B // SID_STARTADVEX3 = 0x1C // SID_LOGONCHALLENGEEX = 0x1E // SID_CLIENTID2 = 0x1F // SID_BROADCAST = 0x20 // SID_DISPLAYAD = 0x21 // SID_NOTIFYJOIN = 0x22 // SID_SETCOOKIE = 0x23 // SID_GETCOOKIE = 0x24 // SID_PING = 0x25 // SID_READUSERDATA = 0x26 // SID_WRITEUSERDATA = 0x27 // SID_LOGONCHALLENGE = 0x28 // SID_LOGONRESPONSE = 0x29 // SID_CREATEACCOUNT = 0x2A // SID_SYSTEMINFO = 0x2B // SID_GAMERESULT = 0x2C // SID_GETICONDATA = 0x2D // SID_GETLADDERDATA = 0x2E // SID_FINDLADDERUSER = 0x2F // SID_CDKEY = 0x30 // SID_CHANGEPASSWORD = 0x31 // SID_GETFILETIME = 0x32 // SID_CDKEY2 = 0x33 // SID_CHECKDATAFILE2 = 0x34 // SID_CREATEACCOUNT2 = 0x35 // SID_STARTVERSIONING2 = 0x36 // SID_QUERYADURL = 0x37 // SID_CDKEY3 = 0x38 // SID_AUTH_INFO = 0x50 // SID_AUTH_CHECK = 0x51 // SID_AUTH_ACCOUNTCREATE = 0x52 // SID_AUTH_ACCOUNTLOGON = 0x53 // SID_AUTH_ACCOUNTLOGONPROOF = 0x54 // SID_AUTH_ACCOUNTCHANGE = 0x55 // SID_AUTH_ACCOUNTCHANGEPROOF = 0x56 // SID_AUTH_ACCOUNTUPGRADE = 0x57 // SID_AUTH_ACCOUNTUPGRADEPROOF = 0x58 // SID_AUTH_RECONNECT = 0x59 // SID_AUTH_RECONNECTPROOF = 0x5A // SID_AUTH_DISCONNECT = 0x5B // SID_UNK = 0x5C // SN_ADDCHANNEL = 0x01 // SN_DELETECHANNEL = 0x02 // SN_JOINCHANNEL = 0x03 // SN_ADDUSER = 0x04 // SN_DELETEUSER = 0x05 // SN_DISPLAYSTRING = 0x06 // SN_DOWNLOADING = 0x08 // SN_DOWNLOADFAILED = 0x09 // SN_DOWNLOADSUCCEEDED = 0x0A // SN_FAILEDTOCONNECT = 0x0B // SN_USERNAME = 0x0C // SN_LOSTCONNECTION = 0x0D // SN_CHANGEUSERFLAGS = 0x0E // SN_CHANNELLISTISFULL = 0x10 // SN_CHANNELDOESNOTEXIST = 0x11 // SN_CHANNELISRESTRICTED = 0x12 // SN_SQUELCHUSER = 0x13 // SN_UNSQUELCHUSER = 0x14 // SN_BADCONNECTION = 0x15 // SN_SETADINFO = 0x16 // SN_DISPLAYAD = 0x17 // SN_MESSAGEBOX = 0x18 // SN_ICONDATA = 0x19 // SN_TOS = 0x1A // SN_BNSERVER_INI = 0x1B // SN_FAILEDTOCONNECTEXT = 0x1C // SN_UNIQUEICONDATA = 0x1D [/code] | January 2, 2003, 2:56 PM |
| Skywing | Yes. I've been using those IDs for some time. The SN_ codes are for the Battle.snp GUI and have no relation to Battle.net messages. Also, I think you've got some errors in that table. SID_CLIENTID2 is not 0x1f, it's 0x1e. I recommend making a program to automatically dump tables such as that instead of doing it manually which introduces errors like this frequently for tables of this size. | January 2, 2003, 3:46 PM |
| Arta | Also, several of those are incorrect :) | January 2, 2003, 6:36 PM |
| indulgence | Yes more than 1 is incorrect... I was half asleep when i wrote it... and havent edited it... :yawn: | January 4, 2003, 1:47 AM |
| MrRaza | how about you post some corrections ;) | January 4, 2003, 1:28 PM |
| Skywing | [quote]how about you post some corrections ;)[/quote] You could try and find them on your own, and then you'd have no worries about errors, right? ;) | January 4, 2003, 4:07 PM |
| Etheran | How about a tutorial on how you would find something like this? :) | January 4, 2003, 8:50 PM |
| Zakath | I don't even know all the SIDs. :-[ | January 4, 2003, 11:40 PM |
| indulgence | Uh -- I think i should take skywings advice on how to retrieve the full list... There is a big jumptable for those IDs... they are for debug output... :x --- You do know all the SID's they are listed above -- there are just some errors on their values... | January 4, 2003, 11:43 PM |
