How many of you out there are recieving packet 0x4A right now as you log on and have absolutely oblivious to what it's for?! Well, if you're in that crowd, then here's the code for you! (Well, not all of it):
Special thanks to TheMinistered!
typedef BOOL (__fastcall ExtraWorkProc)(void *);
enum GameType {
Diablo2 = 1,
Warcraft3 = 2,
Starcraft = 3,
WorldOfWarcraft = 4
};
struct EXTRAWORK {
WORD GameType;
WORD Length;
char OutBuffer[1024];
};
BOOL bReturn;
EXTRAWORK ew;
ew.GameType = Starcraft;
ew.Length = 4; // should always be four
*(DWORD*)&ew.OutBuffer = GetSystemDefaultLangID();
It's up to
you to figure out how to load it, and call it! Also,
here's the catch,
you have to figure out what to pass into OutBuffer for it to work with Diablo II!
Make sure
HKEY_CURRENT_USER\Software\Battle.net\Optimize\SysDesc (REG_DWORD) is set to 1, or this may
not work!
For whole source, send $5 via paypal to my paypal address at
[email protected].
Also, in the future near you; the equivlent of ExtraWork() may also be available in C/C++ code!
Complaints? Take a hike.
Packet format (id=0x4B):
(WORD) Unknown (1)
(WORD) Length of data returned by ExtraWork
(STRING) Data returned from ExtraWork
I think blizzard is gay for using the buffer as an in/out parameter anyways. I think blizzard is gay for doing lots of things though, but I guess that's just me! :D
Quote from: hismajesty[yL] on June 14, 2004, 11:31 AM
I thought it was Maddox and Telos in the beginning, and you and iago. Wow, I'm misinformed. Anyway, didn't you (or somebody else) already explain what 0x4A was for?
AFAIK, Telos was there for only one function, but I could be wrong.
0x4A responds with various information about your computer, example output:
System Debug Info 1.03
Game: Starcraft
CPU: GenuineIntel Type 0 Family F Model 1 Stepping 2 Brand 8 1794 MHz
RAM: 511 MB
OS: WinNT 5.2 "" Build 3790
DX: 4.09.00.0902
Vid1: Vendor 000010de Device 00000150 "NVIDIA GeForce2 GTS/GeForce2 Pro (Microso
ft Corporation)"
Aud1: Module "WaveOut 0" Device "Modem #0 Line Playback (emulated)"
Aud2: Module "ac97intc.sys" Device "Intel(r) Integrated Audio"
What is the point of this?
Quote from: Maddox on June 14, 2004, 01:07 PM
Quote from: UserLoser. on June 14, 2004, 01:17 AM
ew.Length = 4; // should always be four
Should be ew.Length = sizeof(EXTRAWORK);
Also, this is generally referred to as "size," not "length."
Setting it to not equal 4 (example: 5), would return something like "ERR: Length 5" - that's where we got the "Length" from
Well, I looked at the struct again and found out I was incorrect so I edited my post a few seconds later. You're just too quick.
Why don't you just block the extrawork.dll It is a bad function anyway -_-
Actually, it could proove useful for further game development. This extrawork.dll lets blizzard know what the majority of the population on battle.net's computer specs are like! Thus, they can target certain cards or certain processors to make optimizations.
It can also detect what they do while in game i.e memory injections, so it is an effective tool for hack detections. (I think)
Here is my old code combined with this new code that works for all 3 possible GameTypes:
Looking at IX86ExtraWork.dll, it doesn't seem to handle GameType = WorldOfWarcraft (4). Where did you get this from?
#include <windows.h>
#include <iostream>
using namespace std;
typedef bool (__fastcall *ExtraWorkProc)(void *);
enum GameType {
Diablo2 = 1,
Warcraft3 = 2,
Starcraft = 3
};
struct EXTRAWORK {
WORD GameType;
WORD Length;
char OutBuffer[1024];
};
int main() {
HINSTANCE hLib;
ExtraWorkProc lpfnExtraWork;
BOOL bReturn;
EXTRAWORK ew;
ew.GameType = Starcraft; // Change this to specified GameType
ew.Length = 4;
if (ew.GameType == Diablo2) {
*(DWORD*)&ew.OutBuffer = 0;
} else {
*(DWORD*)&ew.OutBuffer = GetSystemDefaultLangID();
}
hLib = LoadLibrary("IX86ExtraWork.dll");
if (hLib) {
lpfnExtraWork = (ExtraWorkProc)GetProcAddress(hLib, "ExtraWork");
if (lpfnExtraWork) {
bReturn = (*lpfnExtraWork)(&ew);
cout << "ExtraWork returned " << (bReturn?"TRUE":"FALSE") << endl;
cout << "GameType: " << ew.GameType << "\t\t" << "Length: " << ew.Length << endl << endl;
cout << "Message: " << ew.OutBuffer << endl;
}
FreeLibrary(hLib);
}
return 0;
}
Quote from: Forged on June 14, 2004, 05:51 PM
It can also detect what they do while in game i.e memory injections, so it is an effective tool for hack detections. (I think)
Nah
Anyone mind explaining the importance of parsing this packet, and how you would go about it in Visual Basic 6.0?
