Difference between revisions of "Miscellaneous useful 'nippits"
Jump to navigation
Jump to search
(New page: I'm not sure what's going to end up here, but I'll know it when I see it. Be prepared! ==Overview== This is a quick and dirty overview of the whole process: * User connects to Battle.net ...) |
|||
Line 20: | Line 20: | ||
==WinDBG Packet Dumper== | ==WinDBG Packet Dumper== | ||
This little pair of WinDGB commands will set a breakpoint within the built-in module to decrypt and display Warden's initial packets: | This little pair of WinDGB commands will set a breakpoint within the built-in module to decrypt and display Warden's initial packets: | ||
<pre> | <pre>e SetThreadContext 0xc2 0x08 0x00 | ||
ba e1 19018461 "bd *; ba e1 eax+0x248b \".echo Sent SID_WARDEN Data:; d poi(esp+4) poi(esp+4)+poi(esp+8)-1; g\"; ba e1 eax+0x2730 \".echo Received SID_WARDEN Data:; d eax eax+esi-1; g\"; g" | |||
</pre> |
Latest revision as of 02:51, 28 February 2008
I'm not sure what's going to end up here, but I'll know it when I see it. Be prepared!
Overview
This is a quick and dirty overview of the whole process:
- User connects to Battle.net
- Built-in Warden module ("Maiev") is loaded from memory
- Module is initialized (keys are generated, etc.)
- User logs in
- Battle.net sends 0x00 ("Do you have this module?")
- User responds with 0x00 0r 0x01
- If 0x01 is sent, skip to receiving 0x02
- Battle.net sends the new module, in a series of 0x01 packets
- "Maiev" decrypts, verifies, and prepares the new module
- Once module has been verified and prepared, client sends back 0x01
- User responds with 0x00 0r 0x01
- After each Warden packet, Battle.snp checks if a new module is prepared
- Once complete, the module is swapped out
- Battle.net sends 0x02
- New module responds to 0x02 (somehow.. haven't done this yet)
WinDBG Packet Dumper
This little pair of WinDGB commands will set a breakpoint within the built-in module to decrypt and display Warden's initial packets:
e SetThreadContext 0xc2 0x08 0x00 ba e1 19018461 "bd *; ba e1 eax+0x248b \".echo Sent SID_WARDEN Data:; d poi(esp+4) poi(esp+4)+poi(esp+8)-1; g\"; ba e1 eax+0x2730 \".echo Received SID_WARDEN Data:; d eax eax+esi-1; g\"; g"