| Zakath | I was talking about what I'd found on my own, kthx. A couple parts of my bot aren't as nice as I'd like yet...my Connection class could use a few upgrades when I get around to it...sigh...so much work still to do... | January 4, 2003, 11:51 PM |
| st0rmmage | Softice, bpx recv. Trace through (F10) till you see the symbol SID_something show up. Open up the process and jump to the address and see what's there. | January 4, 2003, 11:57 PM |
| indulgence | SID_??? results will be a return value from a function... | January 5, 2003, 12:26 AM |
| Skywing | The way I did it was to write a small HDL to call the function which translates a packet id into a packet name repeatedly for 0 through 0xff, logging the results to a file. | January 5, 2003, 12:34 PM |
| indulgence | :boo: thats what i was going to do just now | January 7, 2003, 2:13 AM |
| indulgence | Here are reliable results straight from battle.snp [code] 0x00: SID_NULL 0x02: SID_STOPADV 0x04: SID_SERVERLIST 0x05: SID_CLIENTID 0x06: SID_STARTVERSIONING 0x07: SID_REPORTVERSION 0x09: SID_GETADVLISTEX 0x0A: SID_ENTERCHAT 0x0B: SID_GETCHANNELLIST 0x0C: SID_JOINCHANNEL 0x0E: SID_CHATCOMMAND 0x0F: SID_CHATEVENT 0x10: SID_LEAVECHAT 0x12: SID_LOCALEINFO 0x13: SID_FLOODDETECTED 0x14: SID_UDPPINGRESPONSE 0x15: SID_CHECKAD 0x16: SID_CLICKAD 0x17: SID_QUERYMEM 0x19: SID_MESSAGEBOX 0x1A: SID_STARTADVEX2 0x1B: SID_GAMEDATAADDRESS 0x1C: SID_STARTADVEX3 0x1D: SID_LOGONCHALLENGEEX 0x1E: SID_CLIENTID2 0x20: SID_BROADCAST 0x21: SID_DISPLAYAD 0x22: SID_NOTIFYJOIN 0x23: SID_SETCOOKIE 0x24: SID_GETCOOKIE 0x25: SID_PING 0x26: SID_READUSERDATA 0x27: SID_WRITEUSERDATA 0x28: SID_LOGONCHALLENGE 0x29: SID_LOGONRESPONSE 0x2A: SID_CREATEACCOUNT 0x2B: SID_SYSTEMINFO 0x2C: SID_GAMERESULT 0x2D: SID_GETICONDATA 0x2E: SID_GETLADDERDATA 0x2F: SID_FINDLADDERUSER 0x30: SID_CDKEY 0x31: SID_CHANGEPASSWORD 0x33: SID_GETFILETIME 0x36: SID_CDKEY2 0x3C: SID_CHECKDATAFILE2 0x3D: SID_CREATEACCOUNT2 0x3F: SID_STARTVERSIONING2 0x41: SID_QUERYADURL 0x42: SID_CDKEY3 0x50: SID_AUTH_INFO 0x51: SID_AUTH_CHECK 0x52: SID_AUTH_ACCOUNTCREATE 0x53: SID_AUTH_ACCOUNTLOGON 0x54: SID_AUTH_ACCOUNTLOGONPROOF 0x55: SID_AUTH_ACCOUNTCHANGE 0x56: SID_AUTH_ACCOUNTCHANGEPROOF 0x57: SID_AUTH_ACCOUNTUPGRADE 0x58: SID_AUTH_ACCOUNTUPGRADEPROOF 0x59: SID_AUTH_RECONNECT 0x5A: SID_AUTH_RECONNECTPROOF 0x5B: SID_AUTH_DISCONNECT 0x01: SN_ADDCHANNEL 0x02: SN_DELETECHANNEL 0x03: SN_JOINCHANNEL 0x04: SN_ADDUSER 0x05: SN_DELETEUSER 0x06: SN_DISPLAYSTRING 0x08: SN_DOWNLOADINGUPGRADE 0x09: SN_DOWNLOADFAILED 0x0A: SN_DOWNLOADSUCCEEDED 0x0B: SN_FAILEDTOCONNECT 0x0C: SN_USERNAME 0x0D: SN_LOSTCONNECTION 0x0E: SN_CHANGEUSERFLAGS 0x10: SN_CHANNELISFULL 0x11: SN_CHANNELDOESNOTEXIST 0x12: SN_CHANNELISRESTRICTED 0x13: SN_SQUELCHUSER 0x14: SN_UNSQUELCHUSER 0x15: SN_BADCONNECTION 0x16: SN_SETADINFO 0x17: SN_DISPLAYAD 0x18: SN_MESSAGEBOX 0x19: SN_ICONDATA 0x1A: SN_TOS 0x1B: SN_BNSERVER_INI 0x1C: SN_FAILEDTOCONNECTEXT 0x1D: SN_UNIQUEICONDATA 0x00: PKT_GAMEDATA 0x03: PKT_CLIENTREQ 0x05: PKT_SERVERPING 0x06: PKT_SELFPING 0x07: PKT_KEEPALIVE 0x08: PKT_CONNTEST 0x09: PKT_CONNTEST2 [/code] | January 13, 2003, 4:57 AM |
| tA-Kane | My guess would be a Handle, but that's probably more like HNDL instead of HDL. Perhaps *something* dynamic library? | January 15, 2003, 6:48 AM |
