[VB][Closed-unsolved] Socket error... Still unsolved.

Don Cullen · September 12, 2005, 06:25 PM

The name of my winsock is BNET, and usually the packetbuffer class will call it as DMBot.BNET since it's in the DMBot form. There's a public string variable called bnetserver, which contains the server address. In the entire program, that variable is only assigned a value ONCE-- and it's hardcoded to "asia.battle.net".

With that much said, check this output from my bot out- very unusual...

QuoteDementedBot activated at [9/12/2005 4:07:27 PM] .
Loading configuration...
Username: Kyro[DM]
Password: ********
CDKey: **************
Client: Starcraft: Brood War
Client VerByte: CD
BNET Server: asia.battle.net
BNET Port: 6112
BNET Default Channel: op Kyro[DM]
Config loaded.
Connecting to port 6112 at the asia.battle.net server...
Connected!
Initating packetage...
Notifying server of emulation...
0x01 protocol packet sent.
Server notification done.
Assembling 0x50 Protocol packet...
0x50 SID_AUTH_INFO packet sent.
BNET: Ping?
Assembling 0x25 SID_PING Packet...
0x25 SID_PING packet sent.
DMBot: Pong!
BNET: Gimme your cdkey.
Assembling 0x51 SID_AUTH_CHECK Packet...
0x51 SID_AUTH_CHECK packet sent.
DMBot: Blah blah. There ya go. Happy?
BNET: Well...
BNET: Fine, I'll accept that...
BNET: But dude, who the heck are you?
Assembling 0x29 SID_LOGONRESPONSE Packet...
0x29 SID_LOGONRESPONSE packet sent.
DMBot: LOL! Well dude, I'm Kyro[DM]...
BNET: Uhhh...
BNET: Oh yea, I know you! Cool, welcome to BNET!
Assembling 0x14 SID_UDPPINGRESPONSE Packet...
0x14 SID_UDPPINGRESPONSE packet sent.
Assembling 0x0A SID_ENTERCHAT Packet...
Dumping packet [which was attempted to be sent]...

StrToHex Dump:
FF 0A 0F 00 4B 79 72 6F 5B 44 4D 5D 00 30 00

End of packet dump.
Fatal error. SOCKET value = asia.battle.net, PacketID Value = 10
Connection aborted locally.

As you can see, somehow, the SOCKET value was assigned to asia.battle.net, which is biazzre; I say biazzre, because when the SendPacket function is called, it's always called as:

.SendPacket DMBot.BNET, &H29 'Where &H29 is the packet id, cld be 0x0A, 0x0B, they all result in same error

Since the hexdump showed that it was the 0x0A function, I checked it, but it looks fine:

Code Select

'SID_ENTERCHAT
Private Sub P0x0A()
    AddC vbWhite, "Assembling 0x0A SID_ENTERCHAT Packet..."
    With PacketBuf
        .InsertNTString bnetusername
        .InsertNTString &H0         'Null, CDKeyed product.
        .SendPacket DMBot.BNET, &HA
    End With
    AddC vbWhite, "0x14 SID_ENTERCHAT packet sent."
End Sub

As you can see, it's passing the exact name, not the server name, in that function. Also, here's the SendPacket function:

Code Select

Public Function SendPacket(SOCKET As Winsock, PacketID As Byte)
    On Error GoTo HexDump
    SOCKET.SendData Chr(&HFF)
    SOCKET.SendData Chr(PacketID)
    SOCKET.SendData MakeWORD(Len(Buffer) + 4)
    SOCKET.SendData Buffer
    Clear
    Exit Function
HexDump:
    DumpPacket (Chr(&HFF) & Chr(PacketID) & MakeWORD(Len(Buffer) + 4) & Buffer)
    AddC vbRed, "Fatal error. SOCKET value = " & SOCKET & ", PacketID Value =  " & PacketID
    Clear
    AddC vbRed, "Connection aborted locally."
    DMBot.BNET.Close
    Call DMBot.BNET_Close
End Function

The DMBot.BNET parts in the SendPacket function were originally SOCKET, but I changed it to DMBot.BNET for troubleshooting purposes...

