(socks4) NON NLS.dll Questions!!!!112

NetNX · September 25, 2004, 11:50 AM

YAY!, Non-NLS.dll questions!


        Dim splt() As String, str As String, i As Integer
        Server = LCase(Server)

        splt = Split(Server, ".")
            For i = 0 To UBound(splt)
                str = str & Chr(CStr(splt(i)))
            Next i
        
        sckBnet.SendData Chr(&H4) & Chr(&H1) & Chr(&H17) & Chr(&HE0) & str & "anonymous" & Chr(&H0)
        RaiseEvent ProxyInfo("Connected!")

im trying to reverse this:

could someone explain to me

Code Select

Chr(&H4) & Chr(&H1) & Chr(&H17) & Chr(&HE0)

Thanks to baddblood for redirecting me to the socks4 protocol information page. I have figured out that somewhere within these for bytes it specifys the port #. it also says that the first and second byte... well look

Quote
+----+----+----+----+----+----+----+----+----+----+....+----+
      | VN | CD | DSTPORT | DSTIP | USERID |NULL|
      +----+----+----+----+----+----+----+----+----+----+....+----+
# of bytes:    1 1 2 4 variable 1

VN = Chr(&H4)
CD = Chr(&H1)
DSPORT= ?!?! 'Remore port
DSTIP = Forwarding IPaddress
USERID = "anonymous"

What im trying to figure out is how 2 bytes turns into 6112(the battle.net port #)

Banana fanna fo fanna · September 25, 2004, 12:00 PM

Wow...and you say you've written a binary bot?

Hint: those two bytes are a WORD.

NetNX · September 25, 2004, 12:02 PM

yes i understand that?

shadypalm88 · September 25, 2004, 12:02 PM

Quote from: NetNX on September 25, 2004, 11:50 AMWhat im trying to figure out is how 2 bytes turns into 6112(the battle.net port #)

Umm....

2 bytes is just the size (i.e. in memory) of the number. In Visual Basic this is called an integer. In the protocol documentation I'm familiar with, this is called a WORD.

Surely if you're writing a bot in Visual Basic, you're using DM's packetbuffer or something similar, and know about .InsertWORD.

The only difference with this particular number (the port) is it must be converted to network byte order through a call to htons().

The declaration of this (just typing it in here) is:

Code Select

Public Declare Function htons Lib "ws2_32.dll" (ByVal Number As Integer) As IntegerNote: This may really be winsock2.dll or something similar, I don't quite remember.

NetNX · September 25, 2004, 12:06 PM

so your saying that if u do htons(6112) that is equal to Chr(&H17) & Chr(&HE0) ?

shadypalm88 · September 25, 2004, 12:16 PM

Quote from: NetNX on September 25, 2004, 12:06 PM
so your saying that if u do htons(6112) that is equal to Chr(&H17) & Chr(&HE0) ?

By a quick check, yes. But that won't help you much when you try and put the IP in.

Note: My quick check follows (I didn't really have to use htons since this is a mac, but whatever).

Code Select

#include <stdio.h>
#include <machine/endian.h>

int main() {
    printf("htons(6112) = 0x%X\n", htons(6112));
    return 0;
}

Code Select

$ ./test
htons(6112) = 0x17E0

NetNX · September 25, 2004, 12:21 PM

well i got the ip part of it down

BaDDBLooD · September 25, 2004, 12:22 PM

This should be all you need

http://forum.valhallalegends.com/phpbbs/index.php?board=17;action=display;threadid=8743

NetNX · September 25, 2004, 12:26 PM

alright i executed

Code Select

MsgBox htons(6112)
and i got the message box that says -8169

shadypalm88 · September 25, 2004, 12:28 PM

Quote from: NetNX on September 25, 2004, 12:26 PM
alright i executed
Code Select Expand
MsgBox htons(6112)
and i got the message box that says -8169

Your point is... what?