WinDbg & IDA

[UserLoser]

Is there anyone here willing to write a short tutorial on how to use IDA Pro, and WinDbg, showing how to find things such as where the recieved data from battle.net is processed in storm.dll (or battle.snp, i don't know that's why i'm asking), where data is sent, packet ids and names, ect, for starcraft?  this way from there, i can hopefully teach my self, along with reading other documents - so i could start to understand this, and learn it hopefully

[iago]

Id' recommend Softice

[indulgence]

Is there anyone here willing to write a short tutorial on how to use IDA Pro, and WinDbg, showing how to find things such as where the recieved data from battle.net is processed in storm.dll (or battle.snp, i don't know that's why i'm asking), where data is sent, packet ids and names, ect, for starcraft?  this way from there, i can hopefully teach my self, along with reading other documents - so i could start to understand this, and learn it hopefully

It's initially processed through battle.snp just load battle.snp up in IDA  (its just a renamed dll)

[Paul]

Expanding on iago's comment...

Finding send():
1.) Launch Starcraft
2.) Load WSOCK32.dll into SoftICE's Symbol Loader. Ctrl+D into Ice and type: bpx send from the command line.
3.) Return to Stracraft
4.) /join Random Channel
5.) SoftICE will pop up. Press F11 to goto the piece of code that called send().
6.) Check registers for packet data. Cmd in SoftICE to do this is: d register. Example: d ecx, d eax, d edx etc...

Finding recv():
Steps above, but bpx recv!

Some crappy hack I wrote along time ago for Diablo Shareware V1.09 that might help you asfar as the recv'd data is handled in Battle.snp. It can be found here: http://gamehackers.net/garbage/Decensor.dat

If you're interested in finding send() you can point yourself to this thread, it might help somewhat: http://forums.blizzhackers.com/phpBB2/viewtopic.php?t=105629

[indulgence]

If you are going to use IDA - Use 4.5+ as it has a built in debugger (not a system level debugger like softice -- but you are only debugging starcraft/diablo/warcraft im sure, and not device drivers or the like)

http://www.exetools.com/forum/   - find the ftp address + login info [its in the news & announcements forum]
they have 4.50 on the ftp in the incoming folder

[Etheran]

Expanding on iago's comment...

Finding send():
1.) Launch Starcraft
2.) Load WSOCK32.dll into SoftICE's Symbol Loader. Ctrl+D into Ice and type: bpx send from the command line.
3.) Return to Stracraft
4.) /join Random Channel
5.) SoftICE will pop up. Press F11 to goto the piece of code that called send().
6.) Check registers for packet data. Cmd in SoftICE to do this is: d register. Example: d ecx, d eax, d edx etc...

Finding recv():
Steps above, but bpx recv!

Some crappy hack I wrote along time ago for Diablo Shareware V1.09 that might help you asfar as the recv'd data is handled in Battle.snp. It can be found here: http://gamehackers.net/garbage/Decensor.dat

If you're interested in finding send() you can point yourself to this thread, it might help somewhat: http://forums.blizzhackers.com/phpBB2/viewtopic.php?t=105629

WinDbg can do all of that too! and it doesn't crash my computer like softice does..

[iago]

Softice writes directly to the display adapter.  I find that when I use windbg and other debuggers, they popup below a fullscreen ap like Starcraft so I can't see what's happening.  Softice displays on top of everything.

[Skywing]

Softice writes directly to the display adapter.  I find that when I use windbg and other debuggers, they popup below a fullscreen ap like Starcraft so I can't see what's happening.  Softice displays on top of everything.

Run Starcraft in a desktop other than Winsta0\Default and run WinDbg in Winsta0\Default.  Then you simply need to switch desktops (say, by an application running on both desktops that registers a hotkey) and you're set.

Alternatively you could run Starcraft in a Terminal Server session.