Valhalla Legends Archive

Well it dropped, just like Blizzard said.
Anyways:
Game: Diablo II, Diablo II: Lord of Destruction
Version: 1.13c
VerByte: 0x0D
Patch Log:
--------------------------------------------------------------------------
- Patch 1.13c
--------------------------------------------------------------------------

    A new Mystery has been revealed!

- Adventurers of Sanctuary are hereby warned once again, that a new challenge
 awaits you. Within Diablo's Bosses, spanning across the world from the
 ancient Monastery Catacombs to the Throne of Destruction, is where you'll
 find what you seek...


    Major Bugs
   
- Fixed an item dupe bug.
- Video improvements for Intel Mac machines with OS 10.5 or greater.
- Fixed an issue where some players could kill other players while in town
 ("TPPK").
- Fixed an issue where some players could disconnect other players when
 they had too many active states.
- Fixed two issues where players could stack auras in an unintended way.


    Minor Bugs
   
- Uber Mephisto now checks for both Uber Baal and Uber Diablo to be killed
 before spawning summoned minions (Before he would only check for Uber Baal).
- The game will no longer stop and then restart the game music after the
 window loses and then regains focus.
- Fixed an issue where the game window would minimize when running in
 windowed mode when it lost focus.
- Fixed an issue where the game window wouldn't center properly when it
 was created.
- Fangskin should now properly drop loot in Hell difficulty.
- Fixed an issue where auras were not re-applied to your mercenary after
 it was resurrected.
- Fixed an issue where if you had two items which provided auras to
 a mercenary and you unequipped one, the aura from the remaining
 item never became active.
- Fixed an issue where the Paladin class runeword 'Principle' wasn't
 having all of its stats applied properly.
- Fixed an issue where the Paladin's Charge ability would become locked
 out if Holy Shield faded while charging.
- Fixed an issue where the Barbarian's Leap ability could become locked
 out if they were hit when they started to leap.


    Specific changes/improvements    

- Respecialization is now possible! Completing the 'Den of Evil' quest
 will now additionally reward 1 free respec which can be saved. Players
 who have already completed this quest should receive 1 free respec in
 Hell difficulty.
- Increased the drop rate of high runes.
- Support for blit scaling in windowed mode. The game can now be
 maximized to the largest 4:3 resolution supported (hooray widescreen users).
- Some rare drop items now have an orange color. i.e. Runes and items
 required for Uber Tristam.
- Modified the gold bank limit to be a flat cap not bound by level.
- Removed the requirements to create a hardcore character.
- Greatly reduced the explosion damage dealt by Fire Enchanted monsters.
- Uber Mephisto and Uber Baal's summoned minions no longer give experience.
- Removed Oblivion Knight's Iron Maiden curse.
- Hellfire Torch Firestorm proc rate has been reduced to 5%.
- Users can now toggle the display of text over the Health and Mana
 globes by clicking on the bottom area of each orb.
- When creating a single player game, each difficulty button is now bound
 to a unique key: Normal 'R', Nightmare 'N', and Hell 'H'.
- The 'Enter Chat' Button in the battle.net waiting room is now
 bound to the 'Enter' key.
- Added the windows system buttons to the game window (MIN, MAX, CLOSE).
- Added new command line parameter '-nofixaspect' which allows users to
 not fix the aspect ratio to 4:3 when maximizing in windowed mode.
 This lets the game 'stretch' to fill your monitor.
- Added support for '-sndbkg' command line switch. This enables sound
 in background.
- Added the following aliases for pre-existing command line options,
 '-nosound', '-window', and '-windowed'.


    Revised Skill balance for Player Character classes


    Amazon
   
- Immolation Arrow - Increased radius of Explosion effect by 33% and
 Immolation effect by 50%.
- Immolation Arrow - Explosion effect damage increased by 20%.
- Immolation Arrow - Increased base duration by 33%.


    Assassin

- Dragon Claw - Synergy receives 4% additional damage per point of Claw Mastery.
- Dragon Talon - The bonus to Attack Rating per point has been increased to 35.
- Shadow Master - Increased resistance range per point from 5-80 to 5-90.
- Combo points awarded by combo moves now last 15 seconds, up from 9.


    Barbarian
   
- Whirlwind - Reduced initial mana cost by 50%.
- Masteries - Changed critical strike chance from 0-25 to 0-35.


    Paladin
   
- Blessed Hammer - No longer ignores resistances of undead and demons.


    Druid
   
- Werebear - Damage bonus increased by 15% across all ranks.
- Werebear - Increased health by 25% and armor by 1% per point.
- Shockwave - Synergy from Maul adds 5% damage per point.


    Necromancer
   
- Blood Golem - Removed negative shared life effect (player no longer
 loses life when the golem takes damage).
- Corpse Explosion - Increased base damage dealt from 60% - 100%
 to 70% - 120% of corpses health.
- Poison Nova - Increased base damage by 15%.


    Sorceress
   
- Firewall - Synergy receives 1% damage per point of Inferno and
 4% per point of Warmth.
- Blaze - Synergy receives 1% damage per point of Firewall
 and 4% per point of Warmth.
- Hydra - Increased base damage by 15% per rank.
- Hydra - Increased base speed of Hydra projectile.
- Hydra - Reduced cooldown by 25%.
I have IDA going and testing some cool new 'WTF CHANGED!?!' plugins. (Function difference plugins)

Anyways, chat protocol wise, nothing changed.