Quote from: BaDDBLooD on June 14, 2004, 11:08 PM
Anyone mind explaining the importance of parsing this packet, and how you would go about it in Visual Basic 6.0?
Get a reference for C/C++ and then one for VB, and go through the code step by step converting the C/C++ functions to there VB equivalent.
I don't think it would be very useful though.
well i don't know c/c++
Quote from: BaDDBLooD on June 14, 2004, 11:49 PM
well i don't know c/c++
The idea with the reference is you can look up what a method does, and then find the method in VB that does the same thing and convert it. If you don't know C/C++ I would recommend learning the language syntax and getting a basic understanding of it before attempting to convert the code.
I don't know C/C++ very well either, but the limited knowledge I do have, and my ability to read has allowed me to convert C/C++ code to Java a number of times.
This is for all the visual basic users out there!
modMain
Public Enum GameType
Diablo2 = 1
Warcraft3 = 2
Starcraft = 3
WorlfOfWarcraft = 4
End Enum
Public Type ExtraWork
GameType As Integer
Length As Integer
OutBuffer(1023) As Byte
End Type
Public Declare Function GetSystemDefaultLangID Lib "kernel32" () As Integer
Public Declare Sub RtlMoveMemory Lib "kernel32" (Destination As Any, Source As Any, ByVal Length As Long)
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal strFilePath As String) As Long
Public Declare Function FreeLibrary Lib "kernel32" (ByVal hLib As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private ExtraWorkMarshaller As New clsExtraWorkMarshaller
Public Sub Main()
Dim lngExtraWork As Long, lngExtraWorkAddress As Long, boolReturn As Boolean
Dim ew As ExtraWork
lngExtraWork = LoadLibrary("IX86ExtraWork.dll")
If (lngExtraWork) Then
lngExtraWorkAddress = GetProcAddress(lngExtraWork, "ExtraWork")
If (lngExtraWorkAddress) Then
ew.GameType = Starcraft
ew.Length = 4
If (ew.GameType = Diablo2) Then
RtlMoveMemory ByVal VarPtr(ew.OutBuffer(0)), 0, 4
Else
RtlMoveMemory ByVal VarPtr(ew.OutBuffer(0)), CLng(GetSystemDefaultLangID), 4
End If
boolReturn = ExtraWorkMarshaller.CallExtraWork(lngExtraWorkAddress, VarPtr(ew))
Debug.Print StrConv(ew.OutBuffer, vbUnicode)
End If
FreeLibrary lngExtraWork
Else
MsgBox "Failed to load IX86ExtraWork.dll!"
End If
End Sub
clsExtraWorkMarshaller
Option Explicit
' From David Fritts
' ASM corrected by David Fritts
' Class recast by Ulli
Private Declare Function GlobalAlloc Lib "kernel32" (ByVal wFlags As Long, ByVal dwBytes As Long) As Long
Private Declare Function GlobalFree Lib "kernel32" (ByVal hMem As Long) As Long
Private Declare Function GlobalLock Lib "kernel32" (ByVal hMem As Long) As Long
Private Declare Function GlobalUnlock Lib "kernel32" (ByVal hMem As Long) As Long
Private Type tPD
hMem As Long
PtrToOldCode As Long
End Type
Private ProcDetails() As tPD
Private VTIndex As Long
Private Code As Byte
Private CodeSize As Long
Private PtrToNewCode As Long
Private PtrToMyself As Long
Private i As Long
Private Sub Class_Initialize()
VTIndex = -1 'initialize index into Virtual Table
CallExtraWork 0, 0 'this sets up m/c code and modifies the VT
End Sub
Public Function CallExtraWork(ByVal lngFuncAddress As Long, ByVal lngEwAddress As Long) As Boolean
'this is in fact only called once during class initialize
'subsequent calls are diverted (via the VT) to the m/c code
DivertTo "8B442408 8B4C240C FFD0 8B542410 8902 31C0 C21000"
End Function
Private Sub DivertTo(ByVal HexCode As String)
VTIndex = VTIndex + 1 'inc index into VT
ReDim Preserve ProcDetails(0 To VTIndex) 'adjust array size
HexCode = Replace$(HexCode, " ", "") 'remove spaces from hex code
CodeSize = Len(HexCode) / 2 'length of the resulting binary code (2 hex chars per byte of code)
With ProcDetails(VTIndex)
.hMem = GlobalAlloc(0, CodeSize) 'get memory for m/c code and save handle
PtrToNewCode = GlobalLock(.hMem) 'get far pointer to allocated memory
For i = 0 To CodeSize - 1
Code = Val("&H" & Mid$(HexCode, i + i + 1, 2)) 'convert hex to binary m/c code
RtlMoveMemory ByVal PtrToNewCode + i, Code, 1 'store it in allocated memory
Next i
.PtrToOldCode = VirtualTableEntry 'save old VT entry; VTIndex determines which entry
VirtualTableEntry = PtrToNewCode 'overwrite VT entry; VTIndex determines which entry
GlobalUnlock .hMem 'unlock memory
End With 'PROCDETAILS(VTINDEX)
End Sub
Private Property Let VirtualTableEntry(ByVal FarPointer As Long)
RtlMoveMemory PtrToMyself, ByVal ObjPtr(Me), 4 'get pointer to object (Me)
RtlMoveMemory ByVal PtrToMyself + &H1C + VTIndex * 4, FarPointer, 4 'put VT entry
End Property
Private Property Get VirtualTableEntry() As Long
RtlMoveMemory PtrToMyself, ByVal ObjPtr(Me), 4 'get pointer to object (Me)
RtlMoveMemory VirtualTableEntry, ByVal PtrToMyself + &H1C + VTIndex * 4, 4 'get VT entry
End Property
Private Sub Class_Terminate()
For VTIndex = VTIndex To 0 Step -1 'VTIndex still points to the last VT entry overwritten
With ProcDetails(VTIndex)
VirtualTableEntry = .PtrToOldCode 'restore VT entry; VTIndex determines which entry
GlobalFree .hMem 'release memory used for m/c code
End With 'PROCDETAILS(VTINDEX)
Next VTIndex
End Sub
Note: I fixed the CallExtraWork so that it now returns a valid bool statement as to wether or not it succeeded. Thus, anyone who is using the older implementation should update!
