D2GS Packet Parser

LivedKrad · July 12, 2005, 01:05 PM

Any idea on a practical way of developing a parser for these packets? Most of the time the packets do not come with a length value within them, and those that don't are normally a set length. The problem with that is, it seems like one would need to know the sizes of all definite existing packets before writing a suitable parser to handle packets that have no length specifiers in them.

Any ideas? *frustrated*

dxoigmn · July 12, 2005, 01:10 PM

IIRC, that's the only way to do it. Easiest way is to setup a large table where each index corresponds to the packet id and the value at that index is the length of the packet or some special value (-1) if it is a packet that has a dynamic size.

LivedKrad · July 12, 2005, 01:24 PM

Sigh, I suppose I could just keep parsing all the packets I can and grab their sizes. I'll post in the D2GS forum or BnetDocs forum regarding all the sizes I find, for the lazier of us.

dxoigmn · July 12, 2005, 05:32 PM

Quote from: LivedKrad.fe on July 12, 2005, 01:24 PM
Sigh, I suppose I could just keep parsing all the packets I can and grab their sizes. I'll post in the D2GS forum or BnetDocs forum regarding all the sizes I find, for the lazier of us.

Can always look at the disassembly. Someone posted the packet sizes for all packets a while back and I think they even posted the offset where they found them.

References:

http://forum.valhallalegends.com/phpbbs/index.php?topic=7783.0
http://forum.valhallalegends.com/phpbbs/index.php?topic=9752.0
http://forum.valhallalegends.com/phpbbs/index.php?topic=10929.0

Elneroth · July 12, 2005, 05:50 PM

As I see in one of the posts,

QuoteFor those of you interested in this look in D2Net.dll @ .data:6FC08148 PacketSizeTable. It seems to be:

Code:
DWORD PacketSizeTable[] = { 0x1, 0x8, 0x1, 0xc, ... };

Where 0x1, would be length of packet 0x0, 0x8 is length of packet 0x1, and so on.

Is there anywhere I can find a full copy of this table?
I don't know disassembly at all, just wondering.

LordNevar · July 12, 2005, 05:56 PM

Not sure if this link will help, but you never know till you try.

http://forum.valhallalegends.com/phpbbs/index.php?topic=585.0

Elneroth · July 12, 2005, 06:07 PM

I'm looking at the following, don't know how to access the table he mentioned.
.data:6FC08148 dword_6FC08148 dd 1 ; DATA XREF: D2Net_10030+38r

I'm using IDA 4.8

Any help?

QuoteNot sure if this link will help, but you never know till you try.

http://forum.valhallalegends.com/phpbbs/index.php?topic=585.0

I believe that's just for decompression.

Ringo · July 12, 2005, 06:50 PM

I dont see why you think its so important to know all the packet lengh's, all you need to think of is a better method of data handling.
A debugger/dissembler is not needed, only a small bit of brain power.

This is a research project iv been working on, it only has 4 packets in its decompression parser:

Code Select


[00:43:59] Creating Game Approoved!
[00:43:59] Join Game Approoved!
[00:43:59] Connected To D2GS!!
[00:43:59] Got D2GS Startup Packet
[00:43:59]  AE 01
[00:43:59] Sent Logon
[00:43:59] Got 2nd D2GS Startup Packet
[00:43:59]  02 5C
[00:43:59] Entering World..
[00:43:59] 0x59 We Are In View and are pid is FC A5 99 6E
[00:43:59] We are standing at X=5733 Y=5998
[00:43:59] Asigned Charsi to the map at X=5694 Y=5987
[00:43:59] Asigned a Act1 Waypoint to the map at X=5714 Y=5969
[00:43:59] Asigned a Stash to the map at X=5726 Y=5999
[00:43:59] Are merc is standing at X=5733 Y=5998
[00:43:59] Asigned Alkara to the map at X=5792 Y=5976
[00:43:59] Asigned Warriv to the map at X=5726 Y=6005
[00:43:59] Asigned Kashya to the map at X=5753 Y=6006
[00:43:59] Asigned Deckard Cain to the map at X=5743 Y=6015

And the packets that do have fixed legnhs are soo easy to spot.
Its the ones with out lenghs that maybe a problem.

Elneroth · July 12, 2005, 06:52 PM

Well, I maybe found what he was talking about...

