• Welcome to Valhalla Legends Archive.
 

VB Checksum Attempt!!

Started by Minux, September 23, 2004, 10:35 PM

Previous topic - Next topic

Minux

Trying to get the Checksum result, makes it down to the bottom but I am getting overflows, any suggestions are appreciated!

I am using set values

Hash = A=908409264 B=143723687 C=373763967 4 A=A^S B=B^C C=C+A A=A+B
MPQName = IX86ver7.mpq

And the result Checksum from using CheckRevision.dll = -1345969277


Modified, it actually performs the checksum now, but not giving the correct number.

Original code is  here


Private Function GetChecksum(ByVal Hash As String, ByVal MPQName As String, ByVal FilePath As String, ByVal FileName1 As String, ByVal FileName2 As String, ByVal FileName3 As String) As Long

Dim dwMpqChecksumKeys(7) As Long

dwMpqChecksumKeys(0) = &HE7F4CB62
dwMpqChecksumKeys(1) = &HF6A14FFC
dwMpqChecksumKeys(2) = &HAA5504AF
dwMpqChecksumKeys(3) = &H871FCDC2
dwMpqChecksumKeys(4) = &H11BF6A18
dwMpqChecksumKeys(5) = &HC57292E6
dwMpqChecksumKeys(6) = &H7927D27E
dwMpqChecksumKeys(7) = &H2FEC8733

'// First, parse the versionString to name=value pairs and put them
'// in the appropriate place
Dim values(4) As Long
Dim opValueDest(4) As Long
Dim opValueSrc1(4)  As Long
Dim operation(4)  As String
Dim opValueSrc2(4)  As Long
Dim hFile As Long, hFileMapping As Long, lpdwBuffer() As Byte
Dim dwTotalSize As Long, dwSize As Long, dwBytesRead As Long, dwVariables(4) As Long

Dim mpqNum As String
mpqNum = Mid(MPQName, InStr(MPQName, ".") - 1, 1)


'// Break this apart at the spaces
Dim s() As String
s = Split(Hash, " ")
Dim currentFormula As Integer
currentFormula = 0
For i = 0 To UBound(s)

Dim thisToken As String
thisToken = s(i)
'// As long as there is an '=' in the string
If InStr(thisToken, "=") Then
'// Break it apart at the '='
Dim nameValue() As String
nameValue = Split(thisToken, "=")

If UBound(nameValue) <> 1 Then CheckSum = &H0: Exit Function

Dim variable As Integer
variable = getNum(Left(nameValue(0), 1))

Dim value As String
value = nameValue(1)

'// If it starts with a number, assign that
'// number to the appropriate variable

If IsNumeric(Left(value, 1)) Then
values(variable) = Val(value)
Else
opValueDest(currentFormula) = variable

opValueSrc1(currentFormula) = getNum(Left(value, 1))
operation(currentFormula) = Mid(value, 2, 1)
opValueSrc2(currentFormula) = getNum(Mid(value, 3, 1))

currentFormula = currentFormula + 1

End If
End If
Next i

values(0) = values(0) Xor dwMpqChecksumKeys(mpqNum)

Dim FileNames(2) As String
FileNames(0) = FilePath & FileName1
FileNames(1) = FilePath & FileName2
FileNames(2) = FilePath & FileName3

For i = 0 To 2
   
Dim RoundedSize As Long
   
RoundedSize = ((FileLen(FileNames(i)) / 1024) * 1024)

ReDim lpdwBuffer(1 To RoundedSize)

Close #1

Open FileNames(i) For Binary Access Read As #1

Get #1, 1, lpdwBuffer

Close #1

Dim j As Long
Dim k As Long

For j = 1 To RoundedSize Step &H4

values(3) = lpdwBuffer(j)

For k = 0 To currentFormula - 1

Select Case operation(k)
Case "+"
values(opValueDest(k)) = Add(values(opValueSrc1(k)), values(opValueSrc2(k)))
GoTo Break2

Case "-"
values(opValueDest(k)) = values(opValueSrc1(k)) - values(opValueSrc2(k))
GoTo Break2

Case "^"
values(opValueDest(k)) = values(opValueSrc1(k)) Xor values(opValueSrc2(k))
GoTo Break2

Case Else
GetChecksum = &H0
Exit Function
End Select

Break2:

Next k
Next j

Next i

GetChecksum = values(2)

End Function

  Private Function getNum(c As String) As Integer
       c = UCase(c)
       If c = "S" Then
           getNum = 3
       Else
           getNum = Asc(c) - Asc("A")
       End If
  End Function


Private Function Add(ByVal number1 As Long, ByVal number2 As Long) As Long
   Add = DtoL(CDbl(number1) + CDbl(number2))
End Function


Private Function DtoL(ByVal num As Double) As Long
   While num > &H7FFFFFFF
       num = num - 4294967296#
   Wend
   While num < &H80000000
       num = num + 4294967296#
   Wend
   DtoL = CLng(num)
End Function


Big thanks to iago obviously for making the original Java version of this.

UserLoser.

#1
Small note, in Yobgul's code, you should remove, comment out, or ignore s++; at the near bottom.  This cuts off the first character of the executable's name.  Instead of "Starcraft"... it'll be "tarcraft"...  Also, you don't need to post the declare functions or constants (this might allow a single post), since those can be found all over

Zakath

UL, I believe you are in error. Yobgul's code does not cut anything off (just tested this, string was "Game.exe blah blah blah blah").
Quote from: iago on February 02, 2005, 03:07 PM
Yes, you can't have everybody...contributing to the main source repository.  That would be stupid and create chaos.

Opensource projects...would be dumb.

iago

Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc.

If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Skywing

Quote from: iago on September 24, 2004, 06:30 PM
Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc.

If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.
BTW, I think Blizzard's implementation has at least 3 crash bugs if the formula is malformed in certain specific ways.

iago

Quote from: Skywing on September 24, 2004, 06:37 PM
Quote from: iago on September 24, 2004, 06:30 PM
Yobgul's code has a lot of potential buffer overflows, stack overflows, heap overflows, arbitrary code executation potentials, etc.

If you're going to let anybody untrusted run it on your computer (for whatever reason), be careful.
BTW, I think Blizzard's implementation has at least 3 crash bugs if the formula is malformed in certain specific ways.

My Java variation will throw an exception and fail on certain conditions, but it's a controlled exception (thrown by me, not by a random failure).  I really ought to go back and fix that sometime, but unless Blizzard changes their conventions it's kinda pointless.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Minux

#6
Actually performs the checksum now, just needs some tweaking to get it to produce the right output I hope.

I get
Quote
-1648790596

Number needed
Quote
-1345969277

If anyone sees any bugs off hand or anything that might screw up the final checksum other than it being written in VB please don't hesitate to point it out!

I still need help making this work correctly, please somebody, anybody. I am not using stolen code like the people asking for help on NLS.dll, I am using an open source reference which was allowed by iago, in case that is stopping you from helping me. :(

l)ragon

#7
Private Function DtoL(ByVal num As Double) As Long
   While num > &H7FFFFFFF
       num = num - 4294967296#
   Wend
   While num < &H80000000
       num = num + 4294967296#
   Wend
   DtoL = CLng(num)
End Function


From my first glance at this, you might run into some problems with the following function.

Edit: Set up a while loop with the following and you may see what I mean.
While (num > &H7FFFFFFF) Or (num < &H80000000)
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*