| Author | Message | Time |
|---|---|---|
| UserLoser. | How many of you out there are recieving packet 0x4A right now as you log on and have absolutely oblivious to what it's for?! Well, if you're in that crowd, then here's the code for you! (Well, not all of it): Special thanks to TheMinistered! [code] typedef BOOL (__fastcall ExtraWorkProc)(void *); enum GameType { Diablo2 = 1, Warcraft3 = 2, Starcraft = 3, WorldOfWarcraft = 4 }; struct EXTRAWORK { WORD GameType; WORD Length; char OutBuffer[1024]; }; BOOL bReturn; EXTRAWORK ew; ew.GameType = Starcraft; ew.Length = 4; // should always be four *(DWORD*)&ew.OutBuffer = GetSystemDefaultLangID(); [/code] It's up to [u]you[/u] to figure out how to load it, and call it! Also, here's the catch, [u]you[/u] have to figure out what to pass into OutBuffer for it to work with Diablo II! Make sure HKEY_CURRENT_USER\Software\Battle.net\Optimize\SysDesc (REG_DWORD) is set to 1, or this may not work! For whole source, send $5 via paypal to my paypal address at sjholmstrom@comcast.net. Also, in the future near you; the equivlent of ExtraWork() may also be available in C/C++ code! Complaints? Take a hike. Packet format (id=0x4B): (WORD) Unknown (1) (WORD) Length of data returned by ExtraWork (STRING) Data returned from ExtraWork | June 14, 2004, 6:17 AM |
| TheMinistered | I think blizzard is gay for using the buffer as an in/out parameter anyways. I think blizzard is gay for doing lots of things though, but I guess that's just me! :D | June 14, 2004, 6:51 AM |
| UserLoser. | [quote author=hismajesty[yL] link=board=17;threadid=7248;start=0#msg65206 date=1087230688] I thought it was Maddox and Telos in the beginning, and you and iago. Wow, I'm misinformed. Anyway, didn't you (or somebody else) already explain what 0x4A was for? [/quote] AFAIK, Telos was there for only one function, but I could be wrong. 0x4A responds with various information about your computer, example output: [pre] System Debug Info 1.03 Game: Starcraft CPU: GenuineIntel Type 0 Family F Model 1 Stepping 2 Brand 8 1794 MHz RAM: 511 MB OS: WinNT 5.2 "" Build 3790 DX: 4.09.00.0902 Vid1: Vendor 000010de Device 00000150 "NVIDIA GeForce2 GTS/GeForce2 Pro (Microso ft Corporation)" Aud1: Module "WaveOut 0" Device "Modem #0 Line Playback (emulated)" Aud2: Module "ac97intc.sys" Device "Intel(r) Integrated Audio" [/pre] | June 14, 2004, 4:44 PM |
| Maddox | What is the point of this? | June 14, 2004, 6:07 PM |
| UserLoser. | [quote author=Maddox link=board=17;threadid=7248;start=0#msg65221 date=1087236440] [quote author=UserLoser. link=board=17;threadid=7248;start=0#msg65156 date=1087193844] ew.Length = 4; // should always be four [/quote] Should be ew.Length = sizeof(EXTRAWORK); Also, this is generally referred to as "size," not "length." [/quote] Setting it to not equal 4 (example: 5), would return something like "ERR: Length 5" - that's where we got the "Length" from | June 14, 2004, 6:11 PM |
| Maddox | Well, I looked at the struct again and found out I was incorrect so I edited my post a few seconds later. You're just too quick. | June 14, 2004, 6:23 PM |
| Forged | Why don't you just block the extrawork.dll It is a bad function anyway -_- | June 14, 2004, 7:44 PM |
| TheMinistered | Actually, it could proove useful for further game development. This extrawork.dll lets blizzard know what the majority of the population on battle.net's computer specs are like! Thus, they can target certain cards or certain processors to make optimizations. | June 14, 2004, 8:05 PM |
| Forged | It can also detect what they do while in game i.e memory injections, so it is an effective tool for hack detections. (I think) | June 14, 2004, 10:51 PM |