What I can't see is, now how in the heck did "asia.battle.net" get somehow passed to the SendPacket function as the socket, if the bnetserver variable was never once used in conjunction with SendPacket? I checked the entire program- nowhere is it used in conjunction-- the only time that var is actually used is when first connecting to it using the following code:

Code Select

BNET.Connect bnetserver, bnetport

In the Form_Load() sub, bnetserver is assigned the string of "asia.battle.net" and bnetport is assigned the value of 6112. In the entire programs, both vars are only used twice: once to assign value, and once to get winsock to connect to server.

I'm confused like heck, as this seems very unusual and biazzre behavior...

Inputs would be very much appreciated...

Hdx · September 12, 2005, 06:48 PM

Well, theres nothing wrong, your jsut not using SOCKET correctly -.-
You should NEVER use an object w/o adding a property.
w/o a property, It defults to .Remotehost I beleave. Thats why it does that.
~-~(HDX)~-~

Don Cullen · September 12, 2005, 06:54 PM

How do I prevent it from defaulting then? I mean, how am I not using SOCKET correctly? That function (before I added in the error handling code) is from Dark Minion's PacketBuffer class... This is driving me insane lol... If I hardcode the name of the socket, the bot works perfectly, but if I use SOCKET as a winsock object, and identify the socket by doing DMBOT.BNET, the program literally vomits >.<

[Edit: new info, edited to avoid double-posting.]

I just replaced all instances of SOCKET with DMBot.BNET, and changed all .SendPacket 's to only pass the packet ID. Insanely, it still errors out in that function. The error is a runtime error #6...

>.<

l2k-Shadow · September 12, 2005, 10:14 PM

Code Select


'SID_ENTERCHAT
Private Sub P0x0A()
    AddC vbWhite, "Assembling 0x0A SID_ENTERCHAT Packet..."
    With PacketBuf
        .InsertNTString bnetusername
        .InsertNTString &H0         'Null, CDKeyed product.
        .SendPacket DMBot.BNET, &HA
    End With
    AddC vbWhite, "0x14 SID_ENTERCHAT packet sent."
End Sub

Code Select


        .InsertNTString &H0         'Null, CDKeyed product.

I believe you are trying to assign an INTEGER arguement to a function to which you should assign a STRING arguement.

Why don't we try:

Code Select


        .InsertNTString vbNullString        'Null, CDKeyed product.

Now don't we just feel stupid?

EDIT:

Quote
Assembling 0x29 SID_LOGONRESPONSE Packet...
0x29 SID_LOGONRESPONSE packet sent.
DMBot: LOL! Well dude, I'm Kyro[DM]...
BNET: Uhhh...
BNET: Oh yea, I know you! Cool, welcome to BNET!
Assembling 0x14 SID_UDPPINGRESPONSE Packet...
0x14 SID_UDPPINGRESPONSE packet sent.
Assembling 0x0A SID_ENTERCHAT Packet...

I also see you are sending the 0x14 packet after 0x29... the client sends 0x14 and then 0x29.

Don Cullen · September 12, 2005, 10:46 PM

Yes, I felt very foolish when you showed I was trying to cram a number into a string >.< Thanks tho, I did feel extremely stupid- I actually knocked myself in the head with my shoe...

As for the 14 before 29, are you sure? I thought I was supposed to send the ping AFTER login?

[Edited to avoid double posting]

Well, I fixed that integer into ntstring bug... Still the same. Here's the output:

