• Welcome to Valhalla Legends Archive.
 

Packet 0x26 Help

Started by Spilled, February 15, 2005, 10:08 AM

Previous topic - Next topic

Spilled

I know you guys have gone over this before and yes i have read all the topics on this and i somewhat understand it, im having no problem sending the packet i have packet logged it sending and recieved the packet but i am lost on what to do with it when i recieve the packet back. reading the other post's i know i need the FileTime function. Can anyone help me parse the packet cuz i am lost when it comes to that. My code for sending it is here:


            InsertDWORD 1
            InsertDWORD 4
            InsertDWORD &H45
            InsertNTString strUser
            InsertNTString "profile\sex"
            InsertNTString "profile\age"
            InsertNTString "profile\location"
            InsertNTString "profile\description"
               SendPacket &H26


I dont believe im sending it wrong because im not getting disconnected and i am getting a response just lost on what to do when i recieve it back. All i know is i need to use the FileTime function, where would i get this function and how would i use it to parse this packet? Any help is appreciated, thx

Spilled[DW]

shout

It appears that battle.net echos back the first 3 DWORDS. Then there is an array of strings reporting the keys requested.

Spilled

well yea battle.net echos back the DWORD's and the keys that i request but how would i go about parsing the packet and using the FILETIME function was my question to you...

CrAz3D

Well, to begin, you're sending the wrong info for the "Created On, Last Logon, Last Logoff, Time Logged" system information.

You should be requesting this:
"System\Username"
"System\Account Created"
"System\Last Logon"
"System\Last Logoff"
"System\Time Logged"

It will be returned like this:
Quote0000  FF 26 5F 00 01 00 00 00 05 00 00 00 00 97 1F 08    .&_.............
0010  43 72 41 7A 33 44 5B 78 4C 5D 00 32 39 36 30 30    CrAz3D[xL].29600
0020  38 39 37 20 34 31 36 34 33 38 34 36 35 37 00 32    897 4164384657.2
0030  39 36 39 32 37 39 38 20 32 35 31 38 39 31 35 35    9692798 25189155
0040  31 37 00 32 39 36 39 32 37 39 38 20 32 35 31 33    17.29692798 2513
0050  31 33 34 33 30 34 00 36 35 32 36 39 30 33 00       134304.6526903.

After seperating that info apart, you can use the FileTimeToLocalFileTime & then FileTimeToSystemTime & display your findings.

Public Declare Function FileTimeToLocalFileTime Lib "kernel32" (lpFileTime As FILETIME, lpLocalFileTime As FILETIME) As Long
Public Declare Function FileTimeToSystemTime Lib "kernel32" (lpFileTime As FILETIME, lpSystemTime As SYSTEMTIME) As Long
Public Type FILETIME
        dwLowDateTime As Long
        dwHighDateTime As Long
End Type
Public Type SYSTEMTIME
        wYear As Integer
        wMonth As Integer
        wDayOfWeek As Integer
        wDay As Integer
        wHour As Integer
        wMinute As Integer
        wSecond As Integer
        wMilliseconds As Integer
End Type


What I did, after recieving 0x26 from bnet, I took the info that mattered to me & set about to finding the FileTime values.

I found the Profile info, split that by the nullterminator dude, Chr(0).  Then I split THAT data by a space, " " or Space(1), & set my FileTime.HighDate to the 1st item in the last array & FileTime.LowDat to the 2nd item in the array that is split by the Space.
Now I call FileTimeToLocalFileTime & then FileTimeToSystemTime

Now that we have the first item in the array split by Chr(0), we can move on to the next item in the array & do it the same way.



For the LAST item in the "split by Chr(0)" array I just used this ConvertTime() function to change the data sent to me by Battle.Net into something that is more understandable to me.
Public Function ConvertTime(ByVal lngMS As Double) As String
    Dim lngSeconds As Long, lngDays As Long, lngHours As Long, lngMins As Long
    Dim strSeconds As String, strDays As String
    lngSeconds = lngMS / 1000
    lngDays = Int(lngSeconds / 86400)
    lngSeconds = lngSeconds Mod 86400
    lngHours = Int(lngSeconds / 3600)
    lngSeconds = lngSeconds Mod 3600
    lngMins = Int(lngSeconds / 60)
    lngSeconds = lngSeconds Mod 60
    If lngSeconds <> 1 Then strSeconds = "s"
    If lngDays <> 1 Then strDays = "s"
    ConvertTime = lngDays & " day" & strDays & ", " & lngHours & " hours, " & lngMins & " minutes and " & lngSeconds & " second" & strSeconds
End Function



