• Welcome to Valhalla Legends Archive.
 

Documentation on SID_FINDLADDERUSER 0x2F

Started by ChR0NiC, March 21, 2004, 06:45 PM

Previous topic - Next topic

ChR0NiC

Well, I recently have been dubbed somewhat of an information leech who takes information without giving anything in return so I have decided to post some documentation on a packet. This may not be a popular packet, but if you want to add ladder view support to your bot. Working along side with this post you could learn alot I hope.

C -> S: SID_FINDLADDERUSER (0x2F)
 STAR/SEXP, W2BN:
   (DWORD) Product
   (DWORD) Listing Type
   (DWORD) Listing Style
   (STRING)  Username

Possible Listing Types
Listing Type:
STAR/SEXP:
Normal: 0x01
Unknown: 0x02

W2BN:
Normal: 0x01
Unknown: 0x02
IronMan: 0x03

Possible Listing Styles
STAR/SEXP, W2BN
Highest Rated: 0x00
Most Wins: 0x02
Most Games Played: 0x03

S -> C: SID_FINDLADDERUSER (0x2F) (Length 8.)
 
     (DWORD) Rank

Keep in mind, that the starting rank in this case would be "0"
So if you are returned "14" the rank would be "15"


And yes I got this by myself, please no flaming about how easy it is to figure out this packet. It's a start, I will probably most more packets in the future.

Edit: No successful results with "result" in:
(DWORD) FF FF FF FF

MyndFyre

Quote from: ChR0NiC on March 21, 2004, 06:45 PM
Edit: No successful results with "result" in:
(DWORD) FF FF FF FF

Good job Mr. info leech :P

A note, and in fact the reason I quoted what I did...

0xffffffff is -1 if you interpret it as a two's-complement signed integer.  Have you ever used the String.indexOf(String) method in Java or Javascript?  It's the same idea -- if it's not found, it returns -1 (because -1 is an index that doesn't exist).
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Archangel

I'm not an Addict.

iago

Quote from: Myndfyre on March 21, 2004, 11:29 PM
Quote from: ChR0NiC on March 21, 2004, 06:45 PM
Edit: No successful results with "result" in:
(DWORD) FF FF FF FF

Good job Mr. info leech :P

A note, and in fact the reason I quoted what I did...

0xffffffff is -1 if you interpret it as a two's-complement signed integer.  Have you ever used the String.indexOf(String) method in Java or Javascript?  It's the same idea -- if it's not found, it returns -1 (because -1 is an index that doesn't exist).

That's true, but don't forget that (DWORD) == unsigned int.  So if you're referring it to a DWORD in a packet, then it IS 0xFFFFFFFF (or FF FF FF FF), not -1.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


UserLoser.

Quote from: iago on March 22, 2004, 10:42 AM
Quote from: Myndfyre on March 21, 2004, 11:29 PM
Quote from: ChR0NiC on March 21, 2004, 06:45 PM
Edit: No successful results with "result" in:
(DWORD) FF FF FF FF

Good job Mr. info leech :P

A note, and in fact the reason I quoted what I did...

0xffffffff is -1 if you interpret it as a two's-complement signed integer.  Have you ever used the String.indexOf(String) method in Java or Javascript?  It's the same idea -- if it's not found, it returns -1 (because -1 is an index that doesn't exist).

That's true, but don't forget that (DWORD) == unsigned int.  So if you're referring it to a DWORD in a packet, then it IS 0xFFFFFFFF (or FF FF FF FF), not -1.

Isn't it more like:

WORD = unsigned int
DWORD = unsigned long

Correct?

iago

An int (in MSVS and Java) is 4 bytes.

I should say long and short for 4 and 2 bytes.  Better yet, WORD and DWORD.  

But even WORD and DWORD aren't the same, in the SPARC I used at school a word was 4 bytes an a DWORD was 8.  They aren't really standard as names, so if you're using them you should probably indicate that a dword is 4-bytes-unsigned and a word is 2-bytes-unsigned.  I'd say you're pretty safe calling a byte a byte, though.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Kp

Quote from: iago on March 22, 2004, 02:17 PMI'd say you're pretty safe calling a byte a byte, though.

Yes.  I recommend getting used to inttypes.h, which supplies such nice definitions as uint16_t (unsigned 16 bit quantity), uint32_t (unsigned 32bit), int16_t (signed 16bit), etc. :)  These definitions make it clear which you mean, and the inttypes.h for your OS is (supposed) to be kept correct so that you can be sure int16_t really is a signed 16bit quantity, without regard to whether your compiler considers that a signed short or a signed int.  However, be aware that Java suckily does not support this header file (mitigation: it also fails to support unsigned types properly, thus removing much of the confusion).  For clarity, I recommend gcj's convention that Java types get a leading j -- jint, jlong, etc.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

MyndFyre

#7
Quote from: iago on March 22, 2004, 10:42 AM
Quote from: Myndfyre on March 21, 2004, 11:29 PM
Quote from: ChR0NiC on March 21, 2004, 06:45 PM
Edit: No successful results with "result" in:
(DWORD) FF FF FF FF

Good job Mr. info leech :P

A note, and in fact the reason I quoted what I did...

0xffffffff is -1 if you interpret it as a two's-complement signed integer.  Have you ever used the String.indexOf(String) method in Java or Javascript?  It's the same idea -- if it's not found, it returns -1 (because -1 is an index that doesn't exist).

That's true, but don't forget that (DWORD) == unsigned int.  So if you're referring it to a DWORD in a packet, then it IS 0xFFFFFFFF (or FF FF FF FF), not -1.

Of course, since we don't know if it's meant to be an unsigned or a signed integer, we say for convention that it is a DWORD because it takes up four bytes of memory.  Considering the function that we are using is searching for an index into an array, it is logical to take it as a signed integer, since the indexOf() function by convention returns -1 if the target is not found.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.