Code Select

1, 3 dup(0)
8, 3 dup(0)
1, 3 dup(0)
Ch, 3 dup(0) ;0

1, 3 dup(0)
1, 3 dup(0)
1, 3 dup(0)
6, 3 dup(0)  ;16

6, 3 dup(0)
0Bh, 3 dup(0)
6, 3 dup(0)
6, 3 dup(0)  ;32

9, 3 dup(0)
0Dh, 3 dup(0)
0Ch, 3 dup(0)
10h, 3 dup(0) ;48

10h, 3 dup(0)
8, 3 dup(0)
1Ah, 3 dup(0)
0Eh, 3 dup(0) ;64

12h, 3 dup(0)
0Bh, 3 dup(0)
4 dup(0FFh)
4 dup(0)      ;80

0Fh, 3 dup(0)
2, 3 dup(0)
2, 3 dup(0)
3, 3 dup(0)   ;96

5, 3 dup(0)
3, 3 dup(0)
4, 3 dup(0)
6, 3 dup(0)   ;112

0Ah, 3 dup(0)
0Ch, 3 dup(0)
0Ch, 3 dup(0)
0Dh, 3 dup(0) ;128

5Ah, 3 dup(0)
5Ah, 3 dup(0)
4 dup(0FFh)
28h, 3 dup(0) ;144

67h, 3 dup(0)
61h, 3 dup(0)
0Fh, 3 dup(0)
8, 47h dup(0) ;160

4 dup(0FFh)
8, 3 dup(0)
0Dh, 7 dup(0)
6, 0Bh dup(0) ;248

0Dh, 7 dup(0)
0Bh, 3 dup(0)
0Bh, 0Fh dup(0)
10h, 3 dup(0) ;276

11h, 3 dup(0)
7, 3 dup(0)
1, 3 dup(0)
0Fh, 3 dup(0) ;305

0Eh, 3 dup(0)
2Ah, 3 dup(0)
0Ah, 3 dup(0) ;321

3, 0Bh dup(0)
0Eh, 3 dup(0)
7, 3 dup(0)
1Ah, 3 dup(0) ;336

28h, 3 dup(0)
4 dup(0FFh)
5, 3 dup(0)
6, 3 dup(0)   ;360

26h, 3 dup(0)
5, 3 dup(0)
7, 3 dup(0)
2, 3 dup(0)   ;376

7, 3 dup(0)
15h, 7 dup(0)
7, 3 dup(0)
7, 3 dup(0)   ;392

10h, 3 dup(0)
15h, 3 dup(0)
0Ch, 3 dup(0)
0Ch, 3 dup(0) ;412

10h, 3 dup(0)
10h, 3 dup(0)
0Ah, 3 dup(0)
1, 3 dup(0)   ;428

1, 3 dup(0)
1, 3 dup(0)
1, 3 dup(0)
1, 3 dup(0)   ;444

20h, 3 dup(0)
0Ah, 3 dup(0)
0Dh, 3 dup(0)
6, 3 dup(0)   ;460

2, 3 dup(0)
15h, 3 dup(0)
6, 3 dup(0)
0Dh, 3 dup(0) ;476

8, 3 dup(0)
6, 3 dup(0)
12h, 3 dup(0)
5, 3 dup(0)   ;492

0Ah, 7 dup(0)
14h, 3 dup(0)
1Dh, 1Bh dup(0)
2, 3 dup(0)   ;508

6, 3 dup(0)
6, 3 dup(0)
0Bh, 3 dup(0)
7, 3 dup(0)   ;552

0Ah, 3 dup(0)
21h, 3 dup(0)
0D, 3 dup(0)
1Ah, 3 dup(0) ;568

6, 3 dup(0)
8, 3 dup(0)
4 dup(0FFh)
0Dh, 3 dup(0) ;584

9, 3 dup(0)
1, 3 dup(0)
7, 3 dup(0)
10h, 3 dup(0) ;600

11h, 3 dup(0)
7, 3 dup(0)
8 dup(0FFh)
7, 3 dup(0)   ;616

8, 3 dup(0)
0Ah, 3 dup(0)
7, 3 dup(0)
8, 3 dup(0)   ;636

18h, 3 dup(0)
3, 3 dup(0)
8, 3 dup(0)
4 dup(0FFh)   ;652

7, 3 dup(0)
4 dup(0FFh)
7, 3 dup(0)
4 dup(0FFh)   ;668

7, 3 dup(0)
4 dup(0FFh)
9, 3 dup(0)
4 dup(0FFh)   ;684

1, 7 dup(0)
35h, 3 dup(0)
4 dup(0FFh)
5, 3 dup(0)   ;700

As seen in the first chunk..
1, 8, 1, C

Is this what he was talking about?

*Edit*: If this is correct, I guess there's 175 packets total. Looking at the numbers ";0 ;16; ;32", it looks as if it counts each part by 4. (Once again, I know nothing about dissasembly, please correct me if i'm wrong)

Ringo · July 12, 2005, 07:26 PM

I didnt mean to be nasty by my reply, im just pointing out that even if you knew all the fixed lengh packets (witch isnt much more than iv documented already) it wont help you much, and looking in a dll file is not going to teach you anything when it comes to problem solving

Im presuming you guys are having problems with the join data?

Elneroth · July 12, 2005, 07:30 PM

It's nothing to do with the join data.
Everytime I try to get something done an unknown packet pops up, blocking the wanted packets from coming in.
Everytime I research a unknown packet it ends up having like 5 more unknowns after it.

Either my parsing sucks, or there's just so many packets (175) to try and guess how long they are/what they do.

Ringo · July 12, 2005, 07:45 PM

hm, im guessing you mean when you change sections.
Could you post a log?

[edit]
When you say get things done, what do you mean?

LordNevar · July 12, 2005, 08:11 PM

I would assume it is your parsing, cause every packet that comes in is easily identified against the data that I put together, or the data that Ringo was gracious enough to put together and with help from others and exsisting data already available. Are you making sure that you are only parsing incoming game packets, or are you getting a jumbled mess from ingame and out of game packets to?

Elneroth · July 12, 2005, 09:02 PM

D2GS sometimes don't have a byte assigned to the packet for how long it is.
This is why in your parser, you must have it loop back through the parser, with it's determined length.

I'm having problems where when I try to get a certain packet (like for example: a player leaving), unknown packets arrive. When I research one of these unknown packet, I parse it, then another one comes. This happens for a while, and takes a lot of research, to get past all the unknowns.

Instead of researching every single one of the 180 packets, I'm using this address UserLoser found in D2Net.dll. I found out what he's talking about.. (in a different format than what I posted), and I put it together inside of Visual Basic.

I'm about to try out this, I'll post my results here :-p.

LivedKrad · July 12, 2005, 09:06 PM

You're welcome, Elneroth.