| kamakazie | Here is my old code combined with this new code that works for all 3 possible GameTypes: Looking at IX86ExtraWork.dll, it doesn't seem to handle GameType = WorldOfWarcraft (4). Where did you get this from? [code] #include <windows.h> #include <iostream> using namespace std; typedef bool (__fastcall *ExtraWorkProc)(void *); enum GameType { Diablo2 = 1, Warcraft3 = 2, Starcraft = 3 }; struct EXTRAWORK { WORD GameType; WORD Length; char OutBuffer[1024]; }; int main() { HINSTANCE hLib; ExtraWorkProc lpfnExtraWork; BOOL bReturn; EXTRAWORK ew; ew.GameType = Starcraft; // Change this to specified GameType ew.Length = 4; if (ew.GameType == Diablo2) { *(DWORD*)&ew.OutBuffer = 0; } else { *(DWORD*)&ew.OutBuffer = GetSystemDefaultLangID(); } hLib = LoadLibrary("IX86ExtraWork.dll"); if (hLib) { lpfnExtraWork = (ExtraWorkProc)GetProcAddress(hLib, "ExtraWork"); if (lpfnExtraWork) { bReturn = (*lpfnExtraWork)(&ew); cout << "ExtraWork returned " << (bReturn?"TRUE":"FALSE") << endl; cout << "GameType: " << ew.GameType << "\t\t" << "Length: " << ew.Length << endl << endl; cout << "Message: " << ew.OutBuffer << endl; } FreeLibrary(hLib); } return 0; } [/code] | June 14, 2004, 11:07 PM |
| UserLoser. | [quote author=Forged link=board=17;threadid=7248;start=0#msg65274 date=1087253494] It can also detect what they do while in game i.e memory injections, so it is an effective tool for hack detections. (I think) [/quote] Nah | June 15, 2004, 1:48 AM |
| BaDDBLooD | Anyone mind explaining the importance of parsing this packet, and how you would go about it in Visual Basic 6.0? | June 15, 2004, 4:08 AM |
| Tuberload | [quote author=BaDDBLooD link=board=17;threadid=7248;start=0#msg65329 date=1087272534] Anyone mind explaining the importance of parsing this packet, and how you would go about it in Visual Basic 6.0? [/quote] Get a reference for C/C++ and then one for VB, and go through the code step by step converting the C/C++ functions to there VB equivalent. I don't think it would be very useful though. | June 15, 2004, 4:11 AM |
| BaDDBLooD | well i don't know c/c++ | June 15, 2004, 4:49 AM |
| Tuberload | [quote author=BaDDBLooD link=board=17;threadid=7248;start=0#msg65334 date=1087274979] well i don't know c/c++ [/quote] The idea with the reference is you can look up what a method does, and then find the method in VB that does the same thing and convert it. If you don’t know C/C++ I would recommend learning the language syntax and getting a basic understanding of it before attempting to convert the code. I don't know C/C++ very well either, but the limited knowledge I do have, and my ability to read has allowed me to convert C/C++ code to Java a number of times. | June 15, 2004, 4:58 AM |
| TheMinistered | This is for all the visual basic users out there! modMain [code] Public Enum GameType Diablo2 = 1 Warcraft3 = 2 Starcraft = 3 WorlfOfWarcraft = 4 End Enum Public Type ExtraWork GameType As Integer Length As Integer OutBuffer(1023) As Byte End Type Public Declare Function GetSystemDefaultLangID Lib "kernel32" () As Integer Public Declare Sub RtlMoveMemory Lib "kernel32" (Destination As Any, Source As Any, ByVal Length As Long) Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal strFilePath As String) As Long Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLib As Long) As Long Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long Private ExtraWorkMarshaller As New clsExtraWorkMarshaller Public Sub Main() Dim lngExtraWork As Long, lngExtraWorkAddress As Long, boolReturn As Boolean Dim ew As ExtraWork lngExtraWork = LoadLibrary("IX86ExtraWork.dll") If (lngExtraWork) Then lngExtraWorkAddress = GetProcAddress(lngExtraWork, "ExtraWork") If (lngExtraWorkAddress) Then ew.GameType = Starcraft ew.Length = 4 If (ew.GameType = Diablo2) Then RtlMoveMemory ByVal VarPtr(ew.OutBuffer(0)), 0, 4 Else RtlMoveMemory ByVal VarPtr(ew.OutBuffer(0)), CLng(GetSystemDefaultLangID), 4 End If boolReturn = ExtraWorkMarshaller.CallExtraWork(lngExtraWorkAddress, VarPtr(ew)) Debug.Print StrConv(ew.OutBuffer, vbUnicode) End If FreeLibrary lngExtraWork Else MsgBox "Failed to load IX86ExtraWork.dll!" End If End Sub [/code] clsExtraWorkMarshaller [code] Option Explicit ' From David Fritts ' ASM corrected by David Fritts ' Class recast by Ulli Private Declare Function GlobalAlloc Lib "kernel32" (ByVal wFlags As Long, ByVal dwBytes As Long) As Long Private Declare Function GlobalFree Lib "kernel32" (ByVal hMem As Long) As Long Private Declare Function GlobalLock Lib "kernel32" (ByVal hMem As Long) As Long Private