packet 0x51, exe version

soccerist · April 03, 2004, 02:27 PM

I am designing a bot in Linux using g++.

That mentioned, I was wondering if anyone had information on how to extract the exe version from the starcraft.exe executable.

I did a hexdump of starcraft.exe to look for the 4-byte exe version i packetlogged. I'm pretty sure it's not just an offset in the file though. I'm looking for the methods and the process behind extracting it.

Any resources would be appreciated as well.

UserLoser. · April 03, 2004, 03:51 PM

The values come from a function called CheckRevision. This is found in the DLLs extracted from the MPQ specified by Battle.net during the logon process

soccerist · April 03, 2004, 04:15 PM

QuoteThe values come from a function called CheckRevision.

The EXE Version of a file surely does not come from a function?

If the version of an executable IS stored in DLLs, how exactly is that value extracted? I'm looking to write my own function to extract this value, not use someone else's CheckRevision function.

Stealth · April 03, 2004, 04:57 PM

The value is calculated by CheckRevision().

UserLoser. · April 03, 2004, 05:47 PM

Quote from: soccerist on April 03, 2004, 04:15 PM
QuoteThe values come from a function called CheckRevision.

The EXE Version of a file surely does not come from a function?

If the version of an executable IS stored in DLLs, how exactly is that value extracted? I'm looking to write my own function to extract this value, not use someone else's CheckRevision function.

CheckRevision is the function that the real game clients use which was written by Blizzard. It is called from example: IX86ver1.dll. (which can be extracted from IX86ver1.mpq, via Storm.dll. These MPQs are downloaded from Battle.net during the logon process, packet log a connection on any Battle.net client and see for your self) If you want to write your own function, then I suggest you do some disassembly in the versioning DLLs to figure it out.

Arta · April 03, 2004, 07:55 PM

The version is in the exe's resource info. Getting that under win32 is pretty easy (GetFileVersionInfoSize/GetFileVersionInfo/VerQueryValue), but I have no idea how you'd do it under linux. Version *bytes* on the other hand are different. That value isn't present in the exe. You just have to know it.

Edit: CheckRevision gets this value for you (someone mentioned that ) and CheckRevision has been ported to linux. You might want to look into finding an open source linux bot (perhaps prolix?) and having a dig around.

iago · April 03, 2004, 08:22 PM

As far as I know, it's just hardcoded 0x0101001 (or whatever it is) into it. I'm pretty sure those are windows-specific functions since they read information about windows exe files.

soccerist · April 03, 2004, 09:58 PM

QuoteThe version is in the exe's resource info. Getting that under win32 is pretty easy (GetFileVersionInfoSize/GetFileVersionInfo/VerQueryValue), but I have no idea how you'd do it under linux.

Arta[vL], This is EXACTLY the problem I have run into. I'm trying to figure out how I would do it. It would be nice to understand more about the exe's resource info in the process as well.

QuoteEdit: CheckRevision gets this value for you (someone mentioned that ) and CheckRevision has been ported to linux. You might want to look into finding an open source linux bot (perhaps prolix?) and having a dig around.

Prolix has the value hardcoded as a random value. Prolix was made for bnetd, which is in many ways similar to the actual Battle.net(tm). The only difference is that Bnetd is not as strict for logon values.

QuoteAs far as I know, it's just hardcoded 0x0101001 (or whatever it is) into it. I'm pretty sure those are windows-specific functions since they read information about windows exe files.

I'm sure there is a way to do it without hardcoding. I am trying to avoid hardcoding if possible. If a new version of starcraft comes out, my value would be incorrect.

The GetFileVersionInfoSize/GetFileVersionInfo/VerQueryValue ARE windows-specific functions (windows.h) which are not part of the c++ standard. (I realize that these functions were actually written before C++'s time, in C, but are available in VC++ and VB (maybe?). My point is, they _were_ written at some point in time, so there's a way to do it.

All in all, I suppose what I am asking is if anyone knows what they really do.

Soul Taker · April 04, 2004, 12:31 PM

You could always request the version byte from BNLS if you have to.

iago · April 04, 2004, 12:51 PM

Quote from: Soul Taker on April 04, 2004, 12:31 PM
You could always request the version byte from BNLS if you have to.

Yes, and then you wouldn't have had a version byte for the last 16 hours

Arta · April 04, 2004, 01:09 PM

You'll have to read up on the format of resource data then

Zorm · April 04, 2004, 02:43 PM

Well I was going to say to take a look at zDSBot, however, those values are hardcoded which is another option you have givin how little they change.

Adron · April 04, 2004, 06:12 PM

Quote from: soccerist on April 03, 2004, 09:58 PM
All in all, I suppose what I am asking is if anyone knows what they really do.

Soulburner was recently doing this (rewriting the version resource finding functions) and got a lot of help from some routines in wine. You might want to go look there.

You can also parse out the exe headers yourself, the version info is a resource, so all you have to do is find the resources, look up the right one, and read the information. I found the structure definitions for exe files in winnt.h in msvc, I'm sure there are definitions in the wine headers as well.

soccerist · April 04, 2004, 11:27 PM

Wow, thx Adron. I should have thought to look at wine.

I'm curious what structure definitions are in winnt.h. I'll try to get ahold of it somewhere to take a peek.

Thx all for your help.

iago · April 05, 2004, 04:30 AM

And of course, if you figure it out, don't forget to post your solution here

packet 0x51, exe version

soccerist

UserLoser.

soccerist

UserLoser.

soccerist

soccerist