• Welcome to Valhalla Legends Archive.
 

IX86Ver#.mpq/dll Information

Started by iago, May 31, 2003, 10:28 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

iago

May 31, 2003, 10:28 PM Last Edit: June 22, 2004, 01:32 PM by Tuberload
I just had a couple questions about these, since I'm too lazy to find out for myself :)

1. Where do they come from? Are they stored/generated at runtime/downloaded?  I suspect that the .dll is stored in the .mpq but I'm not really sure...

2. What is the difference between IX86ver1.dll/IX86ver2.mpq/etc?  As far as I could tell, the checksum function is the exact same (although I never tested this theory, but the assembly looks the same)

3. This isn't about the actual files, but when the checksum function is called it's passed a hMPQ, but I can't find where it comes from, but I'm guessing it's from the corrosponding IX86ver?.mpq file.  Am I right in assuming that?

Thanks for any help!
-iago
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

dxoigmn

#1
May 31, 2003, 11:10 PM
Quote from: iago on May 31, 2003, 10:28 PM
I just had a couple questions about these, since I'm too lazy to find out for myself :)

1. Where do they come from? Are they stored/generated at runtime/downloaded?  I suspect that the .dll is stored in the .mpq but I'm not really sure...
I believe the client compares it's cached version to the FILETIME structure sent in SID_AUTH_INFO.  If it has the same FILETIME, then it uses the cached one; else it downloads the mpq in the same packet from the server.  The dll that exports CheckRevision is in the MPQ along with another file which I do not know the purpose of.

Quote from: iago on May 31, 2003, 10:28 PM
2. What is the difference between IX86ver1.dll/IX86ver2.mpq/etc?  As far as I could tell, the checksum function is the exact same (although I never tested this theory, but the assembly looks the same)
One (and only?) difference is the intial "CheckSumKey".  There may be other differences but from what I know the algorithm is the same for each dll.  As far the the other file in the MPQ, the contents differ.

Quote from: iago on May 31, 2003, 10:28 PM
3. This isn't about the actual files, but when the checksum function is called it's passed a hMPQ, but I can't find where it comes from, but I'm guessing it's from the corrosponding IX86ver?.mpq file.  Am I right in assuming that?
I'm not sure what you're talking about, but maybe it's the handle from LoadLibrary("IX86ver0.dll");?  Or it could be some internal handle that Storm.dll assigns the MPQ?

Quote from: iago on May 31, 2003, 10:28 PM
Thanks for any help!
-iago

No problem, HTH.

Skywing

#2
June 02, 2003, 02:39 PM
Quote from: kamakazie on May 31, 2003, 11:10 PM
Quote from: iago on May 31, 2003, 10:28 PM
I just had a couple questions about these, since I'm too lazy to find out for myself :)

1. Where do they come from? Are they stored/generated at runtime/downloaded?  I suspect that the .dll is stored in the .mpq but I'm not really sure...
I believe the client compares it's cached version to the FILETIME structure sent in SID_AUTH_INFO.  If it has the same FILETIME, then it uses the cached one; else it downloads the mpq in the same packet from the server.  The dll that exports CheckRevision is in the MPQ along with another file which I do not know the purpose of.

Quote from: iago on May 31, 2003, 10:28 PM
2. What is the difference between IX86ver1.dll/IX86ver2.mpq/etc?  As far as I could tell, the checksum function is the exact same (although I never tested this theory, but the assembly looks the same)
One (and only?) difference is the intial "CheckSumKey".  There may be other differences but from what I know the algorithm is the same for each dll.  As far the the other file in the MPQ, the contents differ.

Quote from: iago on May 31, 2003, 10:28 PM
3. This isn't about the actual files, but when the checksum function is called it's passed a hMPQ, but I can't find where it comes from, but I'm guessing it's from the corrosponding IX86ver?.mpq file.  Am I right in assuming that?
I'm not sure what you're talking about, but maybe it's the handle from LoadLibrary("IX86ver0.dll");?  Or it could be some internal handle that Storm.dll assigns the MPQ?

Quote from: iago on May 31, 2003, 10:28 PM
Thanks for any help!
-iago

No problem, HTH.
The other file in the MPQ is (signature), used by SFileAuthenticateArchive with CryptoAPI to verify that the archive was signed by Blizzard and has not been tampered with.
Print
|
Go Up Pages1
User actions