| Zakath | It's a type of hack file. I would guess it modifies things in memory when the program it affects is running? Adron has some info about HDLs at his site, IIRC. | January 15, 2003, 11:28 PM |
| indulgence | its sexy :D a dll with local access to a process' memory... | January 16, 2003, 5:26 AM |
| Etheran | It's a hook DLL, I believe. I know about windows hooks, but I don't understand HDL's. EDIT: When I said I know about windows hooks, I mean I only know of them. I have yet to read about them, but I will in time. | January 16, 2003, 7:07 AM |
| tA-Kane | Sounds like fun ;D | January 16, 2003, 12:30 PM |
| Yoni | http://www.valhallalegends.com/yoni/SampleHDL.zip :) | January 18, 2003, 8:57 AM |
| Coltz | heh you got the link in the right place this time yoni ;) | January 18, 2003, 2:04 PM |
| zorm | Found the function in IDA, now how do i go figuring out the args it takes and what it returns? | January 20, 2003, 4:43 AM |
| Etheran | think about how it works.. look at the instructions. [code] .text:19015D80 cmp ecx, 5Bh .text:19015D83 ja loc_19015F0C .text:19015D89 xor eax, eax .text:19015D8B mov al, ds:byte_19016024[ecx] .text:19015D91 jmp ds:off_19015F28[eax*4] [/code] ecx is the id. if it's above 5B it breaks out of the "switch". so instead of pushing onto the stack, put your id in ecx. | January 20, 2003, 5:56 AM |
| indulgence | since this is apparently public domain now -- heres my lil c++ routine contribution... did at 4 am lol... [code] FILE *stream; BYTE bSID = 0; char* szTemp; if (!(stream = fopen ("C:\\SID_Output.txt", "a"))) { sprintf (t, "Unable to append C:\\PktID.txt"); server->GamePrintError (t); return TRUE; } __asm { sidloop: mov ecx, bSID push 0x19015D80 ret mov szTemp, eax } sprintf (swi, "%#.2x: %s", b, *szTemp); fprintf (stream, "%s\n", swi); if (bSID == 0xFF) { goto closesid } bSID++; goto sidloop; closesid: fclose (stream); delete stream; [/code] This is assuming its being called from within SC Memory space... Obviously :) | January 20, 2003, 7:54 AM |
| Skywing | Aren't you going to need to push your return address too? Otherwise I don't see how that will avoid crashing. | January 21, 2003, 9:03 AM |
| Adron | Alternative #1, using call [code] __asm { sidloop: mov ecx, bSID mov eax, 0x19015D80 call eax mov szTemp, eax } sprintf (swi, "%#.2x: %s", b, *szTemp); fprintf (stream, "%s\n", swi); if (bSID == 0xFF) { goto closesid } bSID++; goto sidloop; [/code] Alternative #2, using no assembly (should work in msvc++) [code] typedef char *__fastcall sid2sfunc(BYTE); sid2sfunc *sid2s = (sid2sfunc*)0x19015D80; do { szTemp = sid2s(bSID); sprintf (swi, "%#.2x: %s", b, *szTemp); fprintf (stream, "%s\n", swi); } while(bSid++ != 0xff) [/code] | January 21, 2003, 10:26 AM |
| tA-Kane | Is it not possible to display those tables, but for something else? Such as, event IDs for packet SID_CHATEVENT? Or perhaps getting all the names of possible values in various unknown? | January 21, 2003, 1:53 PM |
| Skywing | [quote]Is it not possible to display those tables, but for something else? Such as, event IDs for packet SID_CHATEVENT? Or perhaps getting all the names of possible values in various unknown?[/quote] Those have been available for years in the GreetBot source code provided by Blizzard. | January 21, 2003, 2:03 PM |
| zorm | ah thanks for the info. | January 21, 2003, 9:58 PM |