packets

ILurker · March 10, 2003, 04:06 PM

someone please tell me how the hell i find the ping, and other stuff

Figure 1.1
RECV-> 0000   FF 0F 3D 00 01 00 00 00 00 00 00 00 C5 01 00 00    ..=.............
RECV-> 0010   00 00 00 00 0D F0 AD BA 0D F0 AD BA 53 61 72 63    ............Sarc
RECV-> 0020   61 73 74 69 63 00 52 41 54 53 20 30 20 30 20 30    astic.RATS 0 0 0
RECV-> 0030   20 31 20 30 20 30 20 30 20 30 20 30 00                                                          1 0 0 0 0 0.

user's flags is 0x00000000, ping is 453, account is "Sarcastic", and statstring is "RATS 0 0 0 1 0 0 0 0 0".

Banana fanna fo fanna · March 10, 2003, 04:40 PM

Instead of giving you the answer (since I don't know it

), I suggest doing an experiment.

Look at a CHAT client's packet and record it.

Then look at a low ping client's packet, and a high ping one's (in SC). Compare and see which dword/word/whatever it is.

Noodlez · March 10, 2003, 04:47 PM

Packet ID: 0x0F
Direction: Server -> Client (Recieved)
Format: (DWORD) Event ID
(DWORD) User's Flags
(DWORD) Ping
(DWORD) IP Address (Defunct)
(DWORD) Account number (Defunct)
(DWORD) Registration Authority (Defunct)
(STRING) Username
(STRING) Text

Banana fanna fo fanna · March 10, 2003, 04:48 PM

Screw you n00dz

ILurker · March 10, 2003, 05:30 PM

wtf are dwords and strings, and where in the packet do i look to find them? i mean like which (numbers?/lines?)

Mesiah / haiseM · March 10, 2003, 06:27 PM

ok here i go again, i did this once, but since nobody bothers to SEARCH, ill do it again.

Bytes - appear in format "00" in a packet log, this is the equivilant as 1 character in a string.

Words - appear in format "00 00" in a packet log, this is equivilant as 2 characters in a string.

DWords - appear in format "00 00 00 00" in a packet log, this is equivilant as 4 characters in a string.

QWords - appear in format "00 00 00 00 00 00 00 00" in a packet log, this is equivilant as 8 characters in a string.

NTString (Null Terminated String) - appears as plain text, with a null byte at the end "00".

String - appears as plain text.

When you read a packet log, your reading it in Hex, which makes it easier to distinguish then reading it as plain strings, because if you look at a word or dword in string, it can appear as any array of characters, but have a more meaningful use than that.

Code Select

Figure 1.1 
RECV-> 0000   FF 0F 3D 00 01 00 00 00 00 00 00 00 C5 01 00 00    ..=............. 
RECV-> 0010   00 00 00 00 0D F0 AD BA 0D F0 AD BA 53 61 72 63    ............Sarc 
RECV-> 0020   61 73 74 69 63 00 52 41 54 53 20 30 20 30 20 30    astic.RATS 0 0 0 
RECV-> 0030   20 31 20 30 20 30 20 30 20 30 20 30 00             1 0 0 0 0 0.

user's flags is 0x00000000, ping is 453, account is "Sarcastic", and statstring is "RATS 0 0 0 1 0 0 0 0 0".

the ping is the third dword in the packet, as noodlez said, but your viewing it in hex, so you wont just see "453", you have to take that dword in hex, and conver it to decimal:

Code Select

1st dword = 01 00 00 00
2nd dword = 00 00 00 00
3rd dword = C5 01 00 00

If you convert 1C5 from hex into decimal, you will get 453, and that is the users ping.

Can we get something like this on bnetdocs or botdev site or something?

Noodlez · March 10, 2003, 07:40 PM

mesiah, i dont think that belongs on bnet docs. by making a binary bot it's assumed you have that knowledge...

wow, isnt ILurker the one who called me a vb "n00b" and said i shold stop programming?

but, to follow the rules i'll help you, despite how much i hate you.
pos = 1
mid(data,pos,4) 'would extract the first dword
pos = pos + 4 'moving on to the next dword
mid(data,pos,4)
pos = pos + 4
'to extract a string you would continue where you left off 'and stop at a null
string = mid(data,pos, instr(mid(data,pos)-1,vbnullchar)) 'the -1 is because you don't want the null to be part of your string
pos = pos + len(string) + 1

Camel · March 11, 2003, 02:43 AM

Quote...your reading it in Hex...

you're

Quotemesiah, i dont think that belongs on bnet docs. by making a binary bot it's assumed you have that knowledge...

wow, isnt ILurker the one who called me a vb "n00b" and said i shold stop programming?

but, to follow the rules i'll help you, despite how much i hate you.
pos = 1
mid(data,pos,4) 'would extract the first dword
pos = pos + 4 'moving on to the next dword
mid(data,pos,4)
pos = pos + 4
'to extract a string you would continue where you left off 'and stop at a null
string = mid(data,pos, instr(mid(data,pos)-1,vbnullchar)) 'the -1 is because you don't want the null to be part of your string
pos = pos + len(string) + 1

if you want to be ubernewbish, you you be so lazy as to write an 'extract' string...using globally defined variables, of course...

Arta · March 11, 2003, 04:12 AM

Small nitpicky correction:

QuoteString - appears as plain text.

This is false. BNCS does not use any such type. Data that appears to be a non-terminated string is always 4 bytes long - they are DWORDS that just happen to look like strings.

ILurker · March 11, 2003, 11:02 AM

Quotewow, isnt ILurker the one who called me a vb "n00b" and said i shold stop programming?

I dont recall ever saying that

Banana fanna fo fanna · March 11, 2003, 01:47 PM

For christ's sake...before you post:

1) Use the forum's search
2) Use bnetdocs
3) Use google

Noodlez · March 11, 2003, 05:28 PM

QuoteI dont recall ever saying that

i'd look through your old posts, but you deleted them after i proved you were an idiot

Mesiah / haiseM · March 16, 2003, 06:05 PM

yoni, i was just pointing out what it is in general, not limiting it to the use of BNCS, otherwise i wouldnt have added the definition of a QWord :-P

Yoni · March 17, 2003, 02:06 AM

Quoteyoni,

huh? I didn't even reply in this thread (until now)

MrRaza · March 17, 2003, 02:51 AM

Maybe it got deleted...

packets

ILurker

ILurker

Camel

ILurker