Text only | Text with Images

Valhalla Legends Archive

Programming => Battle.net Bot Development => Topic started by: Hdx on January 29, 2010, 07:58 AM

Title: Old Packets?
Post by: Hdx on January 29, 2010, 07:58 AM
Just some old packet handlers I found in Battle.snp whilst I was looking around.
0x17, Read memory addresses?
Code Select
S->C:
  (UInt32) Cookie
  (UInt32) Address
  (UInt32) Length
C->S:
  (UInt32) Cookie
  (Void) Memory segment?
Code Select
int __usercall Recv_SID_0x17<eax>(int PacketDataLength<ecx>, int PacketData<eax>)
{
  unsigned int v2; // edi@3
  const void *v3; // esi@3
  UINT v4; // ST10_4@3
  const void *v5; // ST0C_4@3
  int v6; // [sp+4h] [bp-4h]@3
  int v7; // [sp+0h] [bp-8h]@4

  if ( PacketData )
  {
    if ( (unsigned int)PacketDataLength >= 0xC )
    {
      v3 = *(const void **)(PacketData + 4);
      v2 = *(_DWORD *)(PacketData + 8);
      v4 = *(_DWORD *)(PacketData + 8);
      v5 = *(const void **)(PacketData + 4);
      v6 = *(_DWORD *)PacketData;
      PacketData = IsBadReadPtr(v5, v4);
      if ( !PacketData )
      {
        PacketData = SMemAlloc(v2 + 4, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3082, PacketData);
        v7 = PacketData;
        if ( PacketData )
        {
          *(_DWORD *)PacketData = v6;
          memcpy((void *)(PacketData + 4), v3, v2);
          SendBNCSPacket(v2 + 4, 23, PacketData);
          PacketData = storm_403(v7, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3089, 0);
        }
      }
    }
  }
  return PacketData;
}0x20, No clue, didn't poke past the initial handler.
Code Select
void *__usercall Recv_SID_0x20<eax>(int PacketDataLength<ecx>, void *PacketData<eax>)
{
  void *v2; // [sp+Ch] [bp-4h]@4
  char *v3; // [sp+0h] [bp-10h]@4
  int v4; // [sp+4h] [bp-Ch]@4
  signed int v5; // [sp+8h] [bp-8h]@4

  if ( PacketData )
  {
    if ( (unsigned int)PacketDataLength >= 1 )
    {
      if ( dword_19044E0C )
      {
        v2 = PacketData;
        v3 = &GameStaps;
        v4 = 0;
        v5 = 4;
        PacketData = sub_19017810(6, (int)&v3, 16, (int)&v3, (int)&v2);
      }
      else
      {
        PacketData = (void *)sub_19020610(&GameStaps, (int)&GameStaps, (int)PacketData);
      }
    }
  }
  return PacketData;
}
void *__stdcall sub_19017810(int a1, int a2, int a3, int a4, int a5)
{
  void *result; // eax@11
  int v6; // ebx@11
  unsigned int v7; // edi@11
  unsigned int v8; // esi@11
  void *v9; // edx@13
  int v10; // ecx@13
  int v11; // esi@13
  int v12; // eax@16
  int *v13; // eax@22
  unsigned int v14; // eax@11
  int v15; // eax@12
  int v16; // edx@12
  void *v17; // edi@15
  char v18; // al@15
  unsigned int v19; // ecx@15
  char *v20; // esi@16
  int v21; // edi@16
  int v22; // eax@16
  unsigned int v23; // ecx@16
  const void *v24; // esi@16
  void *v25; // edi@16
  char v26; // zf@16
  int v27; // eax@23
  int v28; // ecx@23
  char *v29; // [sp+18h] [bp-4h]@2
  char *v30; // [sp+14h] [bp-8h]@5
  unsigned int v31; // [sp+10h] [bp-Ch]@11
  unsigned int v32; // [sp+Ch] [bp-10h]@11