Just some old packet handlers I found in Battle.snp whilst I was looking around.
0x17, Read memory addresses?
S->C:
  (UInt32) Cookie
  (UInt32) Address
  (UInt32) Length
C->S:
  (UInt32) Cookie
  (Void) Memory segment?
int __usercall Recv_SID_0x17<eax>(int PacketDataLength<ecx>, int PacketData<eax>)
{
  unsigned int v2; // edi@3
  const void *v3; // esi@3
  UINT v4; // ST10_4@3
  const void *v5; // ST0C_4@3
  int v6; // [sp+4h] [bp-4h]@3
  int v7; // [sp+0h] [bp-8h]@4

  if ( PacketData )
  {
    if ( (unsigned int)PacketDataLength >= 0xC )
    {
      v3 = *(const void **)(PacketData + 4);
      v2 = *(_DWORD *)(PacketData + 8);
      v4 = *(_DWORD *)(PacketData + 8);
      v5 = *(const void **)(PacketData + 4);
      v6 = *(_DWORD *)PacketData;
      PacketData = IsBadReadPtr(v5, v4);
      if ( !PacketData )
      {
        PacketData = SMemAlloc(v2 + 4, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3082, PacketData);
        v7 = PacketData;
        if ( PacketData )
        {
          *(_DWORD *)PacketData = v6;
          memcpy((void *)(PacketData + 4), v3, v2);
          SendBNCSPacket(v2 + 4, 23, PacketData);
          PacketData = storm_403(v7, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3089, 0);
        }
      }
    }
  }
  return PacketData;
}0x20, No clue, didn't poke past the initial handler.
void *__usercall Recv_SID_0x20<eax>(int PacketDataLength<ecx>, void *PacketData<eax>)
{
  void *v2; // [sp+Ch] [bp-4h]@4
  char *v3; // [sp+0h] [bp-10h]@4
  int v4; // [sp+4h] [bp-Ch]@4
  signed int v5; // [sp+8h] [bp-8h]@4

  if ( PacketData )
  {
    if ( (unsigned int)PacketDataLength >= 1 )
    {
      if ( dword_19044E0C )
      {
        v2 = PacketData;
        v3 = &GameStaps;
        v4 = 0;
        v5 = 4;
        PacketData = sub_19017810(6, (int)&v3, 16, (int)&v3, (int)&v2);
      }
      else
      {
        PacketData = (void *)sub_19020610(&GameStaps, (int)&GameStaps, (int)PacketData);
      }
    }
  }
  return PacketData;
}
void *__stdcall sub_19017810(int a1, int a2, int a3, int a4, int a5)
{
  void *result; // eax@11
  int v6; // ebx@11
  unsigned int v7; // edi@11
  unsigned int v8; // esi@11
  void *v9; // edx@13
  int v10; // ecx@13
  int v11; // esi@13
  int v12; // eax@16
  int *v13; // eax@22
  unsigned int v14; // eax@11
  int v15; // eax@12
  int v16; // edx@12
  void *v17; // edi@15
  char v18; // al@15
  unsigned int v19; // ecx@15
  char *v20; // esi@16
  int v21; // edi@16
  int v22; // eax@16
  unsigned int v23; // ecx@16
  const void *v24; // esi@16
  void *v25; // edi@16
  char v26; // zf@16
  int v27; // eax@23
  int v28; // ecx@23
  char *v29; // [sp+18h] [bp-4h]@2
  char *v30; // [sp+14h] [bp-8h]@5
  unsigned int v31; // [sp+10h] [bp-Ch]@11
  unsigned int v32; // [sp+Ch] [bp-10h]@11

  if ( a4 )
    v29 = *(char **)a4;
  else
    v29 = 0;
  if ( a5 )
    v30 = *(char **)a5;
  else
    v30 = 0;
  if ( !v29 )
    v29 = &GameStaps;
  if ( !v30 )
    v30 = &GameStaps;
  v7 = strlen(v29);
  v31 = v7;
  v14 = strlen(v30);
  v8 = v14;
  v32 = v14;
  result = (void *)SMemAlloc(16, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3395, 0);
  v6 = (int)result;
  if ( result )
  {
    v15 = a3;
    v16 = a1;
    *(_DWORD *)(v6 + 8) = a3;
    *(_DWORD *)v6 = v16;
    result = (void *)SMemAlloc(v7 + v8 + v15 + 2, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3402, 0);
    *(_DWORD *)(v6 + 4) = result;
    if ( result )
    {
      v10 = a3;
      v9 = (char *)result + a3;
      a3 += (int)(result + v7 + 1);
      v11 = a2;
      if ( a2 )
      {
        if ( v10 )
        {
          v17 = result;
          v18 = v10;
          v19 = (unsigned int)v10 >> 2;
          memcpy(v17, (const void *)a2, 4 * v19);
          memcpy((char *)v17 + 4 * v19, (const void *)(v11 + 4 * v19), v18 & 3);
          v7 = v31;
        }
      }
      memcpy(v9, v29, v7 + 1);
      v20 = v30;
      v21 = a3;
      v22 = v32 + 1;
      v23 = (v32 + 1) >> 2;
      memcpy((void *)a3, v30, 4 * v23);
      v24 = &v20[4 * v23];
      v25 = (void *)(v21 + 4 * v23);
      LOBYTE(v23) = v22;
      v12 = a4;
      v26 = a4 == 0;
      memcpy(v25, v24, v23 & 3);
      if ( !v26 )
      {
        if ( *(_DWORD *)v12 )
          *(_DWORD *)(*(_DWORD *)(v6 + 4) - a2 + v12) = v9;
      }
      if ( a5 )
      {
        if ( *(_DWORD *)a5 )
          *(_DWORD *)(*(_DWORD *)(v6 + 4) - a2 + a5) = a3;
      }
      EnterCriticalSection(&unk_19046824);
      v13 = &dword_19045500;
      if ( dword_19045500 )
      {
        do
        {
          v27 = *v13;
          v28 = *(_DWORD *)(v27 + 12);
          v13 = (int *)(v27 + 12);
        }
        while ( v28 );
      }
      *v13 = v6;
      *(_DWORD *)(v6 + 12) = 0;
      LeaveCriticalSection(&unk_19046824);
      result = dword_19045610;
      if ( dword_19045610 )
        result = (void *)PostMessageA(dword_19045610, 0x469u, 0, 0);
    }
  }
  return result;
}
BOOL __stdcall sub_19020610(char *Source, int a2, int a3)
{
  int v3; // eax@1
  int v4; // esi@1

