Battle.net Bot Development | VB Checksum Attempt!!

Author	Message	Time
Minux	Trying to get the Checksum result, makes it down to the bottom but I am getting overflows, any suggestions are appreciated! I am using set values [code] Hash = A=908409264 B=143723687 C=373763967 4 A=A^S B=B^C C=C+A A=A+B MPQName = IX86ver7.mpq And the result Checksum from using CheckRevision.dll = -1345969277 [/code] Modified, it actually performs the checksum now, but not giving the correct number. Original code is here [code] Private Function GetChecksum(ByVal Hash As String, ByVal MPQName As String, ByVal FilePath As String, ByVal FileName1 As String, ByVal FileName2 As String, ByVal FileName3 As String) As Long Dim dwMpqChecksumKeys(7) As Long dwMpqChecksumKeys(0) = &HE7F4CB62 dwMpqChecksumKeys(1) = &HF6A14FFC dwMpqChecksumKeys(2) = &HAA5504AF dwMpqChecksumKeys(3) = &H871FCDC2 dwMpqChecksumKeys(4) = &H11BF6A18 dwMpqChecksumKeys(5) = &HC57292E6 dwMpqChecksumKeys(6) = &H7927D27E dwMpqChecksumKeys(7) = &H2FEC8733 '// First, parse the versionString to name=value pairs and put them '// in the appropriate place Dim values(4) As Long Dim opValueDest(4) As Long Dim opValueSrc1(4) As Long Dim operation(4) As String Dim opValueSrc2(4) As Long Dim hFile As Long, hFileMapping As Long, lpdwBuffer() As Byte Dim dwTotalSize As Long, dwSize As Long, dwBytesRead As Long, dwVariables(4) As Long Dim mpqNum As String mpqNum = Mid(MPQName, InStr(MPQName, ".") - 1, 1) '// Break this apart at the spaces Dim s() As String s = Split(Hash, " ") Dim currentFormula As Integer currentFormula = 0 For i = 0 To UBound(s) Dim thisToken As String thisToken = s(i) '// As long as there is an '=' in the string If InStr(thisToken, "=") Then '// Break it apart at the '=' Dim nameValue() As String nameValue = Split(thisToken, "=") If UBound(nameValue) <> 1 Then CheckSum = &H0: Exit Function Dim variable As Integer variable = getNum(Left(nameValue(0), 1)) Dim value As String value = nameValue(1) '// If it starts with a number, assign that '// number to the appropriate variable If IsNumeric(Left(value, 1)) Then values(variable) = Val(value) Else opValueDest(currentFormula) = variable opValueSrc1(currentFormula) = getNum(Left(value, 1)) operation(currentFormula) = Mid(value, 2, 1) opValueSrc2(currentFormula) = getNum(Mid(value, 3, 1)) currentFormula = currentFormula + 1 End If End If Next i values(0) = values(0) Xor dwMpqChecksumKeys(mpqNum) Dim FileNames(2) As String FileNames(0) = FilePath & FileName1 FileNames(1) = FilePath & FileName2 FileNames(2) = FilePath & FileName3 For i = 0 To 2 Dim RoundedSize As Long RoundedSize = ((FileLen(FileNames(i)) / 1024) * 1024) ReDim lpdwBuffer(1 To RoundedSize) Close #1 Open FileNames(i) For Binary Access Read As #1 Get #1, 1, lpdwBuffer Close #1 Dim j As Long Dim k As Long For j = 1 To RoundedSize Step &H4 values(3) = lpdwBuffer(j) For k = 0 To currentFormula - 1 Select Case operation(k) Case "+" values(opValueDest(k)) = Add(values(opValueSrc1(k)), values(opValueSrc2(k))) GoTo Break2 Case "-" values(opValueDest(k)) = values(opValueSrc1(k)) - values(opValueSrc2(k)) GoTo Break2 Case "^" values(opValueDest(k)) = values(opValueSrc1(k)) Xor values(opValueSrc2(k)) GoTo Break2 Case Else GetChecksum = &H0 Exit Function End Select Break2: Next k Next j Next i GetChecksum = values(2) End Function Private Function getNum(c As String) As Integer c = UCase(c) If c = "S" Then getNum = 3 Else getNum = Asc(c) - Asc("A") End If End Function Private Function Add(ByVal number1 As Long, ByVal number2 As Long) As Long Add = DtoL(CDbl(number1) + CDbl(number2)) End Function Private Function DtoL(ByVal num As Double) As Long While num > &H7FFFFFFF num = num - 4294967296# Wend While num < &H80000000 num = num + 4294967296# Wend DtoL = CLng(num) End Function [/code] Big thanks to iago obviously for making the original Java version of this.	September 24, 2004, 3:35 AM
UserLoser.	Small note, in Yobgul's code, you should remove, comment out, or ignore s++; at the near bottom. This cuts off the first character of the executable's name. Instead of "Starcraft"... it'll be "tarcraft"... Also, you don't need to post the declare functions or constants (this might allow a single post), since those can be found all over	September 24, 2004, 3:47 AM
Zakath	UL, I believe you are in error. Yobgul's code does not cut anything off (just tested this, string was "Game.exe blah blah blah blah").	September 24, 2004, 11:28 PM
iago	Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc. If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.	September 24, 2004, 11:30 PM
Skywing	[quote author=iago link=board=17;threadid=8816;start=0#msg81854 date=1096068617] Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc. If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful. [/quote] BTW, I think Blizzard's implementation has at least 3 crash bugs if the formula is malformed in certain specific ways.	September 24, 2004, 11:37 PM
iago	[quote author=Skywing link=board=17;threadid=8816;start=0#msg81859 date=1096069027] [quote author=iago link=board=17;threadid=8816;start=0#msg81854 date=1096068617] Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc. If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful. [/quote] BTW, I think Blizzard's implementation has at least 3 crash bugs if the formula is malformed in certain specific ways. [/quote] My Java variation will throw an exception and fail on certain conditions, but it's a controlled exception (thrown by me, not by a random failure). I really ought to go back and fix that sometime, but unless Blizzard changes their conventions it's kinda pointless.	September 25, 2004, 12:34 AM
Minux	Actually performs the checksum now, just needs some tweaking to get it to produce the right output I hope. I get [quote] -1648790596 [/quote] Number needed [quote] -1345969277 [/quote] If anyone sees any bugs off hand or anything that might screw up the final checksum other than it being written in VB please don't hesitate to point it out! I still need help making this work correctly, please somebody, anybody. I am not using stolen code like the people asking for help on NLS.dll, I am using an open source reference which was allowed by iago, in case that is stopping you from helping me. :(	September 25, 2004, 11:29 PM
dRAgoN	[code]Private Function DtoL(ByVal num As Double) As Long While num > &H7FFFFFFF num = num - 4294967296# Wend While num < &H80000000 num = num + 4294967296# Wend DtoL = CLng(num) End Function[/code] From my first glance at this, you might run into some problems with the following function. Edit: Set up a while loop with the following and you may see what I mean. While (num > &H7FFFFFFF) Or (num < &H80000000)	September 26, 2004, 6:29 AM