I think that about wraps it up, more questions ask away
   
   
rebundance - having or being in excess of sheer stupidity
(ré-bun-dance)
Quote from: Spht on June 22, 2004, 07:32 PMSlap.
Quote from: Adron on January 28, 2005, 09:17 AMIn a way, I believe that religion is inherently evil, which includes Christianity. I'd also say Christianity is eviller than Buddhism (has more potential for evil).
Quote from: iago on April 19, 2005, 01:06 PM
CrAz3D's ... is too big vertically, at least, too big with ... iago ...

Spilled

Ok i read what you said and fixed how i was sending the packet that code looks  like this:



            Connection.InsertDWORD 1
            Connection.InsertDWORD 5
            Connection.InsertDWORD &H45
            Connection.InsertNTString "Spilled[DW]"
            Connection.InsertNTString "System\Username"
            Connection.InsertNTString "System\Account Created"
            Connection.InsertNTString "System\Last Logon"
            Connection.InsertNTString "System\Last Logoff"
            Connection.InsertNTString "System\Time Logged"
            Connection.SendPacket &H26


I took the convertime function the and Filetime API's and added those to my module but when i was reading how you said the parse the packet you kind of lost me on that sry, if you could help me on that a little it would be  much appreciated... thanks crazed :D

Spilled

#5
ooops sry forgot to post what i packet logged, here you go


1  Hide  Hide  123  Send 
0000  FF 26 7B 00 01 00 00 00 05 00 00 00 45 00 00 00    .&{.........E...
0010  53 70 69 6C 6C 65 64 5B 44 57 5D 00 53 79 73 74    Spilled[DW].Syst
0020  65 6D 5C 55 73 65 72 6E 61 6D 65 00 53 79 73 74    em\Username.Syst
0030  65 6D 5C 41 63 63 6F 75 6E 74 20 43 72 65 61 74    em\Account Creat
0040  65 64 00 53 79 73 74 65 6D 5C 4C 61 73 74 20 4C    ed.System\Last L
0050  6F 67 6F 6E 00 53 79 73 74 65 6D 5C 4C 61 73 74    ogon.System\Last
0060  20 4C 6F 67 6F 66 66 00 53 79 73 74 65 6D 5C 54     Logoff.System\T
0070  69 6D 65 20 4C 6F 67 67 65 64 00                   ime Logged.

2  Hide  Hide  95  Recv 
0000  FF 26 5F 00 01 00 00 00 05 00 00 00 45 00 00 00    .&_.........E...
0010  73 70 69 6C 6C 65 64 5B 64 77 5D 00 32 39 36 35    spilled[dw].2965
0020  34 38 31 35 20 32 39 38 31 39 31 31 30 31 30 00    4815 2981911010.
0030  32 39 36 39 32 38 30 33 20 39 36 37 36 31 37 30    29692803 9676170
0040  38 37 00 32 39 36 39 32 38 30 32 20 32 38 33 30    87.29692802 2830
0050  30 38 34 33 38 33 00 36 37 37 35 35 37 34 00       084383.6775574.



o and sry about the double post everyone!

Looking at the logged recieved packet, on the first key would 29654815 be the highdate and 2981911010 be the low date?

Edit#2: Wait that would be the 2nd key cuz the first key we used was System/Username so thats why Spilled[DW] is there so 29654815 is the 2nd key's high date and 2981911010 is the low date of the 2nd key correct me if im wrong?