  EnterCriticalSection(&unk_190466F0);
  v3 = SMemAlloc(772, "Starcraft\\Storm\\SNPs\\Battle\\Spi.cpp", 1027, 0);
  v4 = v3;
  if ( v3 )
  {
    strncpy((char *)v3, Source, 0x80u);
    strncpy((char *)(v4 + 128), (const char *)a2, 0x80u);
    strncpy((char *)(v4 + 256), (const char *)a3, 0x200u);
    *(_BYTE *)(v4 + 127) = 0;
    *(_BYTE *)(v4 + 255) = 0;
    *(_BYTE *)(v4 + 767) = 0;
    sub_19002E30();
  }
  LeaveCriticalSection(&unk_190466F0);
  return SetEvent(hEvent);
}
0x24, Something to do with just echoing cookies back and forth?int __usercall Recv_SID_0x24<eax>(int PacketData<eax>, unsigned int PacketDataLength<ecx>)
{
  int v2; // eax@3
  char *v3; // edx@3
  char *v4; // eax@5
  char *v5; // eax@7
  _BYTE *v6; // esi@7
  int v7; // eax@9
  _BYTE *v8; // ecx@9
  int v9; // esi@9
  int v10; // ecx@3
  char v11; // cl@4
  char v12; // cl@6
  int v13; // eax@7
  char v14; // cl@8
  char v15; // dl@10
  int v16; // [sp+4h] [bp-204h]@3
  int OutPacketData; // [sp+0h] [bp-208h]@3
  char v18; // [sp+8h] [bp-200h]@3
  _BYTE v19[511]; // [sp+9h] [bp-1FFh]@7

  if ( PacketData )
  {
    if ( PacketDataLength >= 9 )
    {
      v10 = *(_DWORD *)PacketData;
      v16 = *(_DWORD *)(PacketData + 4);
      v2 = PacketData + 8;
      OutPacketData = v10;
      v3 = &v18 - v2;
      do
      {
        v11 = *(_BYTE *)v2;
        v3[v2] = *(_BYTE *)v2;
        ++v2;
      }
      while ( v11 );
      v4 = &v18;
      do
        v12 = *v4++;
      while ( v12 );
      v13 = v4 - v19;
      v6 = &v19[v13];
      storm_422("Cookies", &v18, 2, &v19[v13], 256);
      v5 = &v18;
      do
        v14 = *v5++;
      while ( v14 );
      v8 = v6;
      v7 = v5 - v19;
      v9 = (int)(v6 + 1);
      do
        v15 = *v8++;
      while ( v15 );
      PacketData = SendBNCSPacket((int)(&v8[v7 + 10] - v9), 0x24u, (int)&OutPacketData);
    }
  }
  return PacketData;
}
Just a random thing. Also found some cool stuff about SC Leagues, did they ever actually make any public ones? As well as the Warden/Crev handlers
AND! A like 4 server side exploits to '0wnzorz our b0xzorz'
Anyone know any more of what these do? Like I said they all had no time put into them because I was doing other things.

uint32_t test(){
  return 0;
}

void main()
  uint32_t x = &test;
}
Is there any reason why x would not equal the address of test()?
I am trying to copy a function to another segment of memory, but & is giving me invalid results.

Yes, that is my entire code at this point, I may jsut be having a major brain lapse. But when I debug this program, x = 0x1002e185, test() = 0x100318c0

Well I decided I wanted to do MD5 verification of Warden modules, but then relized that I 1) Had no implementation of it in C, and 2) All the code I found online was really really fucking ugly. (Exa: here MD5STEP WTFUX?)

So I did a bit of research and realized that MD5 is damn near SHA1 [Makes sense as it's its predecessor].
So a bit of cleaning up I ended up with this:
#ifndef MD5_H
#define MD5_H

#include "stdint.h"
#include "math.h"

#ifndef _MD5_enum_
#define _MD5_enum_
enum{
    md5_success = 0,
    md5_null,            /* Null pointer parameter */
    md5_input_too_long,  /* input data too long */
    md5_state_error      /* called Input after Result */
};
#endif
#define md5_hash_size 16

/* Data structure for MD5 (Message Digest) computation */
typedef struct {
  uint32_t i[2];       /* number of _bits_ handled mod 2^64 */
  uint32_t buf[4];     /* scratch buffer */
  uint8_t  in[64];     /* input buffer */
  uint8_t  digest[16]; /* actual digest after MD5Final call */
} MD5_CTX;

typedef struct md5_context{
  uint32_t      intermediate_hash[md5_hash_size / 4]; /* Message Digest                   */
  uint32_t      length_low;                           /* Message length in bits           */
  uint32_t      length_high;                          /* Message length in bits           */
  int_least16_t message_block_index;                  /* Index into message block array   */
  uint8_t       message_block[64];                    /* 512-bit message blocks           */
  uint8_t       computed;                             /* Is the digest computed?          */
  uint8_t       corrupted;                            /* Is the message digest corrupted? */
} md5_context;

int __stdcall md5_reset(md5_context *);
int __stdcall md5_input(md5_context *, const uint8_t *, uint32_t);
int __stdcall md5_digest(md5_context *, uint8_t *);
int __stdcall md5_verify_data(uint8_t *, uint32_t, const uint8_t *);

#endif#include "md5.h"

void md5_process_message_block(md5_context *);

#define md5_batoi(ba, i) \
  ((ba[i+3] << 24) | (ba[i+2] << 16) | (ba[i+1] << 8) | ba[i])

#define md5_rol(word, bits) \
    (((word) << (bits)) | ((word) >> (32-(bits))))