Very nice TheMinistered. This thread should probably be archived in the BotDev reference board. Perhaps a section for "potential threads to archive" that are not yet a month old?
Quote from: BaDDBLooD on June 14, 2004, 11:08 PM
Anyone mind explaining the importance of parsing this packet, and how you would go about it in Visual Basic 6.0?
Format of 0x4A:
(STRING) MPQ name
shouldn't be too hard to parse
to my understanding, isn't ix86extrawork an 'mpq' file? if it's a dll file, where can i find this ix86extrawork.dll ?
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
Print the contents of OutBuffer after you call ExtraWork().
Quote from: Eibro[yL] on June 17, 2004, 12:17 PM
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
Print the contents of OutBuffer after you call ExtraWork().
thanks
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
.... that's what this entire thread was about.
Quote from: LoRd[nK] on June 17, 2004, 01:33 PM
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
.... that's what this entire thread was about.
but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info.
Quote from: GoSuGaMING on June 17, 2004, 01:55 PM
Quote from: LoRd[nK] on June 17, 2004, 01:33 PM
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
.... that's what this entire thread was about.
but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info.
Maybe you should learn how it actually works.
Quote from: UserLoser. on June 17, 2004, 01:58 PM
Quote from: GoSuGaMING on June 17, 2004, 01:55 PM
Quote from: LoRd[nK] on June 17, 2004, 01:33 PM
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
.... that's what this entire thread was about.
but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info.
Maybe you should learn how it actually works.
maby because for some reason i didn't even recieve 0x4a
my friends arent getting it either and when i packetlogged the client i didnt get it... did bnet remove it?
Quote from: GoSuGaMING on June 17, 2004, 02:47 PM
Quote from: UserLoser. on June 17, 2004, 01:58 PM
Quote from: GoSuGaMING on June 17, 2004, 01:55 PM
Quote from: LoRd[nK] on June 17, 2004, 01:33 PM
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
.... that's what this entire thread was about.
but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info.
Maybe you should learn how it actually works.
maby because for some reason i didn't even recieve 0x4a
my friends arent getting it either and when i packetlogged the client i didnt get it... did bnet remove it?
If you're not recieving it and you're sure your data handler isn't screwing up, then yes; Battle.net "removed" it. Every month or so, they send it for about 1-2 weeks.
Quote from: UserLoser. on June 17, 2004, 11:44 PM
Quote from: GoSuGaMING on June 17, 2004, 02:47 PM
Quote from: UserLoser. on June 17, 2004, 01:58 PM
Quote from: GoSuGaMING on June 17, 2004, 01:55 PM
Quote from: LoRd[nK] on June 17, 2004, 01:33 PM
Quote from: GoSuGaMING on June 17, 2004, 11:17 AM
Quote from: LoRd[nK] on June 15, 2004, 09:32 PM
Quote from: CoorsLight on June 15, 2004, 09:30 PM
where can i find this ix86extrawork.dll ?
Either inside of IX86ExtraWork.mpq or here (http://www.fictionwelive.com/LoRd/IX86ExtraWork.dll).
eh so how do u display the info :X its kinda pointless if it doesnt do anything :X
.... that's what this entire thread was about.
but with the code that was summitted by TheMinistered or w/e it didnt display any of packet info.
Maybe you should learn how it actually works.
maby because for some reason i didn't even recieve 0x4a
my friends arent getting it either and when i packetlogged the client i didnt get it... did bnet remove it?
If you're not recieving it and you're sure your data handler isn't screwing up, then yes; Battle.net "removed" it. Every month or so, they send it for about 1-2 weeks.
whats the point
It allows Battle.net to survey the system specs of people using their programs. As you can see where its registry value is stored, its probably to "Optimize" their software.....
Note that you also have to trick it into thinking that your timezone and locale place you in North America...