[C -> S] 0x51

Trunning · May 09, 2010, 02:23 PM

In my head this makes sense to me, but I'm not sending what I expect.

	CMSG_BNLS_HASHDATA packet;
	packet.Size			= 4;
	packet.Flags		= 0x02;
	packet.Data			= (void*)malloc(4);
	strcpy_s((char*)packet.Data, 4, "lol");
	packet.ClientKey	= g_Cookie;
	packet.ServerKey	= g_ServerToken;

	char *buffer = (char*)malloc(sizeof(packet));
	memcpy(buffer, &packet, sizeof(DWORD) * 2);
	memcpy(buffer + sizeof(DWORD) * 2, packet.Data, 4);
	memcpy(buffer + sizeof(DWORD) * 2 + 4, &packet + sizeof(DWORD) * 2, sizeof(DWORD) * 2);

Code Select

0000   17 00 0b 04 00 00 00 02 00 00 00 6c 6f 6c 00 cc  ...........lol..
0010   cc cc cc cc cc cc cc                             .......

Trunning · May 09, 2010, 02:38 PM

Ok I seriously don't see why this isn't being constructed properly. Nor do I know where this uninitialized memory is coming from.

Code Select

	CMSG_BNLS_HASHDATA packet;
	packet.Size			= 4;
	packet.Flags		= 0x02;
	packet.Data			= (void*)malloc(4);
	strcpy_s((char*)packet.Data, 4, "lol");
	packet.ClientKey	= g_Cookie;
	packet.ServerKey	= g_ServerToken;

	int size = sizeof(DWORD) * 4;
	char *buffer = (char*)malloc(size);

	memcpy(buffer, &packet, 8);
	strcpy_s(buffer + 8, 4, "lol");
	memcpy(buffer + 12, &packet + 8, 8);

Code Select

0000   17 00 0b 04 00 00 00 02 00 00 00 6c 6f 6c 00 cc  ...........lol..
0010   cc cc cc cc cc cc cc                             .......

Hdx · May 09, 2010, 02:59 PM

Where are you getting your numbers?

Trunning · May 09, 2010, 03:04 PM

I meant &packet + 8!

Well I know a DWORD is 4 bytes, so I'm copying over the 1st 2 DWORDS then I'm putting my password in the buffer, but 8 bytes along, after the 2 DWORDS, then I'm putting the last 2 DWORDS after that.

Oh shit, I just realized the buffer size isn't including the 4 bytes for the password, gimme a sec now...

Code Select

CMSG_BNLS_HASHDATA packet;
	packet.Size			= 4;
	packet.Flags		= 0x02;
	packet.Data			= (void*)malloc(4);
	strcpy_s((char*)packet.Data, 4, "lol");
	packet.ClientKey	= g_Cookie;
	packet.ServerKey	= g_ServerToken;

	char *buffer = (char*)malloc(20); // 4 dwords and my password

	memcpy(buffer, &packet, 8);
	strcpy_s(buffer + 8, 4, "lol");
	memcpy(buffer + 12, &packet + 9, 8);

Hdx · May 09, 2010, 03:23 PM

Code Select

CMSG_BNLS_HASHDATA packet;
const char *password = "lol";
int pass_len = strlen(password);
	packet.Size = pass_len;
	packet.Flags = 0x02;
	packet.Data = (void*)malloc(pass_len);
	strcpy_s((char*)packet.Data, pass_len, password);
	packet.ClientKey = g_Cookie;
	packet.ServerKey = g_ServerToken;

	char *buffer = (char*)malloc(sizeof(packet) - sizeof(void *) + pass_len); 
	int main_gap = &packet.Data - &packet.Size;
	memcpy(buffer, &packet, main_gap);
	memcpy(buffer + main_gap, password, pass_len);
	memcpy(buffer + main_gap + pass_len, &packet.ClientKey, sizeof(packet.ClientKey) + sizeof(packet.ServerKey));

Trunning · May 09, 2010, 03:27 PM

Code Select

int main_gap = &packet.Data - &packet.Size;
error C2040: '-' : 'void **' differs in levels of indirection from 'DWORD *'

I think you're trying to take away the length of Data from Size, which doesn't make sense.

Hdx · May 09, 2010, 03:33 PM

I'm taking the ADDRESS of Size from the ADDRESS of Data.
That will give me the number of bytes between the two pointer. AE: it's size.
Type cast em to ints and it'll be fine.
Anyways, why are you against packet buffers?
You say you know how memory is laid out, and how to deal with it, But you don't else you wouldn't being having ANY of the issues you are having.
You need to make an exact copy of this memory layout. If Client token = 0x01010101 and Server = 0x02020202
03 00 00 00 02 00 00 00 6C 6F 6C 01 01 01 01 02 02 02 02

Trunning · May 09, 2010, 03:43 PM

I didn't bother thinking of that level, and you missed out on the +1 for pass_len...

Anyway your code is sending...

Code Select

0000   17 00 0b 04 00 6c 6f 6c 00 50 1e e7 4b 5f 5d 2c  .....lol.P..K_],
0010   70 cd cd cd cd cd cd                             p......

Hdx · May 09, 2010, 03:45 PM

You're not supposed to include a null byte.

Trunning · May 09, 2010, 03:52 PM

Well I get runtime errors if I don't.

Hdx · May 09, 2010, 03:55 PM

oh ya, change strcpy to memcpy

Trunning · May 09, 2010, 04:03 PM

Done, sending this though:

Code Select

0000   17 00 0b 03 00 6c 6f 6c 08 23 e7 4b d4 1a 6a a3  .....lol.#.K..j.
0010   cd cd cd cd cd cd fd                             .......

Hdx · May 09, 2010, 04:08 PM

Now, from that packet log, what do YOU think the issue is? Heres a hint: It's really fucking obvious.

Trunning · May 09, 2010, 04:11 PM

Something isn't being set properly, I guess that because of the cd's.

Hdx · May 09, 2010, 04:13 PM

Yes, but what?
Read the log. See what is missing, see what is not what it's suposto be!