#define md5_itoba(a, ba, i) \
  (ba[i+3] = (uint8_t)(a >> 24)); (ba[i+2] = (uint8_t)(a >> 16)); (ba[i+1] = (uint8_t)(a >> 8)); (ba[i] = (uint8_t)a);

uint32_t md5_math(uint16_t t, uint32_t B, uint32_t C, uint32_t D){
  if(t < 16)      return (D ^ (B & (C ^ D)));
  else if(t < 32) return (C ^ (D & (B ^ C)));
  else if(t < 48) return (B ^ C ^ D);
  else            return (C ^ (B | ~D));
}
uint16_t md5_index(uint16_t t){
  if(t < 16)      return t;
  else if(t < 32) return (5 * t + 1) % 16;
  else if(t < 48) return (3 * t + 5) % 16;
  else            return (7 * t)     % 16;
}
uint16_t md5_shift(uint16_t t){
  if(t < 16)      return (((t % 4) + 1) * 5 + 2);
  else if(t < 32) return (t % 4 == 0 ? 5 : (t % 4 == 1 ?  9 : (t % 4 == 2 ? 14 : 20)));
  else if(t < 48) return (t % 4 == 0 ? 4 : (t % 4 == 1 ? 11 : (t % 4 == 2 ? 16 : 23)));
  else            return (t % 4 == 0 ? 6 : (t % 4 == 1 ? 10 : (t % 4 == 2 ? 15 : 21)));
}

int __stdcall md5_reset(md5_context *ctx){
  uint8_t x = 0;
 
  if(!ctx)
    return md5_null;

  ctx->length_low  = 0;
  ctx->length_high = 0;
  ctx->computed    = 0;
  ctx->corrupted   = 0;
  ctx->message_block_index = 0;

  for(x = 0; x < 64; x++)
    ctx->message_block[x] = 0;
 
  ctx->intermediate_hash[0] = 0x67452301;
  ctx->intermediate_hash[1] = 0xEFCDAB89;
  ctx->intermediate_hash[2] = 0x98BADCFE;
  ctx->intermediate_hash[3] = 0x10325476;

  return md5_success;
}
int __stdcall md5_input(md5_context *ctx, const uint8_t *data, uint32_t length){
  uint32_t x;
  if(!length)
    return md5_success;

  if(!ctx || !data)
    return md5_null;

  if(ctx->computed){
    ctx->corrupted = md5_state_error;
    return md5_state_error;
  }

  for(x = 0; x < length; x++){
    ctx->message_block[ctx->message_block_index++] = (data[x] & 0xFF);
    ctx->length_low += 8;

    if (ctx->length_low == 0){
      ctx->length_high++;
      if(ctx->length_high == 0){
        ctx->corrupted = md5_input_too_long;
        return md5_input_too_long;
      }
    }

    if(ctx->message_block_index == 64)
      md5_process_message_block(ctx);
  }
  return md5_success;
}
int __stdcall md5_digest(md5_context *ctx, uint8_t *digest){
  int i;

  if (!ctx || !digest)
    return md5_null;

  if (ctx->corrupted)
    return ctx->corrupted;

  if (!ctx->computed){
    if (ctx->message_block_index > 55){
      ctx->message_block[ctx->message_block_index++] = 0x80;
 
      while(ctx->message_block_index < 64)
        ctx->message_block[ctx->message_block_index++] = 0;
   
      md5_process_message_block(ctx);
    }else{
      ctx->message_block[ctx->message_block_index++] = 0x80;
    }
 
    while(ctx->message_block_index < 56)
      ctx->message_block[ctx->message_block_index++] = 0;

    md5_itoba(ctx->length_high, ctx->message_block, 60);
    md5_itoba(ctx->length_low,  ctx->message_block, 56);
   
    md5_process_message_block(ctx);
   
    ctx->length_low  = 0;
    ctx->length_high = 0;
    ctx->computed    = 1;
  }

  for(i = 0; i < 4; i++){
    md5_itoba(ctx->intermediate_hash[i], digest, i * 4);
  }

  return md5_success;
}

void md5_process_message_block(md5_context *ctx){
  uint16_t t;          /* Loop counter        */
  uint32_t temp;       /* Temporary word value*/
  uint32_t W[16];      /* Word sequence       */
  uint32_t A, B, C, D; /* Word buffers        */
  const uint32_t K[] = { /* K = floor(abs(sin(x+1) & (2 pow 32))) */
    0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
    0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
    0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8,
    0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
    0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
    0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
    0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
    0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
  };

  for(t = 0; t < 16; t++)
    W[t] = md5_batoi(ctx->message_block, t * 4);
   
  A = ctx->intermediate_hash[0];
  B = ctx->intermediate_hash[1];
  C = ctx->intermediate_hash[2];
  D = ctx->intermediate_hash[3];

  for(t = 0; t < 64; t++){
    temp = B + md5_rol((A + md5_math(t, B, C, D) + W[md5_index(t)] + K[t]), md5_shift(t));
    A = D;
    D = C;
    C = B;
    B = temp;
  }

  ctx->intermediate_hash[0] += A;
  ctx->intermediate_hash[1] += B;
  ctx->intermediate_hash[2] += C;
  ctx->intermediate_hash[3] += D;

  ctx->message_block_index = 0;
}

int __stdcall md5_verify_data(uint8_t *data, uint32_t length, const uint8_t *correct_md5){
md5_context ctx;
uint8_t digest[16];
uint32_t x;
  md5_reset(&ctx);
md5_input(&ctx, data, length);
md5_digest(&ctx, digest);

  if(!correct_md5)
return 0;

for(x = 0; x < 16; x++){
if(digest[x] != correct_md5[x])
return 0;
}

return 1;
}

Note, its not perfect [it works 100% but meh] Its not efficient, its not as clean as it could be, but hey, It looks better then the MD5STEP crap.