Declare Function GlobalUnlock Lib "kernel32" (ByVal hMem As Long) As Long Private Type tPD hMem As Long PtrToOldCode As Long End Type Private ProcDetails() As tPD Private VTIndex As Long Private Code As Byte Private CodeSize As Long Private PtrToNewCode As Long Private PtrToMyself As Long Private i As Long Private Sub Class_Initialize() VTIndex = -1 'initialize index into Virtual Table CallExtraWork 0, 0 'this sets up m/c code and modifies the VT End Sub Public Function CallExtraWork(ByVal lngFuncAddress As Long, ByVal lngEwAddress As Long) As Boolean 'this is in fact only called once during class initialize 'subsequent calls are diverted (via the VT) to the m/c code DivertTo "8B442408 8B4C240C FFD0 8B542410 8902 31C0 C21000" End Function Private Sub DivertTo(ByVal HexCode As String) VTIndex = VTIndex + 1 'inc index into VT ReDim Preserve ProcDetails(0 To VTIndex) 'adjust array size HexCode = Replace$(HexCode, " ", "") 'remove spaces from hex code CodeSize = Len(HexCode) / 2 'length of the resulting binary code (2 hex chars per byte of code) With ProcDetails(VTIndex) .hMem = GlobalAlloc(0, CodeSize) 'get memory for m/c code and save handle PtrToNewCode = GlobalLock(.hMem) 'get far pointer to allocated memory For i = 0 To CodeSize - 1 Code = Val("&H" & Mid$(HexCode, i + i + 1, 2)) 'convert hex to binary m/c code RtlMoveMemory ByVal PtrToNewCode + i, Code, 1 'store it in allocated memory Next i .PtrToOldCode = VirtualTableEntry 'save old VT entry; VTIndex determines which entry VirtualTableEntry = PtrToNewCode 'overwrite VT entry; VTIndex determines which entry GlobalUnlock .hMem 'unlock memory End With 'PROCDETAILS(VTINDEX) End Sub Private Property Let VirtualTableEntry(ByVal FarPointer As Long) RtlMoveMemory PtrToMyself, ByVal ObjPtr(Me), 4 'get pointer to object (Me) RtlMoveMemory ByVal PtrToMyself + &H1C + VTIndex * 4, FarPointer, 4 'put VT entry End Property Private Property Get VirtualTableEntry() As Long RtlMoveMemory PtrToMyself, ByVal ObjPtr(Me), 4 'get pointer to object (Me) RtlMoveMemory VirtualTableEntry, ByVal PtrToMyself + &H1C + VTIndex * 4, 4 'get VT entry End Property Private Sub Class_Terminate() For VTIndex = VTIndex To 0 Step -1 'VTIndex still points to the last VT entry overwritten With ProcDetails(VTIndex) VirtualTableEntry = .PtrToOldCode 'restore VT entry; VTIndex determines which entry GlobalFree .hMem 'release memory used for m/c code End With 'PROCDETAILS(VTINDEX) Next VTIndex End Sub [/code] Note: I fixed the CallExtraWork so that it now returns a valid bool statement as to wether or not it succeeded. Thus, anyone who is using the older implementation should update! | June 15, 2004, 5:49 AM |
| kamakazie | Very nice TheMinistered. This thread should probably be archived in the BotDev reference board. Perhaps a section for "potential threads to archive" that are not yet a month old? | June 15, 2004, 6:01 AM |
| UserLoser. | [quote author=BaDDBLooD link=board=17;threadid=7248;start=0#msg65329 date=1087272534] Anyone mind explaining the importance of parsing this packet, and how you would go about it in Visual Basic 6.0? [/quote] Format of 0x4A: (STRING) MPQ name shouldn't be too hard to parse | June 15, 2004, 7:13 AM |
| CoorsLight | to my understanding, isn't ix86extrawork an 'mpq' file? if it's a dll file, where can i find this ix86extrawork.dll ? | June 16, 2004, 2:30 AM |
| LoRd | [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. | June 16, 2004, 2:32 AM |
| GoSuGaMING | [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X | June 17, 2004, 4:17 PM |
| Eibro | [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote]Print the contents of OutBuffer after you call ExtraWork(). | June 17, 2004, 5:17 PM |
| GoSuGaMING | [quote author=Eibro[yL] link=board=17;threadid=7248;start=15#msg65634 date=1087492666] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote]Print the contents of OutBuffer after you call ExtraWork(). [/quote] thanks | June 17, 2004, 6:05 PM |
| LoRd | [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote] .... that's what this entire thread was about. | June 17, 2004, 6:33 PM |