Author

Message

Time

Minux

Trying to get the Checksum result, makes it down to the bottom but I am getting overflows, any suggestions are appreciated!

I am using set values
[code]
Hash = A=908409264 B=143723687 C=373763967 4 A=A^S B=B^C C=C+A A=A+B
MPQName = IX86ver7.mpq

And the result Checksum from using CheckRevision.dll = -1345969277
[/code]

Modified, it actually performs the checksum now, but not giving the correct number.

Original code is here

[code]
Private Function GetChecksum(ByVal Hash As String, ByVal MPQName As String, ByVal FilePath As String, ByVal FileName1 As String, ByVal FileName2 As String, ByVal FileName3 As String) As Long

Dim dwMpqChecksumKeys(7) As Long

dwMpqChecksumKeys(0) = &HE7F4CB62
dwMpqChecksumKeys(1) = &HF6A14FFC
dwMpqChecksumKeys(2) = &HAA5504AF
dwMpqChecksumKeys(3) = &H871FCDC2
dwMpqChecksumKeys(4) = &H11BF6A18
dwMpqChecksumKeys(5) = &HC57292E6
dwMpqChecksumKeys(6) = &H7927D27E
dwMpqChecksumKeys(7) = &H2FEC8733

'// First, parse the versionString to name=value pairs and put them
'// in the appropriate place
Dim values(4) As Long
Dim opValueDest(4) As Long
Dim opValueSrc1(4) As Long
Dim operation(4) As String
Dim opValueSrc2(4) As Long
Dim hFile As Long, hFileMapping As Long, lpdwBuffer() As Byte
Dim dwTotalSize As Long, dwSize As Long, dwBytesRead As Long, dwVariables(4) As Long

Dim mpqNum As String
mpqNum = Mid(MPQName, InStr(MPQName, ".") - 1, 1)

'// Break this apart at the spaces
Dim s() As String
s = Split(Hash, " ")
Dim currentFormula As Integer
currentFormula = 0
For i = 0 To UBound(s)

Dim thisToken As String
thisToken = s(i)
'// As long as there is an '=' in the string
If InStr(thisToken, "=") Then
'// Break it apart at the '='
Dim nameValue() As String
nameValue = Split(thisToken, "=")

If UBound(nameValue) <> 1 Then CheckSum = &H0: Exit Function

Dim variable As Integer
variable = getNum(Left(nameValue(0), 1))

Dim value As String
value = nameValue(1)

'// If it starts with a number, assign that
'// number to the appropriate variable

