• Welcome to Valhalla Legends Archive.
 

D2 Game Decompression

Started by hi.times, March 14, 2005, 09:18 PM

Previous topic - Next topic

hi.times

hi all,

I have been trying to use brand.x's code, which is already posted on this forum, the getpacketsize function appears to work correctly but the decode function occasionally returns invalid sizes.

Not to sure if this is a known flaw or just me, could maybe one of you knowledgeable people confirm if this is true, or if there is a problem in both of the functions?

I have tried some reversing on d2net.dll with the help of userlosers post comments on this forum, which helped give me an idea where to look. Currently i have reversed( i think ) most of the packetsize function, although i have to admit i had a hardtime following the program flow in ida, so here is what i have done so far.


/*
_asm
{
mov eax, data[0] ; copy first byte into eax
cmp eax, 0F0h ; eax >= 0xF0?
jnb large ; ...

//jmp small ; eax < 0xF0
// still need to do the small case

large:
and eax , 0Fh ; mask off lower nibble
; mov  cl, byte ptr [esp+ebx+0AE0h+len+1] why??
shl eax , 8 ; left shift 8 bits
add eax , data[1] ; add eax + data[1]
lea ebx , offset ; load the address of offset into ebx
add ebx , 2 ; Increment offset by 2
sub eax , ebx ; subtract offset from eax
lea ecx , size ; load the address of size into ecx
mov ecx , eax ; store result in size
lea eax , data[ebx] ; load the address of data + ebx into eax
ret ; ...return eax



This was based off of this code in d2net.dll @  .text:6FC01423 loc_6FC01423 and .text:6FC01435 loc_6FC01435.

Im not entirely sure where to find the decode function, i have looked for it, but so far with no luck.

Thanks for any help in advance.

UserLoser.

Hmm, I don't have my notes anymore, sorry.  But something wants me to think that it's in D2Client somewhere.  I remember it being in D2Net and D2Client, but I think the code was different, not sure.  Maybe in a bit when I'm not so busy I can take a look, only problem is I don't have D2Net anymore since DII isn't installed.  If someone can put it up for download it would be great :)


hi.times

Thanks for the replies, i can have a look in d2client.dll but im not entirely sure what im looking for, by that i mean a non common signature value, maybe a hex value that doesnt occur often.

UserLoser.

Hmm, it might be D2Net!10030 where I saw the packet size table. 6FC08148 is PacketSizeTable.  It's just 32-bit value for the packet size, if it's 0xffffffff, then the size is determined when it's received (usually *(word*)(msg+1) if I remember correctly).  Actually, D2Client has more to this table such as the handling functions for every message.  So this makes me think that maybe D2Net is the compression for what is used for hosting games on "Open battle.net", while D2Client is for the client with decompression code.  I have not looked at D2Client in a while, and I am getting some sleep sometime soon this night =)

hi.times

Quote from: UserLoser on March 14, 2005, 10:29 PM
Hmm, it might be D2Net!10030 where I saw the packet size table. 6FC08148 is PacketSizeTable.  It's just 32-bit value for the packet size, if it's 0xffffffff, then the size is determined when it's received (usually *(word*)(msg+1) if I remember correctly).  Actually, D2Client has more to this table such as the handling functions for every message.  So this makes me think that maybe D2Net is the compression for what is used for hosting games on "Open battle.net", while D2Client is for the client with decompression code.  I have not looked at D2Client in a while, and I am getting some sleep sometime soon this night =)

Hehe, thanks for the info, i have used your offset information to get the packet size tables :)

As for D2Client, i will try and hunt down that decode function. I find it strange they dont use a single routine for both open and closed though :(

Thanks alot UserLoser for the headstart, and rabbit for providing d2net.dll.