If anyone has suggestions on ways to make it cleaner/better ive it a shout.
I really want to replace that block of ints, but C dosen't like doing 64-bit math.
To gen K it looks like this:
for(int x = 0; x < 64; x++)
  K[x] = floor(asb(((uint64_t)sin(x + 1)) << 32))

So, Self Modifying Code. That or inline compileing.
To get to the point i'm doing checkrevision. I'm trying to find a efficient way of doing it. Right now i'd doing like what everyone else has. Strip out the values for ABC, and the operations {^-+/*} And then i have a big switch statement in the main loop. Thats eww.
So I was thinking, I *could* modify the code at runtime by writing over it in memory. But then there's a problem. What exactly should I write?
Arnt the math operations different depending on what platform you're compiled on?
psudo code:
void doMath(uint32_t S){
  A += S;
  B += C;
  C += A;
  A += B;
}

switch(operator1){
  case '-': WriteMemory(&doMath + 1, THE_SUB_ASM_BYTE, 1); break;
  case '+': WriteMemory(&doMath + 1, THE_ADD_ASM_BYTE, 1); break;
  case '^': WriteMemory(&doMath + 1, THE_XOR_ASM_BYTE, 1); break;
}
switch(operator2){
  case '-': WriteMemory(&doMath + 5, THE_SUB_ASM_BYTE, 1); break;
  case '+': WriteMemory(&doMath + 5, THE_ADD_ASM_BYTE, 1); break;
  case '^': WriteMemory(&doMath + 5, THE_XOR_ASM_BYTE, 1); break;
}

for(x = 0; x < data.lenth, x += 4){
  doMath((uint32_t*)(&data+x));
}

The other idea would be runtime compiling.
void doMath(uint32_t S){
  /* like 10 operations worth of NOPs */
}

sIn = "A=A^S B=B-C C=C+A A=A+B";
code = Compile(sIn);
WriteMemory(&doMath, code, len(code));
for(x = 0; x < data.lenth, x += 4){
  doMath((uint32_t*)(&data+x));
}

Im jsut kinda ranting here but if you have suggestions feel free to post.
Also, if anyone has a high resolution timer in C I can snag that'd be great {I wana time some functions}


DWORD WINAPI SFileGetFileSizeHook(IN HANDLE hFile, OUT DWORD *dwSize){
  SFileGetFileSizeType OldFn = (SFileGetFileSizeType)STRMHook.Functions[STRM_SFileGetFileSize].OrigFn;
  BOOL ret = OldFn(hFile, dwSize);
  fprintf(log, "SFileGetFileSize(0x%p, %d) = %d\n", hFile, dwSize, ret);
  return ret;
}

BOOL WINAPI SFileOpenFileHook(IN LPCSTR lpFileName, OUT HANDLE *lphFile){
  SFileOpenFileType OldFn = (SFileOpenFileType)STRMHook.Functions[STRM_SFileOpenFile].OrigFn;
  BOOL ret = OldFn(lpFileName, lphFile);
  fprintf(log, "SFileOpenFile(%s, 0x%p)\n", lpFileName, &lphFile);
  return ret;
}

BOOL WINAPI SFileReadFileHook(HANDLE hFile, void *lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *lpNumberOfBytesRead, OUT OVERLAPPED *lpOverlap){

  SFileReadFileType OldFn = (SFileReadFileType)STRMHook.Functions[STRM_SFileReadFile].OrigFn;
  BOOL ret = OldFn(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlap);
  fprintf(log, "SFileReadFile(0x%p, 0x%p, %d, %d)\n", hFile, lpBuffer, nNumberOfBytesToRead, &lpNumberOfBytesRead);
  fprintf(log, "\tEvent: %d\n", &lpOverlap->hEvent);
  fprintf(log, "\tOffset: 0x%p%p\n", &lpOverlap->OffsetHigh, &lpOverlap->Offset);
  fprintf(log, "\tInternal: 0x%p%p\n", &lpOverlap->InternalHigh, &lpOverlap->Internal);
  }
  return ret;
}
BOOL WINAPI SFileCloseFileHook(IN HANDLE hFile){
  fprintf(log, "SFileCloseFile(0x%p)\n", &hFile);
  SFileCloseFileType OldFn = (SFileCloseFileType)STRMHook.Functions[STRM_SFileCloseFile].OrigFn;
  return OldFn(hFile);
}


QuoteSFileOpenFileEx(0x0012FAB4, font\font.ccd, 0x00000000, 0x0012FACC)
SFileGetFileSize(0x003D007C, 0) = 72
SFileReadFile(0x003D007C, 0x00820088, 72, 1243832)
Event: 16
Offset: 0x0000000C00000008
Internal: 0x0000000400000000
SFileCloseFile(0x0012FABC)

Note how the File handle changes from 0x0012FACC -> 0x003D007C -> 0x0012FABC, and I don't think i'm printing the struct out correctly

Its probably a obvious mistake that I jsut need someone to point out to me.
This is simple IAT redirecting no biggie.

I've sucessfully hijacked SReg* to make it 'portable' I'm working on killing the god forsaken MPQs now.

New patch.
Games: Diablo II, Diablo II:LOD
Version: 1.12a


I'll post the patch log/verbyte as soon as my dammen mini image starts working.

Does anyone have any suggestions on how I can make a 'persistent' dll?
What I mean is a situation like this:
I inject my dll into ProcessA
ProcessA creates ProcessB
My DLL Auto-Injects into ProcessB

Right now I'm simply using the CreateProcess(target, start_stopped)
CreateRemoteThread(my dll)
ResumeThread(target thread) Mehtod.