QuoteDementedBot activated at [9/12/2005 9:02:40 PM] .
Loading configuration...
Username: Kyro[DM]
Password: ********
CDKey: **************
Client: Starcraft: Brood War
Client VerByte: CD
BNET Server: asia.battle.net
BNET Port: 6112
BNET Default Channel: op Kyro[DM]
Config loaded.
Connecting to port 6112 at the asia.battle.net server...
Connected!
Initating packetage...
Notifying server of emulation...
0x01 protocol packet sent.
Server notification done.
Assembling 0x50 Protocol packet...
0x50 SID_AUTH_INFO packet sent.
BNET: Ping?
Assembling 0x25 SID_PING Packet...
0x25 SID_PING packet sent.
DMBot: Pong!
BNET: Gimme your cdkey.
Assembling 0x51 SID_AUTH_CHECK Packet...
0x51 SID_AUTH_CHECK packet sent.
DMBot: Blah blah. There ya go. Happy?
BNET: Well...
BNET: Fine, I'll accept that...
BNET: But dude, who the heck are you?
Assembling 0x14 SID_UDPPINGRESPONSE Packet...
0x14 SID_UDPPINGRESPONSE packet sent.
Assembling 0x29 SID_LOGONRESPONSE Packet...
0x29 SID_LOGONRESPONSE packet sent.
DMBot: LOL! Well dude, I'm Kyro[DM]...
BNET: Uhhh...
BNET: Oh yea, I know you! Cool, welcome to BNET!
Assembling 0x0A SID_ENTERCHAT Packet...
Runtime Error #6, Overflow. Fatal error, connection terminated.
Server aborted connection!
Dumping packet...

StrToHex Dump:
FF 0A 0E 00 4B 79 72 6F 5B 44 4D 5D 00 00
HexToString Dump:

End of packet dump.
0x14 SID_ENTERCHAT packet sent.
Assembling 0x0B SID_GETCHANNELLIST Packet...
Runtime Error #6, Overflow. Fatal error, connection terminated.
Server aborted connection!
Dumping packet...

StrToHex Dump:
FF 0B 12 00 4B 79 72 6F 5B 44 4D 5D 00 00 50 58 45 53
HexToString Dump:

End of packet dump.

This is the code for battlenet.bas which contains the parser, 0x0A, 0x0B, 0x0C, etc packet codes:

BattleNet.bas

This is the SendPacket function:

Code Select

Public Function SendPacket(SOCKET As Winsock, PacketID As Byte)
    On Error GoTo DumpHex
    SOCKET.SendData Chr$(&HFF)
    SOCKET.SendData Chr$(PacketID)
    SOCKET.SendData MakeWORD(Len(Buffer) + 4)
    SOCKET.SendData Buffer
    Clear
    Exit Function
DumpHex:
    DMBot.BNET.Close
    AddC vbRed, "Runtime Error #6, Overflow. Fatal error, connection terminated."
    Call DMBot.BNET_Close
    DumpPacket (Chr$(&HFF) & Chr$(PacketID) & MakeWORD(Len(Buffer) + 4) & Buffer)
End Function

The code also makes use of BNCSUtil.bas, if you need to see that code, let me know and I'll post a link to it as well. In fact, I'll post that one too, just in case:

BNCSUtil.bas

Man, I'm soooo confused as to what I did wrong, it was working great, I must have screwed it up somehow somewhere... It's only when it its the 0x0A packet that the errors pile up... I mean, a runtime error 6 buffer overflow?!? >.<

Thanks for your help, it's definitely appreciated-- I'm seriously hoping you'll be able to see whatever stupid ol' me missed! :p

l2k-Shadow · September 12, 2005, 11:06 PM

Quote from: Kyro on September 12, 2005, 10:46 PM
Yes, I felt very foolish when you showed I was trying to cram a number into a string >.< Thanks tho, I did feel extremely stupid- I actually knocked myself in the head with my shoe...

As for the 14 before 29, are you sure? I thought I was supposed to send the ping AFTER login?

EEK... 0x14 IS NOT the ping. 0x14 is to tell the server if your connection can accept UDP connections on port 6112, hence it's only used by STAR, SEXP, and W2BN. If you respond to the packet with the DWORD value 0x626E6574, it tells Battle.net you may process the UDP packets, if you ignore this packet and don't respond to it... Battle.net will think you cannot process the UDP packets and give you the "lag plug". And yes I'm sure you send 0x14 before 0x29, feel free to packet log the client.

