Does anyone know how or where to get an updated list of storm exported function names and their ordinals? The one he posted a while back is lacking 493 among others. I tried to find it myself, but I am unable to locate the exports section, or maybe I did, but it's compressed:
Quote
PKWARE Data Compression Library for Win32
Copyright 1989-1995 PKWARE Inc. All Rights Reserved
Patent No. 5,051,745
PKWARE Data Compression Library Reg. U.S. Pat. and Tm. Off.
**note - these are all __stdcall unless otherwise noted
102 SNetDestroy()
117 SNetInitializePRovider()
119 SNetLeaveGame()
120 SNetPerformUpgrade(int)
122 SNetReceiveTurns(void **,int,int,int,int);
123 SNetRegisterEventHandler()
132 int __fastcall 0CDebugSCritSect(LPCRITICAL_SECTION lpCriticalSection)
141 __thiscall CDebugSRWLock::CDebugSRWLock(void)
142 __thiscall CSRWLock::CSRWLock(void)
143 __thiscall SCritSect::SCritSect(void)
144 __thiscall SEvent::SEvent(BOOL bManualReset,BOOL bInitialState)
145 __thiscall SSyncObject::SSyncObject(void)
146 __thiscall CDebugSCritSect::~CDebugSCritSect(void)
147 __thiscall CDebugSRWLock::~CDebugSRWLock(void)
148 __thiscall CSRWLock::~CSRWLock(void)
149 __thiscall SCritSect::~SCritSect(void)
152 __thiscall SSyncObject::~SSyncObject(void)
153 SFile::Close(SFile *)
154 int __fastcall SThread::Create(unsigned int (__stdcall *)(void *),void *,class SThread &,char *)
155 SFile::CreateOverlapped(SOVERLAPPED *)
156 SFile::DestroyOverlapped(OVERLAPPED *)
157 SFile::EnableHash(bool)
158 void __thiscall CDebugSCritSect::Enter(char const *,unsigned long)
159 void __thiscall CDebugSRWLock::Enter(int,char const *,unsigned long)
160 void __thiscall CSRWLock::Enter(int)
161 int SCritSect::enter(void)
162 SFile::FileExists(char const *)
163 SFile::GetActualFileName(SFile *,char *,unsigned long)
164 SFile::GetBasePath(char *,unsigned long)
165 SFile::GetFileSize(SFile *,unsigned long)
166 void __thiscall CDebugSCritSect::Leave(char const *,unsigned long)
167 void __thiscall CDebugSRWLock::Leave(int,char const *,unsigned long)
168 void __thiscall CSRWLock::Leave(int)
169 int SCritSect::leave(void)
170 SFile::Load(SArchive *,char const *,void **,unsigned long *,unsigned long,unsigned long,SOVERLAPPED *)
171 SFile::LoadFile(char const *,void **,unsigned long *,unsigned long, SOVERLAPPED *)
172 SFile::Open(char const *,SFile **)
173 SFile::PollOverlapped(SOVERLAPPED *)
174 SFile::Read(class SFile *,void *,unsigned long,unsigned long *,struct SOVERLAPPED *,struct _TASYNCPARAMBLOCK *)
175 int __thiscall SEvent::Reset(void)
176 SFile::ResetOverlapped(SOVERLAPPED *)
177 int __fastcall SCreateThread(unsigned int (__stdcall *)(void*),void*,unsigned int*,void*,char*);
188 int __thiscall SEvent::Set(void)
189 SFile::SetBasePath(char const *)
190 SFile::SetFilePointer(SFile *,long,long*,unsigned long)
191 SFile::Unload(void *)
193 int __stdcall WaitMultiplePtr(BOOL bWaitAll,DWORD dwMilliseconds)
194 SFile::WaitOverlapped(struct SOVERLAPPED *)192 int __stdcall Wait(DWORD dwMilliseconds)
