[C++] Dynamic SCBW Verbyte Retrieval

Barabajagal · November 20, 2007, 12:18 PM

If you want to hope that they'll not change the way they increment the verbyte, go ahead. I'll hope they don't change how they build AUTH_INFO. Not much difference, I suppose.

brew · November 20, 2007, 02:15 PM

Quote from: Andy on November 20, 2007, 09:46 AM
Except that the versioning system in SC just changed from letters to numbers, and revision number increases had no effect on the verbyte. The patterns above are more than patterns, they're searching for the code that compiles 0x50, which isn't likely to change.

¿que?
Do you mean the revision (1.15b, 1.15c, etc)? The verbyte changes with the minor version.

Quote
I'll just post the patterns

How are they patterns? That's a set way of doing things.
http://pdos.csail.mit.edu/6.828/2006/readings/i386/MOV.htm

Quote
C7 MOV r/m32,imm32 2/2 Move immediate dword to r/m dword

Although i wouldn't be suprised if they start using polymorphic code to form that mov that move's the verbyte value (as in iago's signature) to make drama..

Barabajagal · November 20, 2007, 04:27 PM

1.15b doesn't exist. They switched to numbers. And they're byte patterns. It doesn't matter what they actually are, they're still a pattern of bytes.

brew · November 20, 2007, 05:12 PM

Quote from: Andy on November 20, 2007, 04:27 PM
1.15b doesn't exist.

I was using it as an example.

Quote from: Andy on November 20, 2007, 04:27 PM
They switched to numbers.

as opposed to: vegetables?

Barabajagal · November 20, 2007, 05:58 PM

As opposed to letters. It's 1.15.1 now, not 1.15b

brew · November 20, 2007, 06:17 PM

Quote from: Andy on November 20, 2007, 05:58 PM
As opposed to letters. It's 1.15.1 now, not 1.15b

Oh, i see now. I think that's pretty lame.

Leaky · November 20, 2007, 07:35 PM

follows proper versioning now tho....

major version . minor version . revision

Smarter · November 29, 2007, 08:35 AM

Code Select

public partial class Form1 : Form
    {
        [DllImport("kernel32.dll")]
        public static extern void RtlMoveMemory(object lpvDest, object lpvSource, long cbCopy);
          //VOID 
          //RtlMoveMemory(
          //  IN VOID UNALIGNED  *Destination,
          //  IN CONST VOID UNALIGNED  *Source,
          //  IN SIZE_T  Length
          //  );
        public Form1()
        {
            InitializeComponent();
            string Data;
            long RVal = 0;
            StreamReader sr = new StreamReader("C:\\Program Files\\Starcraft\\Starcraft.exe");
            for (int I = 1; I < Data.Length - 16; I++)
            {
                Regex r = new Regex(Convert.ToChar(0xC7) + Convert.ToChar(0x46) + Convert.ToChar(0x10) + "[a-zA-Z]" + Convert.ToChar(0xC7) +
                Convert.ToChar(0x46) + Convert.ToChar(0x18) + "[a-zA-Z]" + Convert.ToChar(0xC7) + Convert.ToChar(0x46));
                if (r.IsMatch(Data.Substring(Convert.ToInt32(I), 16)))
                {
                    RtlMoveMemory(RVal, Data.Substring(Convert.ToInt32(I) + 3, 4), 4);
                }
            }
            MessageBox.Show("Verbyte: " + RVal);

        }
    }

I attempted to port Andy's code to C#, but it doesn't seem to find the string, although i'm reading it as text, so I belive that'd be why, meh it's a start if anyone wants to finish it? lol

Barabajagal · November 29, 2007, 07:03 PM

"[a-zA-Z]": don't use that. it can be any bytes, not just letters.

Hell-Lord · November 30, 2007, 12:21 AM

Smarter, have a look at the System.Runtime.InteropServices.Marshal class instead of using the rtlMoveMemory API in C#

MyndFyre · November 30, 2007, 02:54 AM

void* does not map to object in C#. Consider System.BitConverter or System.IO.BinaryReader.

Camel · December 02, 2007, 06:10 AM

I'm confused: why do people still think this is a good idea? Searching for the verbyte is only slightly less fallible than hardcoding the values.

If you want to offer forwards compatibility, add an option to support BNLS for verbyte/checkrevision.

Smarter · December 05, 2007, 05:52 AM

Code Select


        public string getVersionByte()
        {
            byte[] data = File.ReadAllBytes(@"C:\Program Files\Starcraft\StarCraft.exe");
            StringBuilder sb = new StringBuilder();
            foreach (byte b in data)
            {
                sb.Append(Convert.ToChar(b));
            }
            Regex r = new Regex(Convert.ToChar(0xC7) + Convert.ToChar(0x46) + Convert.ToChar(0x10) + "...." + Convert.ToChar(0xC7) +
                Convert.ToChar(0x46) + Convert.ToChar(0x18) + "...." + Convert.ToChar(0xC7) + Convert.ToChar(0x46), RegexOptions.IgnoreCase);
            string s = sb.ToString();
            long rval;
            for (int i = 0; i < s.Length; i++)
            {
                if (r.IsMatch(s.Substring(Convert.ToInt32(i) + 3, 16)))
                {
                    rval = Convert.ToInt64(s.Substring(Convert.ToInt32(i) + 3, 4));
                }
            }
            return rval.ToString();
        }

Hmmm, still not working any ideas?

[C++] Dynamic SCBW Verbyte Retrieval

Barabajagal

Barabajagal

Barabajagal

Barabajagal