On a slightly unrelated note, Anyone happen to know how to get the size of a process in memory? [exa: I want to search only X Process's memory space]

Product: Starcraft/Sracraft: BroodWars
Version: 1.15.2
Version Byte: 0xD1
Patch Files:
STAR_IX86_1xx_1152.mpq
STAR_IX86_1151_1152.mpq
SEXP_IX86_1xx_1152.mpq
SEXP_IX86_1151_1152.mpq
Notes:

Quote--------------------------------------------------------------------------------
- patch 1.15.2
--------------------------------------------------------------------------------

  Feature Changes

- StarCraft and StarCraft: BroodWar no longer require the CD while playing the
  game.  To play without the CD, please follow the following instructions:

- Windows Users:
    - Make sure you have "Hide extensions for known types" unchecked under
      Explorer Folder Options.
    - If you own only StarCraft, copy "INSTALL.EXE" from the StarCraft CD to
      your StarCraft folder and rename it to "StarCraft.mpq".
    - If you own StarCraft: Brood War, copy "INSTALL.EXE" from the StarCraft:
      Brood War CD to your StarCraft folder and rename it to "BroodWar.mpq".

- Mac users:
    - If you own only StarCraft, copy "StarCraft Archive" from the StarCraft CD
      to your StarCraft folder.
    - If you own StarCraft: Brood War, copy "Brood War Archive" from the
      StarCraft: Brood War CD to your StarCraft folder.

<3 them for doing this. Though I always used a no-cd ISO
I'll update JBLS when the patch propogates to all 4 realms. Currently it is only US East.
~Hdx

Simple enough question, what languages does Bnet support for it's multi-lingual mpq archives.
deDE, enUS, frFR, koKR, zhCN, zhTW, itIT, csCZ,
Any others? (I don't want to crack open WC3 >.< One of you guys might have them in your notes)
On a side-note: Whats the format for the name of the files inside PMAC/XMAC crev archives? (psistrom, ver-P/XMAC)
The main reason is I'm making a cache of all Bnet's file off BNFTP
BNFTP://hdx.jbls.org/list.txt
~Hdx

Well, I've been poking around the PE file header specs.
And I ran across a problem.
When loading a file myself into memory. (Not for use for data access only)
I have to populate the IAT myself.
My question is this. What methods do you guys propose to populate the IAT table.
I *could* parse each of the file's the main file references, and calculate the addresses myself.
But that would either require a  large database of address->name combos.
Which is plausible due to the fact that no window's dll's overlap.
Or, I could do it a runtime, but that would require the users to have numerous more dll files...
Meh, just looking for ideas.

I don't want to use System.loadlibrary() as i do not fully know how loading a windows executable in a linux environment would work (IAT again)
~Hdx

Game: Warcraft III ROC/TFT
Version: 1.21
Version Byte: 0x15
Patch: W3XP_IX86_120E_121A_enUS.mpq
Patch Log:

Quote--------------------------------------------------------------------------
Patch 1.21
--------------------------------------------------------------------------

FEATURES

- The game now runs natively on both PowerPC-based and Intel-based Macs.
- Player can now view frames per second using the "/fps" chat command.

FIXES

- Fixed a timing problem with the game on PCs with dual-core CPUs.
- Fixed a crash that could occur with the Frost Breath ability.
- Fixed a crash that could happen in multiplayer games.
- Fixed an exploit that could happen in multiplayer games.

Important Note on Patching for Mac Players: The file layout inside the
game folder is changed significantly by Patch 1.21.  As a result, in order
to be able to install the Frozen Throne expansion from CD, you must
install Reign of Chaos first, then install Frozen Throne from CD, and then
patch to version 1.21, in that order.  If you patch to v1.21 and then
attempt to install Frozen Throne after that, it will not install
correctly.

MAPS

- New maps:
  - (2)SecretValley
  - (6)BomberCommand
- (4)LostTemple (RoC)
  - The 4 Forest Troll Berserkers by the natural expansions now drop Level
    2 Permanent instead of Level 2 Charged items
- (4)TurtleRock
  - The 4 Ogre Warriors along the outer pathways now drop Level 2
    Permanent instead of Level 2 Charged items
- (6)GnollWood
  - The 4 Gnoll Brutes by the central Item Shops now drop Level 2
    Permanent instead of Level 2 Charged items

~-~(HDX)~-~

I've come along this during my work on creating a emu server, But anyways.
For some reason Diablo 1 Will think it failed the version check even when  it recieves success unless it recieves 255 extra bytes of random data....

21  63.241.83.107:6112  192.168.0.10:4406  264  Recv 
0000  FF 07 08 01 02 00 00 00 00 00 CF 02 F9 26 00 10    .............&..
0010  61 68 68 61 68 61 00 00 00 00 00 00 80 EB 43 00    ahhaha........C.
0020  40 57 6D 11 D8 F0 CF 02 A0 F1 CF 02 F0 78 AA 01    @Wm..........x..
0030  00 00 00 60 CA D1 1E 51 A8 F0 CF 02 AD EC 43 00    ...`...Q......C.
0040  D8 F0 CF 02 E0 87 87 0D 77 23 77 2E 63 2E 7A 00    ........w#w.c.z.
0050  72 65 65 77 69 6E 73 00 F0 25 17 03 00 00 00 60    reewins..%.....`
0060  CC F0 CF 02 14 33 44 00 E9 22 00 10 D0 F0 CF 02    .....3D.."......
0070  2A 65 72 75 00 00 00 00 68 43 C4 01 68 43 C4 01    *eru....hC..hC..
0080  FF 00 00 00 01 00 00 00 F4 F0 CF 02 F9 26 00 10    .............&..
0090  E9 22 00 10 F8 F0 CF 02 1F 23 00 10 01 00 00 00    .".......#......
00A0  F8 07 00 00 30 02 A4 01 09 00 00 00 00 00 00 00    ....0...........
00B0  AC F1 CF 02 2F 32 45 00 00 01 5F 02 00 27 00 10    ..../2E..._..'..
00C0  00 00 00 00 18 F1 CF 02 DC F1 CF 02 01 00 00 00    ................
00D0  00 E0 CE B7 B5 65 00 00 00 00 00 00 00 00 00 10    .....e..........
00E0  00 00 20 00 10 00 00 00 E4 F1 CF 02 01 00 00 00    .. .............
00F0  77 00 00 00 14 A9 E9 01 00 00 00 59 00 00 00 00    w..........Y....
0100  00 00 20 00 14 A9 E9 01                            .. .....
This is only seen in 1.09, other versions accept it correctly without the extra data...
17  127.0.0.1:6112  127.0.0.1:4332  9  Recv 
0000  FF 07 09 00 02 00 00 00 00                         .........
Has anyone attempted to look into exactly what D1 does with this data? It does not care what the data is, but this should be documented none the less....
Anyone got anything to input?
~-~(HDX)~-~