251 SFileAuthenticateArchive(int,int)
252 SFileCloseArchive(HANDLE hArchive)
253 SFileCloseFile(HANDLE hFile)
262 SFileDestroy()
264 SFileGetFileArchive(HANDLE hFile,int)
265 SFileGetFileSize(HANDLE hFile, int *fileSizeHigh)
266 SFileOpenArchive(char *name, int flags, int, HANDLE *hArchive)
267 SFileOpenFile(int,int)
268 SFileOpenFileEx(HANDLE hArchive, char *fileName, int, HANDLE *hFile)
269 SFileReadFile(HANDLE hFile, void *buffer, int toRead, int *read, int)
270 SFileSetBasePath(int)
271 SFileSetFilePointer(HANDLE hFile, int filePos, int *filePosHigh, int method)
272 SFileSetLocale(__int16)
273 SFileGetBasePath(int,int)
275 SFileGetArchiveName(int,int,int)
276 SFileGetFileName(int,int,int)
299 SFileAuthenticateArchiveEx(int,int,int,LONG lDistanceToMove,int,DWORD NumberOfBytesRead)
301 StormDestroy
321 SBmpDecodeImage
323 SBmpLoadImage(int,int,int,int,int,int,int)
324 SBmpSaveImageSBmpSaveImage(int,int,int,int,int,int)
325 SBmpAllocLoadImage(char *filename,int,int,int,int,int,int,int)
326 SBmpSaveImageEx(char *str,int,int,int,DWORD NumberOfBytesWritten,int,LPCVOID lpBuffer)
331 SCodeCompile(char *src,int,int,int,int,int)
332 SCodeDelete()
335 SCodeGetPseudocode(int,int,int)
341 SDrawVidDriverInitialize()
342 SDrawCaptureScreen(char *path);
343 SDrawShowCursor (?)
344 SDrawDestroy()
372 SEvtDispatch()
373 SEvtRegisterHandler()
375 SEvtUnregisterType
382 SGdi1
383 SGdi2
392 SGdi4
401 void *__stdcall SMemAlloc(int amount,char *filename,int line,int defaultValue)
403 SMemFree(int,int,int,int)
404 SMemGetSize()
405 SMemReAlloc(int,int,int,int,int);
421 int SRegLoadData(HKEY hKey,LPCSTR lpValueName,HKEY phkResult,LPBYTE lpData,int,DWORD Type);
423 int SRegQueryValue(char *key,char *value,BYTE flags,char *result)
434 STrans1
436 STrans2
437 STrans4
438 STrans3
439 STransLoadI(int,int,int,int);
440 STrans7
443 STrans5
447 STransLoadE(int,int,int,int);
451 SVidDestroy
453 SVidInitialize
454 SVidPlayBegin
455 SVidPlayBeginFromMemory
456 SVidPlayContinue
457 SVidPlayContinueSingle
461 SErrDisplayError(int,int,DWORD ExitCode,int,int,UINT uExitCode)
462 SErrGetErrorStr
463 SErrGetLastError
465 SErrSetLastError(DWORD dwErrCode)
475 ? - ProcessToken
481 SMemFindNextBlock()
482 SMemFindNextHeap()
483 SMemGetHeapByCaller()
484 SMemGetHeapByPtr()
485 SMemHeapAlloc()
486 SMemHeapCreate()
487 SMemHeapDestroy()
488 SMemHeapFree()
489 SMemHeapRealloc()
490 SMemHeapSize()
491 int SMemCpy(void *dest, void *src, int count)
494 int SMemZero(void *buf, int count)
497 SMemDumpState()
501 int SStrNCpy(char *dst, char *src, int count)
502 DWORD SStrHash(LPCSTR String, BOOLEAN IsFilename, DWORD Seed)
501 int SStrNCat(char *base, char *new, int max_length);
508 int SStrCmp(char *str1,char *str2,size_t size);
509 int SStrCmpI(char *str1,char *str2,size_t size);510 int SStrUpr(char *str)
Note - 569,571 and 570,572 are the same functions
569 char *__fastcall SStrChr(char *str,char c);