Don Cullen · September 12, 2005, 11:12 PM

Alright, thanks for that info, I updated code to reflect that procedure. I also edited my previous post to show new code, as well posted a link to both BAS files...

l2k-Shadow · September 13, 2005, 12:03 AM

I don't know, the code seems fine. Try using this buffer//debuffer class, it might work better for you... Meh... that's all I can suggest, I don't see what could cause overflows, but give it a shot and see.

Don Cullen · September 13, 2005, 01:50 AM

Works perfectly- I compared your class with my class, and replaced the MakeWord line with:

SOCKET.SendData MakeMemory(Len(Buffer) + 4, pWORD)

And also copied over the MakeMemory function, as well as the pWORD definition. That solved the problem- the code executes perfectly now. Thanks!

Next up, figure out why it says op Kyro[DM] is restricted... Wish me luck! Thanks again for helping me to solve this!

Here's the output now:

QuoteDementedBot activated at [9/12/2005 11:47:06 PM] .
Loading configuration...
Username: Kyro[DM]
Password: ********
CDKey: **************
Client: Starcraft: Brood War
Client VerByte: CD
BNET Server: asia.battle.net
BNET Port: 6112
BNET Default Channel: op Kyro[DM]
Config loaded.
Connecting to port 6112 at the asia.battle.net server...
Connected!
Initating packetage...
Notifying server of emulation...
0x01 protocol packet sent.
Server notification done.
Assembling 0x50 Protocol packet...
0x50 SID_AUTH_INFO packet sent.
BNET: Ping?
Assembling 0x25 SID_PING Packet...
0x25 SID_PING packet sent.
DMBot: Pong!
BNET: Gimme your cdkey.
Assembling 0x51 SID_AUTH_CHECK Packet...
0x51 SID_AUTH_CHECK packet sent.
DMBot: Blah blah. There ya go. Happy?
BNET: Well...
BNET: Fine, I'll accept that...
BNET: But dude, who the heck are you?
Assembling 0x14 SID_UDPPINGRESPONSE Packet...
0x14 SID_UDPPINGRESPONSE packet sent.
Assembling 0x29 SID_LOGONRESPONSE Packet...
0x29 SID_LOGONRESPONSE packet sent.
DMBot: LOL! Well dude, I'm Kyro[DM]...
BNET: Uhhh...
BNET: Oh yea, I know you! Cool, welcome to BNET!
Assembling 0x0A SID_ENTERCHAT Packet...
0x14 SID_ENTERCHAT packet sent.
Assembling 0x0C SID_JOINCHANNEL Packet...
0x0C SID_JOINCHANNEL packet sent.
DMBot: By the way, I know my ABC's!!!
BNET: Cool! So do I! Anyway, welcome to BNET!
DMBot: Channel op Kyro[DM] is restricted.
BNET: Ping?
Assembling 0x25 SID_PING Packet...
0x25 SID_PING packet sent.
DMBot: Pong!
BNET: Ping?
Assembling 0x25 SID_PING Packet...
0x25 SID_PING packet sent.
DMBot: Pong!

Don Cullen · September 13, 2005, 02:06 AM

[Edit: My apologies for double post! Forgot >.<]

Bot just hit overflow AGAIN. It seems to work sometimes, and sometimes it won't. I just got ipbanned from asia.battle.net while trying to figure out problem...

Check this out:

QuoteDementedBot activated at [9/13/2005 12:01:44 AM] .
Loading configuration...
Username: Kyro[DM]
Password: ********
CDKey: **************
Client: Starcraft: Brood War
Client VerByte: CD
BNET Server: europe.battle.net
BNET Port: 6112
BNET Default Channel: op Kyro[DM]
Config loaded.
Connecting to port 6112 at the europe.battle.net server...
Connected!
Initating packetage...
Notifying server of emulation...
0x01 protocol packet sent.
Server notification done.
Assembling 0x50 Protocol packet...
0x50 SID_AUTH_INFO packet sent.
BNET: Ping?
Assembling 0x25 SID_PING Packet...
0x25 SID_PING packet sent.
DMBot: Pong!
BNET: Gimme your cdkey.
Assembling 0x51 SID_AUTH_CHECK Packet...
0x51 SID_AUTH_CHECK packet sent.
DMBot: Blah blah. There ya go. Happy?
BNET: Well...
BNET: Fine, I'll accept that...
BNET: But dude, who the heck are you?
Assembling 0x14 SID_UDPPINGRESPONSE Packet...
0x14 SID_UDPPINGRESPONSE packet sent.
Assembling 0x29 SID_LOGONRESPONSE Packet...
0x29 SID_LOGONRESPONSE packet sent.
DMBot: LOL! Well dude, I'm Kyro[DM]...
BNET: Uhhh...
BNET: Oh yea, I know you! Cool, welcome to BNET!
Assembling 0x0A SID_ENTERCHAT Packet...
Runtime Error #6, Overflow. Fatal error, connection terminated.
Server aborted connection!
Dumping packet...