| GoSuGaMING | [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65656 date=1087497199] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote] .... that's what this entire thread was about. [/quote] but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info. | June 17, 2004, 6:55 PM |
| UserLoser. | [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65664 date=1087498508] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65656 date=1087497199] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote] .... that's what this entire thread was about. [/quote] but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info. [/quote] Maybe you should learn how it actually works. | June 17, 2004, 6:58 PM |
| GoSuGaMING | [quote author=UserLoser. link=board=17;threadid=7248;start=15#msg65665 date=1087498716] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65664 date=1087498508] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65656 date=1087497199] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote] .... that's what this entire thread was about. [/quote] but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info. [/quote] Maybe you should learn how it actually works. [/quote] maby because for some reason i didn't even recieve 0x4a my friends arent getting it either and when i packetlogged the client i didnt get it... did bnet remove it? | June 17, 2004, 7:47 PM |
| UserLoser. | [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65685 date=1087501651] [quote author=UserLoser. link=board=17;threadid=7248;start=15#msg65665 date=1087498716] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65664 date=1087498508] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65656 date=1087497199] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote] .... that's what this entire thread was about. [/quote] but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info. [/quote] Maybe you should learn how it actually works. [/quote] maby because for some reason i didn't even recieve 0x4a my friends arent getting it either and when i packetlogged the client i didnt get it... did bnet remove it? [/quote] If you're not recieving it and you're sure your data handler isn't screwing up, then yes; Battle.net "removed" it. Every month or so, they send it for about 1-2 weeks. | June 18, 2004, 4:44 AM |
| GoSuGaMING | [quote author=UserLoser. link=board=17;threadid=7248;start=15#msg65811 date=1087533872] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65685 date=1087501651] [quote author=UserLoser. link=board=17;threadid=7248;start=15#msg65665 date=1087498716] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65664 date=1087498508] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65656 date=1087497199] [quote author=GoSuGaMING link=board=17;threadid=7248;start=15#msg65622 date=1087489063] [quote author=LoRd[nK] link=board=17;threadid=7248;start=15#msg65428 date=1087353159] [quote author=CoorsLight link=board=17;threadid=7248;start=15#msg65427 date=1087353001] where can i find this ix86extrawork.dll ? [/quote] Either inside of IX86ExtraWork.mpq or here. [/quote] eh so how do u display the info :X its kinda pointless if it doesnt do anything :X [/quote] .... that's what this entire thread was about. [/quote] but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info. [/quote] Maybe you should learn how it actually works. [/quote] maby because for some reason i didn't even recieve 0x4a my friends arent getting it either and when i packetlogged the client i didnt get it... did bnet remove it? [/quote] If you're not recieving it and you're sure your data handler isn't screwing up, then yes; Battle.net "removed" it. Every month or so, they send it for about 1-2 weeks. [/quote] whats the point | June 18, 2004, 5:01 AM |
| Lenny | It allows Battle.net to survey the system specs of people using their programs. As you can see where its registry value is stored, its probably to "Optimize" their software..... | June 18, 2004, 5:15 AM |
| Skywing | Note that you also have to trick it into thinking that your timezone and locale place you in North America... | June 18, 2004, 3:20 PM |