Hey Sky how about the following?
BNLS_DECODECDKEY
C->S
  (String) CDkey

S->C
  (BOOLEAN) Warcraft3
  (DWORD) Product
  (DWORD) Val1
  If Warcraft3 == True
    (BYTE[10]) Val2
  Else
    (DWORD) Val2

Or something to that effect, that way we can use BNLS_HASHDATA to hash it however we need.
Well this comes in light of Not having a valid way of getting the proper values for SID_CDKEY2 through BNLS.
Considering W2BN still uses SID_CDKEY2 I figure there sould be a way of getting the proper data from BNLS.
Hell you could even add the flag CDKEY_WARCRAFT2_STYLE to BNLS_CDKEY_EX..... (This would be a easier method to implement, I suggest this moreover the new packet.)
~-~(HDX)~-~

Can someone look into this, BnetDocs states that it is only

Quote(DWORD)       Result
(STRING)     Patch path

BUT!
Ever seince the newly named version MPQs i've been getting this:

7  63.241.83.111:6112  192.168.0.10:1771  264  Recv 
0000  FF 07 08 01 02 00 00 00 00 00 01 00 84 F0 4A 02    ..............J.
0010  10 00 00 00 00 00 00 00 00 00 00 00 0E 00 00 00    ................
0020  78 65 FA 01 00 00 00 00 A0 F1 4A 02 F0 1F 6D 01    xe........J...m.
0030  A0 06 16 00 A8 24 00 00 00 00 00 00 00 F1 4A 02    .....$........J.
0040  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
0050  0E 00 00 00 76 65 72 2D 49 58 38 36 2D 30 2E 6D    ....ver-IX86-0.m
0060  70 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00    pq..............
0070  00 00 00 00 00 00 00 00 6C F1 4A 02 23 20 01 00    ........l.J.# ..
0080  30 F1 4A 02 38 00 00 00 8D 3F FD 74 F0 25 C2 02    0.J.8....?.t.%..
0090  AD A4 00 00 C0 56 FA 01 AC 55 34 7E A4 55 34 7E    .....V...U4~.U4~
00A0  AC 55 34 7E 84 01 17 02 FF D8 47 00 64 53 34 7E    .U4~......G.dS4~
00B0  03 00 00 00 D4 03 17 02 CC 03 17 02 D4 03 17 02    ................
00C0  84 01 17 02 FF D8 47 00 1D 00 00 00 03 00 00 00    ......G.........
00D0  90 00 00 00 00 00 00 00 78 EE AB 00 70 EE AB 00    ........x...p...
00E0  78 EE AB 00 00 00 00 00 FF D8 47 00 20 EC AB 00    x.........G. ...
00F0  03 00 00 00 90 00 00 00 00 00 00 00 AC 00 00 00    ................
0100  00 00 00 00 5C F1 4A 02                            ....\.J.
Useing DRTL.
Can anyone look into it?
~-~(HDX)~-~

Well it's been a while seince i've done any bnet programming, not to mention DRTL login.
So anyone care to take a look and help me out?
I get disconnected right after sending 0x29

1  192.168.0.11:4048  63.241.83.9:6112  107  Send 
0000  01                                                 .
         FF 1E 1A 00 00 00 00 00 00 00 00 00 00 00 00     ...............
0010  00 00 00 00 00 00 00 00 00 00 00                   ...........
                                       FF 12 3C 00 00               ..<..
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80    ................
0030  04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45    ...............E
0040  4E 47 00 31 00 55 53 41 00 55 6E 69 74 65 64 20    NG.1.USA.United
0050  53 74 61 74 65 73 00                               States.
                           FF 06 14 00 36 38 58 49 4C           ....68XIL
0060  54 52 44 2A 00 00 00 00 00 00 00                   TRD*.......

2  63.241.83.9:6112  192.168.0.11:4048  32  Recv 
0000  FF 05 14 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
0010  00 00 00 00                                        ....
                  FF 1D 0C 00 BB 08 5E 00 BE CA 64 50        ......^...dP

3  63.241.83.9:6112  192.168.0.11:4048  95  Recv 
0000  FF 25 08 00 92 DB C0 8F                            .%......
                              FF 06 57 00 00 AC 41 43            ..W...AC
0010  25 0B C5 01 49 58 38 36 76 65 72 30 2E 6D 70 71    %...IX86ver0.mpq
0020  00 41 3D 36 31 31 33 36 36 36 37 30 20 42 3D 33    .A=611366670 B=3
0030  37 33 30 32 31 33 35 31 20 43 3D 32 36 34 35 36    73021351 C=26456
0040  34 38 35 39 20 34 20 41 3D 41 5E 53 20 42 3D 42    4859 4 A=A^S B=B
0050  2D 43 20 43 3D 43 5E 41 20 41 3D 41 5E 42 00       -C C=C^A A=A^B.

