• Welcome to Valhalla Legends Archive.
 

[C++] Parsing SID_READUSERDATA

Started by Okee, July 28, 2005, 06:16 PM

Previous topic - Next topic

Okee

Hey guys, I've sent SID_READUSERDATA correctly, and can see the data in my packet logs. I'm just working on extracting this. Looks to me like my code should display the profile correctly, but I'll let ya'll look at it and see if you can tell me why it isn't printing it.


#define PACKET_HEAD 4

...

void HandleReadUserData(char *data) {
unsigned long Accounts = *(unsigned long*)(data + PACKET_HEAD);
unsigned long Keys = *(unsigned long*)(data + PACKET_HEAD + 4);

strcpy(szProfileData.szAge, data + PACKET_HEAD + 12);
strcpy(szProfileData.szSex, data + PACKET_HEAD + 12 + strlen(szProfileData.szAge));
strcpy(szProfileData.szLocation, data + PACKET_HEAD + 12 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex));
strcpy(szProfileData.szDescription, data + PACKET_HEAD + 12 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex) + strlen(szProfileData.szLocation));

AppendText(hBNChat, GRAY, "Age: %s\nSex: %s\nLocation: %s\nDescription: %s\n", szProfileData.szAge, szProfileData.szSex, szProfileData.szLocation, szProfileData.szDescription);
return;
}


data contains the entire packets contents. I use + PACKET_HEAD to read past the header, and the + 12 reads past the first 3 DWORDS. The rest should be as easy as I have it done here, but it's printing blank lines when I call my AppendText function.

Anyone know why possibly?

UserLoser.

#1
Age can't be set/requested anymore, so toss that out.  And it should probably be:

strcpy(szProfileData.szSex, data + PACKET_HEAD + 13 + strlen(szProfileData.szAge));
strcpy(szProfileData.szLocation, data + PACKET_HEAD + 14 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex));
strcpy(szProfileData.szDescription, data + PACKET_HEAD + 15 + strlen(szProfileData.szAge) + strlen(szProfileData.szSex) + strlen(szProfileData.szLocation));


Assuming 12 is right position, you will always be copying an empty string into each of your variables.  Why you ask?  Because age can't be requested, so it'll just be an empty value there, with null terminator behind it.  Then for the rest of the variables you're doing 12 + len(age), so you're really just grabbing the age again [which doesn't exist].  I'd prefer using a system like this.

Kp

Also, unless your buffers are quite large, you risk a heap corruption if someone sets a malicious profile and you subsequently query it.  Learn to use length-checked copy operations.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

warz

Quote from: Kp on July 28, 2005, 09:25 PM
Also, unless your buffers are quite large, you risk a heap corruption if someone sets a malicious profile and you subsequently query it.  Learn to use length-checked copy operations.

I'm pretty interested in that. What do you mean by length checked?

Eric

Quote from: warz on July 28, 2005, 10:40 PM
Quote from: Kp on July 28, 2005, 09:25 PM
Also, unless your buffers are quite large, you risk a heap corruption if someone sets a malicious profile and you subsequently query it.  Learn to use length-checked copy operations.

I'm pretty interested in that. What do you mean by length checked?

strncpy(), for example.