Blaze

The one on the left of the space is low, the one on the right is the high, or am I mistaken?
Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

Spilled

hrmm i thought the left was high anyone wanna clear this up for us? on the other hand now that i know which is low/high how would i use the FileTime functions? can anyone help me parse one of these keys? if i was shown how to use the function on 1 im sure i could do the other keys on my own, thx to all that has helped me much appreciated :D

Hdx

As posted above:
Public Declare Function FileTimeToLocalFileTime Lib "kernel32" (lpFileTime As FILETIME, lpLocalFileTime As FILETIME) As Long
Public Declare Function FileTimeToSystemTime Lib "kernel32" (lpFileTime As FILETIME, lpSystemTime As SYSTEMTIME) As Long

Simpley put the Low/High Info into the corrsponding parts og the File Time struct, then pass it through FileTimeToSystemTime() and use the resulting system time as such:
Public Function FTtoST(High as long, Low as long) as string
   Dim FT as FileTime, ST as SystemTime
   FT.dwLowDateTime = Low
   FT.dwHighDateTime = High
   Call FileTimeToSystemTime(FT, ST)
   With ST
      FTtoST = .wMonth & "/" & .wDay & "/" & .wYear & Space(1) & .wHour & ":" & .wMinute & ":" & .wSecond & "." & .wMilliseconds
End Function

Sorry GTG period is ending. i'll check back tonight and finish up.
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Spilled

Ok, i split the data and placed the high and low time into a variable, while i did this i packet logged and inserted a break point to make sure my variables were correct and heres the packet i recieved


1  Hide  Hide  67  Send 
0000  FF 26 43 00 01 00 00 00 02 00 00 00 45 00 00 00    .&C.........E...
0010  53 70 69 6C 6C 65 64 5B 44 57 5D 00 53 79 73 74    Spilled[DW].Syst
0020  65 6D 5C 55 73 65 72 6E 61 6D 65 00 53 79 73 74    em\Username.Syst
0030  65 6D 5C 41 63 63 6F 75 6E 74 20 43 72 65 61 74    em\Account Creat
0040  65 64 00                                           ed.

2  Hide  Hide  48  Recv 
0000  FF 26 30 00 01 00 00 00 02 00 00 00 45 00 00 00    .&0.........E...
0010  73 70 69 6C 6C 65 64 5B 64 77 5D 00 32 39 36 35    spilled[dw].2965
0020  34 38 31 35 20 32 39 38 31 39 31 31 30 31 30 00    4815 2981911010.



I checked if my variables were the correct value and
Info(0) = 29654815
Info(1) = 2981911010
Then i passed these variables into the function you gave me (FTtoST) like this:

Addchat vbWhite, "Account Created: " & FTtoST(info(0), info(1))


heres the Function:


Public Function FTtoST(High As Long, Low As Long) As String
   Dim FT As FILETIME, ST As SYSTEMTIME
   FT.dwLowDateTime = Low
   FT.dwHighDateTime = High
   Call FileTimeToSystemTime(FT, ST)
   With ST
      FTtoST = .wMonth & "/" & .wDay & "/" & .wYear & Space(1) & .wHour & ":" & .wMinute & ":" & .wSecond & "." & .wMilliseconds
   End With
End Function


When i do this i get an error, "OverFlow" was it i believe, i doubled checked my variables and they are exactly what they should be.
Any help would be MUCH appreciated, thx everyone.

Blaze

Quote
Mitosis: Haha, Im great arent I!
hismajesty[yL]: No

Spilled

#11
So i am passing the High and Low into the function correctly? i just need to add that module to control the variable over flow?

Spilled

Ive added the module on the post you provided me, but im lost on what to do now, I Tried passing the high and low into the FTtoST function and it is still overflowing. Lost on what to do now any help?

Hdx

If you would of read the post, you should know that what you need to do is check if teh Number is > 2147483647, If so then subtract 4294967296#
from the number and add the result to the FT struct.
Well using my example:
Public Function FTtoST(High as long, Low as long) as string
   Dim FT as FileTime, ST as SystemTime
   FT.dwLowDateTime = IIF(Low > 2147483647, Low - 4294967296#, Low)
   FT.dwHighDateTime = IIF(High > 2147483647, High - 4294967296#, High)
   Call FileTimeToSystemTime(FT, ST)
   With ST
      FTtoST = .wMonth & "/" & .wDay & "/" & .wYear & Space(1) & .wHour & ":" & .wMinute & ":" & .wSecond & "." & .wMilliseconds
End Function

This *should* stop the over flow.
Works on my bot :/
~-~(HDX)~-~

Proud host of the JBLS server www.JBLS.org.
JBLS.org Status:
JBLS/BNLS Server Status

Spilled

I tried reading and lookin at that tutorial but i just didnt get it, ill try this and keep you posted check back soon as possible thanks alot

Edit: Left is high and right is low, correct me if im wrong anyone?