StrToHex Dump:
FF 0A 0E 00 4B 79 72 6F 5B 44 4D 5D 00 00
HexToString Dump:

End of packet dump.
0x14 SID_ENTERCHAT packet sent.
Assembling 0x0C SID_JOINCHANNEL Packet...
Runtime Error #6, Overflow. Fatal error, connection terminated.
Server aborted connection!
Dumping packet...

StrToHex Dump:
FF 0C 1E 00 4B 79 72 6F 5B 44 4D 5D 00 00 00 00 00 00 6F 70 20 4B 79 72 6F 5B 44 4D 5D 00
HexToString Dump:

End of packet dump.
0x0C SID_JOINCHANNEL packet sent.
DMBot: By the way, I know my ABC's!!!

I also posted the PacketBuffer class I'm using-- it's at:

PacketBuffer.cls

Any ideas?

l2k-Shadow · September 13, 2005, 08:31 AM

Code Select


Private Sub P0x0C(TypeOfJoin As Long, ChanToJoin As String)
    Dim FakeVAr As Long
    FakeVAr = 123
    AddC vbWhite, "Assembling 0x0C SID_JOINCHANNEL Packet..."
    With PacketBuf
        .InsertDWORD TypeOfJoin
        .InsertNTString ChanToJoin  'Channel to join
        .SendPacket DMBot.BNET, &HC
    End With
    AddC vbWhite, "0x0C SID_JOINCHANNEL packet sent."
    DoEvents
End Sub

What is your TypeOfJoin variable set to?

Don Cullen · September 13, 2005, 09:06 AM

That sub is called as:

P0x0C &H0, bnetmainchannel

bnetmainchannel is a string variable, and it is set to "op Kyro[DM]" at form load time. When I get back from class today, I'm going to see if I can find anything else different in my packet buffer class with your packet buffer class. I'm running out of ideas as to what's wrong with the bot.

l2k-Shadow · September 13, 2005, 05:30 PM

Try
P0x0C &H2, bnetmainchannel

Don Cullen · September 13, 2005, 06:23 PM

it isn't erroring at the join packet- it's erroring at the enter chat packet, sometimes the join chat packet, sometimes the 0x51 packet... error's the same at all three-- winsock buffer overflow.

in any case, i tried the suggested change, no difference.

l2k-Shadow · September 13, 2005, 06:49 PM

Code Select


Public Function SendPacket(SOCKET As Winsock, PacketID As Byte)
    On Error GoTo DumpHex
    SOCKET.SendData Chr$(&HFF)
    SOCKET.SendData Chr$(PacketID)
    SOCKET.SendData MakeWORD(Len(Buffer) + 4)
    SOCKET.SendData Buffer
    Clear
    Exit Function
DumpHex:
    DMBot.BNET.Close
    AddC vbRed, "Runtime Error #6, Overflow. Fatal error, connection terminated."
    Call DMBot.BNET_Close
    DumpPacket (Chr$(&HFF) & Chr$(PacketID) & MakeWORD(Len(Buffer) + 4) & Buffer)
End Function

ugh... try...

Code Select


Public Function SendPacket(SOCKET As Winsock, PacketID As Byte)
    SOCKET.SendData Chr(&HFF) & Chr(PacketID) & MakeWORD(Len(Buffer) + 4) & Buffer
    Clear
End Function