• Welcome to Valhalla Legends Archive.
 

Unrecognized BNCS packet SID_005E received

Started by Spht, June 05, 2007, 02:19 PM

Previous topic - Next topic

iago

Quote from: Rob on June 11, 2007, 08:28 PM
Quote from: Ringo on June 11, 2007, 11:50 AM


0x1904216A -> 32bit
0x19043F61 -> 128bit hash
0x190467CA -> 32bit
0x19046FF5 -> 32bit



These are the closest values I could find.

0x19042168 = Unsure.  IDA states that this is FileTime.dwHighDateTime.  I did not debug to verify.

0x19043F60 = ValueString from 0x50

0x190467C8 = return of a call to GetTickCount

0x19046FF5 = a FileTime struct

0x19042168 = Unsure.  IDA states that this is FileTime.dwHighDateTime.  I did not debug to verify.
This seems to be the first 4 bytes of the CDKey value hash. The variable its set from is also the mpq's high filetime, the cdkey public value, and blank for awhile. It really gets around :)

0x19046FF5 = a FileTime struct
Specifically, it seems to be a FileTime struct whose value is the current system time.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



|