4  127.0.0.1:4047  127.0.0.1:9367  81  Send 
0000  51 00 18 09 00 00 00 00 00 00 00 00 00 00 00 00    Q...............
0010  00 00 00 41 3D 36 31 31 33 36 36 36 37 30 20 42    ...A=611366670 B
0020  3D 33 37 33 30 32 31 33 35 31 20 43 3D 32 36 34    =373021351 C=264
0030  35 36 34 38 35 39 20 34 20 41 3D 41 5E 53 20 42    564859 4 A=A^S B
0040  3D 42 2D 43 20 43 3D 43 5E 41 20 41 3D 41 5E 42    =B-C C=C^A A=A^B
0050  00                                                 .

5  127.0.0.1:9367  127.0.0.1:4047  59  Recv 
0000  3B 00 18 01 00 00 00 01 09 00 01 F3 88 7B 86 44    ;............{.D
0010  69 61 62 6C 6F 2E 65 78 65 20 30 34 2F 31 31 2F    iablo.exe 04/11/
0020  30 31 20 31 36 3A 35 33 3A 31 38 20 37 35 37 37    01 16:53:18 7577
0030  36 30 00 00 00 00 00 2A 00 00 00                   60.....*...

6  192.168.0.11:4048  63.241.83.9:6112  60  Send 
0000  FF 07 3C 00 36 38 58 49 4C 54 52 44 2A 00 00 00    ..<.68XILTRD*...
0010  01 09 00 01 F3 88 7B 86 44 69 61 62 6C 6F 2E 65    ......{.Diablo.e
0020  78 65 20 30 34 2F 31 31 2F 30 31 20 31 36 3A 35    xe 04/11/01 16:5
0030  33 3A 31 38 20 37 35 37 37 36 30 00                3:18 757760.

7  63.241.83.9:6112  192.168.0.11:4048  10  Recv 
0000  FF 07 0A 00 02 00 00 00 00 00                      ..........

8  127.0.0.1:4047  127.0.0.1:9367  26  Send 
0000  1A 00 0B 07 00 00 00 02 00 00 00 ** ** ** ** **   ...........*****
0010  ** ** BB 08 5E 00 B0 4B CB 02                     **..^..K..

9  127.0.0.1:9367  127.0.0.1:4047  23  Recv 
0000  17 00 0B 14 96 80 99 89 BF D4 1C 5C D7 18 B1 D8    ...........\....
0010  14 6F 50 0D 16 86 5A                               .oP...Z

10  192.168.0.11:4048  63.241.83.9:6112  36  Send 
0000  FF 29 24 00 B0 4B CB 02 BB 08 5E 00 14 96 80 99    .)$..K....^.....
0010  89 BF D4 1C 5C D7 18 B1 D8 14 6F 50 0D 16 86 5A    ....\.....oP...Z
0020  68 64 78 00                                        hdx.
I know i'm ignoring a few things, such as 0x25, but that shouldn't effect it.... unless something has changed
~-~(HDX)~-~

Well, I kinda have a problem, I'm trying to append a rich text box, The text gets sent, but it is always the color of the background, so I can't see it.

How would you specify the color of the text when using SendMessage() to append it.
Dim X As CharFormat
X.cbSize = LenB(X)
X.crTextColor = vbRed
X.dwMask = CFM_COLOR

A = SendMessage(Z, WM_GETTEXTLENGTH, 0, 0) + 1
SendMessage Z, EM_SETSEL, A, 1
SendMessage Z, EM_SETCHARFORMAT, SCF_SELECTION, ByVal X
SendMessage Z, EM_REPLACESEL, 0, ByVal "Testing" & vbNewLine
SendMessage Z, EM_SCROLL, SB_LINEDOWN, 0
All of the constants are there proper formats, as far as I know:
Private Const WM_GETTEXTLENGTH As Long = &HE
Private Const EM_SETSEL& = &HB1
Private Const EM_REPLACESEL& = &HC2
Private Const EM_SCROLL& = &HB5
Private Const SB_LINEDOWN& = 1
Private Const SCF_SELECTION& = 1
Private Const EM_SETCHARFORMAT& = &H444
Private Const EM_GETCHARFORMAT& = &H43A
Private Const CFM_COLOR& = &H40000000

Private Type CharFormat
    cbSize As Long
    dwMask As Long
    dwEffects As Long
    yHeight As Long
    yOffset As Long
    crTextColor As Long
    bCharSet As Byte
    bPitchAndFamily As Byte
    szFaceName(32) As Byte
End Type
Z of corse is the handle for the RTB.
But please, Don't think I don't know how to use .SelColor -.- its not the point of this program, the point is to do it via sendmessage, for experiance.
~-~(HDX)~-~

Game: Warcraft III TFT/ROC
Patch: 1.20d
VerByte: 0x14 (Unchanged)
VerHash: 0x011403b6
Hashes: Here
Change log:

Quote--------------------------------------------------------------------------
Patch 1.20d
--------------------------------------------------------------------------

FIXES

- Fixed an exploit that could happen in multiplayer games

JBLS server www.jbls.org is updated. Uploading the files to my mirriors right now.
~-~(HDX)~-~

Well, I'm building a site for a small business that I run.
And I would like to add a shopping cart to the site.
Basically it has a page for each item I sell.
I want to add a button "Add to Cart"
Loads up a page asking quantity and asking for conformation.
Then at the top of each page it has a link "Proceed to checkout"
With 1) List all the items, prices, quantities, and total.
2) allows for editing (adding/removing/changing#)
3) continue button
4) Enter there information (CC's, Address, Phone, Name, etc.)
5) Save it locally to the server in a secure manor, or a more preferred method, instant payment via paypal.

Basic shopping cart.
Any suggestions on how I can implement something like this would be lovely.
Just looking for some design suggestions.
~-~(HDX)~-~

Whos getting it?
Who plays Guild Wars?
Who has pre-ordered?
Just curious.
I pre-ordered mine yesterday from the local GameStop.
~-~(HDX)~-~