  if ( a4 )
    v29 = *(char **)a4;
  else
    v29 = 0;
  if ( a5 )
    v30 = *(char **)a5;
  else
    v30 = 0;
  if ( !v29 )
    v29 = &GameStaps;
  if ( !v30 )
    v30 = &GameStaps;
  v7 = strlen(v29);
  v31 = v7;
  v14 = strlen(v30);
  v8 = v14;
  v32 = v14;
  result = (void *)SMemAlloc(16, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3395, 0);
  v6 = (int)result;
  if ( result )
  {
    v15 = a3;
    v16 = a1;
    *(_DWORD *)(v6 + 8) = a3;
    *(_DWORD *)v6 = v16;
    result = (void *)SMemAlloc(v7 + v8 + v15 + 2, "Starcraft\\Storm\\SNPs\\Battle\\Srv.cpp", 3402, 0);
    *(_DWORD *)(v6 + 4) = result;
    if ( result )
    {
      v10 = a3;
      v9 = (char *)result + a3;
      a3 += (int)(result + v7 + 1);
      v11 = a2;
      if ( a2 )
      {
        if ( v10 )
        {
          v17 = result;
          v18 = v10;
          v19 = (unsigned int)v10 >> 2;
          memcpy(v17, (const void *)a2, 4 * v19);
          memcpy((char *)v17 + 4 * v19, (const void *)(v11 + 4 * v19), v18 & 3);
          v7 = v31;
        }
      }
      memcpy(v9, v29, v7 + 1);
      v20 = v30;
      v21 = a3;
      v22 = v32 + 1;
      v23 = (v32 + 1) >> 2;
      memcpy((void *)a3, v30, 4 * v23);
      v24 = &v20[4 * v23];
      v25 = (void *)(v21 + 4 * v23);
      LOBYTE(v23) = v22;
      v12 = a4;
      v26 = a4 == 0;
      memcpy(v25, v24, v23 & 3);
      if ( !v26 )
      {
        if ( *(_DWORD *)v12 )
          *(_DWORD *)(*(_DWORD *)(v6 + 4) - a2 + v12) = v9;
      }
      if ( a5 )
      {
        if ( *(_DWORD *)a5 )
          *(_DWORD *)(*(_DWORD *)(v6 + 4) - a2 + a5) = a3;
      }
      EnterCriticalSection(&unk_19046824);
      v13 = &dword_19045500;
      if ( dword_19045500 )
      {
        do
        {
          v27 = *v13;
          v28 = *(_DWORD *)(v27 + 12);
          v13 = (int *)(v27 + 12);
        }
        while ( v28 );
      }
      *v13 = v6;
      *(_DWORD *)(v6 + 12) = 0;
      LeaveCriticalSection(&unk_19046824);
      result = dword_19045610;
      if ( dword_19045610 )
        result = (void *)PostMessageA(dword_19045610, 0x469u, 0, 0);
    }
  }
  return result;
}
BOOL __stdcall sub_19020610(char *Source, int a2, int a3)
{
  int v3; // eax@1
  int v4; // esi@1

  EnterCriticalSection(&unk_190466F0);
  v3 = SMemAlloc(772, "Starcraft\\Storm\\SNPs\\Battle\\Spi.cpp", 1027, 0);
  v4 = v3;
  if ( v3 )
  {
    strncpy((char *)v3, Source, 0x80u);
    strncpy((char *)(v4 + 128), (const char *)a2, 0x80u);
    strncpy((char *)(v4 + 256), (const char *)a3, 0x200u);
    *(_BYTE *)(v4 + 127) = 0;
    *(_BYTE *)(v4 + 255) = 0;
    *(_BYTE *)(v4 + 767) = 0;
    sub_19002E30();
  }
  LeaveCriticalSection(&unk_190466F0);
  return SetEvent(hEvent);
}
0x24, Something to do with just echoing cookies back and forth?
Code Select
int __usercall Recv_SID_0x24<eax>(int PacketData<eax>, unsigned int PacketDataLength<ecx>)
{
  int v2; // eax@3
  char *v3; // edx@3
  char *v4; // eax@5
  char *v5; // eax@7
  _BYTE *v6; // esi@7
  int v7; // eax@9
  _BYTE *v8; // ecx@9
  int v9; // esi@9
  int v10; // ecx@3
  char v11; // cl@4
  char v12; // cl@6
  int v13; // eax@7
  char v14; // cl@8
  char v15; // dl@10
  int v16; // [sp+4h] [bp-204h]@3
  int OutPacketData; // [sp+0h] [bp-208h]@3
  char v18; // [sp+8h] [bp-200h]@3
  _BYTE v19[511]; // [sp+9h] [bp-1FFh]@7

  if ( PacketData )
  {
    if ( PacketDataLength >= 9 )
    {
      v10 = *(_DWORD *)PacketData;
      v16 = *(_DWORD *)(PacketData + 4);
      v2 = PacketData + 8;
      OutPacketData = v10;
      v3 = &v18 - v2;
      do
      {
        v11 = *(_BYTE *)v2;
        v3[v2] = *(_BYTE *)v2;
        ++v2;
      }
      while ( v11 );
      v4 = &v18;
      do
        v12 = *v4++;
      while ( v12 );
      v13 = v4 - v19;
      v6 = &v19[v13];
      storm_422("Cookies", &v18, 2, &v19[v13], 256);
      v5 = &v18;
      do
        v14 = *v5++;
      while ( v14 );
      v8 = v6;
      v7 = v5 - v19;
      v9 = (int)(v6 + 1);
      do
        v15 = *v8++;
      while ( v15 );
      PacketData = SendBNCSPacket((int)(&v8[v7 + 10] - v9), 0x24u, (int)&OutPacketData);
    }
  }
  return PacketData;
}
Just a random thing. Also found some cool stuff about SC Leagues, did they ever actually make any public ones? As well as the Warden/Crev handlers :P
AND! A like 4 server side exploits to '0wnzorz our b0xzorz'
Anyone know any more of what these do? Like I said they all had no time put into them because I was doing other things.
Title: Re: Old Packets?
Post by: Sixen on January 29, 2010, 06:54 PM
Quote from: Hdx on January 29, 2010, 07:58 AM
Just a random thing. Also found some cool stuff about SC Leagues, did they ever actually make any public ones? As well as the Warden/Crev handlers :P

I believe the only public League released was the WGTour league.
Title: Re: Old Packets?
Post by: xpeh on February 03, 2010, 08:12 PM
So, it is possible to read user CD-Keys with 0x17?
Text only | Text with Images