570 char *__fastcall SStrChrR(const char *str,char c);
571 char *__stdcall SStrChr(char *str,char c);
572 char *__fastcall SStrChrR(const char *str,char c);
578 SStrPrintf(char *str, size_t size, const char *format, ...);
579 SStrLwr(char *str)
548 Add to log file (not sure about official name)
601 SBigAdd(int,int,int)
602 SBigAnd(int,int,int)
603 SBigCompare(BigBuffer buf1,BigBuffer buf2)
604 SBigCopy(int,int)
605 SBigDec(int,int)
606 SBigDel(BigBuffer buf)
607 SBigDiv(int,int,int)
608 SBigFindPrime(int,int,int,int)
609 SBigFromBinary(BigBuffer *,const void *str,unsigned int num)
610 SBigFromStr(int,int)
611 SBigFromStream(int,int,int,int)
612 SBigFromUnsigned(BigBuffer buf,unsigned int value)
613 SBigGcd(int,int,int)
614 SBigInc(int,int)
615 SBigInvMod(int,int,int)
616 SBigIsEven(BigBuffer buf)
617 SBigIsOdd(BigBuffer buf)
618 SBigIsOne(BigBuffer buf)
619 SBigIsPrime(BigBuffer buf)
620 SBigIsZero(BigBuffer buf)
621 SBigMod(int,int,int)
622 SBigMul(int,int,int)
623 SBigMulMod(int,int,int,int)
624 SBigNew(BigBuffer **Buffer)
625 SBigNot(int,int)
626 SBigOr(int,int,int)
627 SBigPow(int,int,int)
628 SBigPowMod(int,int,int,int)
629 SBigRand(int,int,int)
630 SBigSet2Exp(int,int)
631 SBigSetOne(BigBuffer *buf)
632 SBigSetZero(BigBuffer *buf)
633 SBigShl(int,int,int)
634 SBigShr(int,int,int)
635 SBigSquare(int,int)
636 SBigSub(int,int,int)
637 SBigToBinaryArray(int,int,int)
638 SBigToBinaryBuffer(int,int,int,int)
639 SBigToBinaryPtr(int,int,int)
640 SBigToStrArray(int,int)
641 SBigToStrBuffer(int,char *dst,int count)
642 SBigToStrPtr(int,int)
643 SBigToStreamArray(int,int,int)
644 SBigToStreamBuffer(int,int,int,int)
645 SBigToStreamPtr(int,int,int)
646 SBigToUnsigned(int,int)
647 SBigXor(int,int,int)
649 SSignatureVerifyStream_Begin(int)
648 SSignatureVerify(int,int,int,int)
650 SSignatureVerifyStream_ProvideData(int)
651 SSignatureVerifyStream_Finish(int)
652 SSignatureGenerate(int,int,int,int,int,int)
653 SSignatureVerifyStream_GetSignatureLength()
Thanks goes to iago, not myself.
Quote from: brew on December 03, 2007, 06:39 PM
The one posted a while back is lacking 493 among others
That's lacking 493 of them?
Ordinal #493, entry point 0x00022410.
The question is... are the rest significant?
As far as I know, my list (http://www.javaop.com/~ron/documents/Storm.txt) is the most complete one that's ever been posted. If you need others, ask me about my consultancy fees. ;)
Just wondering, but what's all the SBig stuff about?
Quote from: Andy on December 04, 2007, 02:38 PM
Just wondering, but what's all the SBig stuff about?
Probably BigInteger arithmetic operations for something that requires big integers. (nls)
iago: What method did you use to find them in the first place? and what are the consultancy fees that you speak of?
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
Quote from: Andy on December 04, 2007, 03:33 PM
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
probably. My guess is that they'd be actually int pointers.