If IsNumeric(Left(value, 1)) Then
values(variable) = Val(value)
Else
opValueDest(currentFormula) = variable

opValueSrc1(currentFormula) = getNum(Left(value, 1))
operation(currentFormula) = Mid(value, 2, 1)
opValueSrc2(currentFormula) = getNum(Mid(value, 3, 1))

currentFormula = currentFormula + 1

End If
End If
Next i

values(0) = values(0) Xor dwMpqChecksumKeys(mpqNum)

Dim FileNames(2) As String
FileNames(0) = FilePath & FileName1
FileNames(1) = FilePath & FileName2
FileNames(2) = FilePath & FileName3

For i = 0 To 2

Dim RoundedSize As Long

RoundedSize = ((FileLen(FileNames(i)) / 1024) * 1024)

ReDim lpdwBuffer(1 To RoundedSize)

Close #1

Open FileNames(i) For Binary Access Read As #1

Get #1, 1, lpdwBuffer

Close #1

Dim j As Long
Dim k As Long

For j = 1 To RoundedSize Step &H4

values(3) = lpdwBuffer(j)

For k = 0 To currentFormula - 1

Select Case operation(k)
Case "+"
values(opValueDest(k)) = Add(values(opValueSrc1(k)), values(opValueSrc2(k)))
GoTo Break2

Case "-"
values(opValueDest(k)) = values(opValueSrc1(k)) - values(opValueSrc2(k))
GoTo Break2

Case "^"
values(opValueDest(k)) = values(opValueSrc1(k)) Xor values(opValueSrc2(k))
GoTo Break2

Case Else
GetChecksum = &H0
Exit Function
End Select

Break2:

Next k
Next j

Next i

GetChecksum = values(2)

End Function

Private Function getNum(c As String) As Integer
c = UCase(c)
If c = "S" Then
getNum = 3
Else
getNum = Asc(c) - Asc("A")
End If
End Function

Private Function Add(ByVal number1 As Long, ByVal number2 As Long) As Long
Add = DtoL(CDbl(number1) + CDbl(number2))
End Function

Private Function DtoL(ByVal num As Double) As Long
While num > &H7FFFFFFF
num = num - 4294967296#
Wend
While num < &H80000000
num = num + 4294967296#
Wend
DtoL = CLng(num)
End Function
[/code]

Big thanks to iago obviously for making the original Java version of this.

September 24, 2004, 3:35 AM

UserLoser.

Small note, in Yobgul's code, you should remove, comment out, or ignore s++; at the near bottom. This cuts off the first character of the executable's name. Instead of "Starcraft"... it'll be "tarcraft"... Also, you don't need to post the declare functions or constants (this might allow a single post), since those can be found all over

September 24, 2004, 3:47 AM

Zakath

UL, I believe you are in error. Yobgul's code does not cut anything off (just tested this, string was "Game.exe blah blah blah blah").

September 24, 2004, 11:28 PM

iago

Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc.

If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.

September 24, 2004, 11:30 PM

Skywing

[quote author=iago link=board=17;threadid=8816;start=0#msg81854 date=1096068617]
Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc.

If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.
[/quote]
BTW, I think Blizzard's implementation has at least 3 crash bugs if the formula is malformed in certain specific ways.

September 24, 2004, 11:37 PM

iago

[quote author=Skywing link=board=17;threadid=8816;start=0#msg81859 date=1096069027]
[quote author=iago link=board=17;threadid=8816;start=0#msg81854 date=1096068617]
Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc.

If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.
[/quote]
BTW, I think Blizzard's implementation has at least 3 crash bugs if the formula is malformed in certain specific ways.
[/quote]

My Java variation will throw an exception and fail on certain conditions, but it's a controlled exception (thrown by me, not by a random failure). I really ought to go back and fix that sometime, but unless Blizzard changes their conventions it's kinda pointless.

September 25, 2004, 12:34 AM

Minux

Actually performs the checksum now, just needs some tweaking to get it to produce the right output I hope.

I get
[quote]
-1648790596
[/quote]

Number needed
[quote]
-1345969277
[/quote]

If anyone sees any bugs off hand or anything that might screw up the final checksum other than it being written in VB please don't hesitate to point it out!

I still need help making this work correctly, please somebody, anybody. I am not using stolen code like the people asking for help on NLS.dll, I am using an open source reference which was allowed by iago, in case that is stopping you from helping me. :(

September 25, 2004, 11:29 PM

dRAgoN

[code]Private Function DtoL(ByVal num As Double) As Long
While num > &H7FFFFFFF
num = num - 4294967296#
Wend
While num < &H80000000
num = num + 4294967296#
Wend
DtoL = CLng(num)
End Function[/code]

From my first glance at this, you might run into some problems with the following function.

Edit: Set up a while loop with the following and you may see what I mean.
While (num > &H7FFFFFFF) Or (num < &H80000000)

September 26, 2004, 6:29 AM

Valhalla Legends Forums Archive | Battle.net Bot Development | VB Checksum Attempt!!