I'm still not sure about #493, but i think i have a good idea of what it does:
19019DFA 85C0 TEST EAX,EAX
19019DFC 76 24 JBE SHORT battle.19019E22
19019DFE 3BF8 CMP EDI,EAX
19019E00 76 11 JBE SHORT battle.19019E13
19019E02 8BD7 MOV EDX,EDI
edi = globaldwordarray[5]
19019E04 2BD0 SUB EDX,EAX
19019E06 52 PUSH EDX
19019E07 03C6 ADD EAX,ESI
19019E09 50 PUSH EAX
19019E0A 56 PUSH ESI
19019E0B E8 629EFEFF CALL <JMP.&storm.#493>
19019E10 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
//notice how eax isn't very important here
19019E13 2BF8 SUB EDI,EAX //subtract the base addr of the warden crap ptr from edi, probably another length
19019E15 A1 18640419 MOV EAX,DWORD PTR DS:[19046418]
// that one global that points to a base address for the interesting dword array
....
if (eax) {
if (edi >= eax) {
storm493(esi, esi + eax, edx - eax);
eax = wardendataptr;
edi -= eax;
}
}
....
esi is the dest.
esi + eax is the source.
edx - eax is the length.
it looks like it's a memmove, because it's copying over the lower memory address from a higher one (they look close), and to guarentee no corruption, it MUST be a memmove.
so this should be added to that ordinal listing:
493 int SMemMove(void *dest, void *src, int count)
Quote from: brew on December 04, 2007, 03:04 PM
Quote from: Andy on December 04, 2007, 02:38 PM
Just wondering, but what's all the SBig stuff about?
Probably BigInteger arithmetic operations for something that requires big integers. (nls)
iago: What method did you use to find them in the first place? and what are the consultancy fees that you speak of?
Depends. In some cases I reverse engineered them, and in others I compared the normal storm.dll to the mac storm.dll (which has names), and found which functions call which other functions, and sometimes which functions do the same thing. You can figure out quite a lot from just those simple things without barely knowing assembly. But I think I got all the easy ones like that. :)
Quote from: Andy on December 04, 2007, 03:33 PM
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.
Quote from: iago on December 04, 2007, 07:36 PM
Quote from: Andy on December 04, 2007, 03:33 PM
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.
Ya, Blake said they were most likely pointers. Maybe if I care enough some day, I'll add NLS handling to my little hashing DLL using Storm for BigInt.
Quote from: Andy on December 04, 2007, 08:14 PM
Quote from: iago on December 04, 2007, 07:36 PM
Quote from: Andy on December 04, 2007, 03:33 PM
why would the variables be stored in "int" format, then? Are the integer values used as placeholders for the actual data?
int is the default for ones I don't know, and I never bothered figuring out the parameters (knowing which function it was was sufficient for reversing NLS). But some of those will be ints, and most will likely be pointers to a BigInteger struct, whatever that looks like.
Ya, Blake said they were most likely pointers. Maybe if I care enough some day, I'll add NLS handling to my little hashing DLL using Storm for BigInt.
I don't recommend using storm.dll for bigint stuff, it isn't the best library. There are several free ones if you look.
The point would be that the user already has storm.dll...
I don't have storm.dll installed anywhere on my machine. Though I suppose if you're using it for a hash file, that's possible, but if you're distributing storm.dll then you're already walking the line between legal and illegal use, calling functions might make that problem worse.
Wouldn't it make more sense to link in a library, then you don't have to worry? Or even to install a binary library along with your program?
I pray for the day to come, when Andy cares enough to implement storm stuff into his whatever dll. ::)
Ow. Your sarcasm has caused great damage to my feelings. I will forever hang my head in shame.
iago, storm.dll is required for Warcraft 3 local hashing, and my dll is used as part of local hashing. Therefore, it would only make logical sense to use the tools that must already exist to get a job done.