Bambino Posts - Answer Overflow

Bambino

•Created by Bambino on 6/23/2023 in #help

❔ Understanding reading values from binary

I'm reading a version number from the binary of a client via hex. However, I get different results with different client versions. Using IDA, I have found the correct offsets for each client, so that is not the issue. I have reached my intended goal of getting the value for different client versions, but I am trying to understand why. I am new to this so there must be something I do not comprehend. ------------------------- Using BinaryPrimitives.ReadUInt16LittleEndian

var majorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset));
var minorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 2));
var privatePart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 5));
var buildPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 8));

var majorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset));
var minorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 2));
var privatePart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 5));
var buildPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 8));

Client 1, I get the correct value: Version: 7.0.98.16 for the version. Client 2, I get Version: 29554.28521.8302.29477 ------------------------- Using Encoding.ASCII.GetString

majorPart = Encoding.ASCII.GetString(buffer.AsSpan(offset, 1));
minorPart = Encoding.ASCII.GetString(buffer.AsSpan(offset + 2, 2));
buildPart = Encoding.ASCII.GetString(buffer.AsSpan(offset + 5, 2));
privatePart = Encoding.ASCII.GetString(buffer.AsSpan(offset + 8, 2));

majorPart = Encoding.ASCII.GetString(buffer.AsSpan(offset, 1));
minorPart = Encoding.ASCII.GetString(buffer.AsSpan(offset + 2, 2));
buildPart = Encoding.ASCII.GetString(buffer.AsSpan(offset + 5, 2));
privatePart = Encoding.ASCII.GetString(buffer.AsSpan(offset + 8, 2));

for the version. Client 2, I get the intended value for Client 2 Version: 1.25.35.00 ------------------------------------------

79 replies

CC#

•Created by Bambino on 6/19/2023 in #help

✅ FileStream is not reading entire file?

client.exe (3,563,520 bytes) fs.Length (896,000 bytes)

var path = Core.FindDataFile("client.exe", false);

using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read))
            {
                var buffer = new byte[fs.Length];
                fs.Read(buffer, 0, buffer.Length);

                // VS_VERSION_INFO (unicode)
                Span<byte> vsVersionInfo = stackalloc byte[]
                {
                    0x56, 0x00, 0x53, 0x00, 0x5F, 0x00, 0x56, 0x00,
                    0x45, 0x00, 0x52, 0x00, 0x53, 0x00, 0x49, 0x00,
                    0x4F, 0x00, 0x4E, 0x00, 0x5F, 0x00, 0x49, 0x00,
                    0x4E, 0x00, 0x46, 0x00, 0x4F, 0x00
                };

                for (var i = 0; i < buffer.Length - 30; i++)
                {
                    if (vsVersionInfo.SequenceEqual(buffer.AsSpan(i, 30)))
                    {
                        var offset = i + 30 + 12;

                        var minorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset));
                        var majorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 2));
                        var privatePart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 4));
                        var buildPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 6));

                        return new ClientVersion(majorPart, minorPart, buildPart, privatePart);
                    }
                }
            }

var path = Core.FindDataFile("client.exe", false);

using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read))
            {
                var buffer = new byte[fs.Length];
                fs.Read(buffer, 0, buffer.Length);

                // VS_VERSION_INFO (unicode)
                Span<byte> vsVersionInfo = stackalloc byte[]
                {
                    0x56, 0x00, 0x53, 0x00, 0x5F, 0x00, 0x56, 0x00,
                    0x45, 0x00, 0x52, 0x00, 0x53, 0x00, 0x49, 0x00,
                    0x4F, 0x00, 0x4E, 0x00, 0x5F, 0x00, 0x49, 0x00,
                    0x4E, 0x00, 0x46, 0x00, 0x4F, 0x00
                };

                for (var i = 0; i < buffer.Length - 30; i++)
                {
                    if (vsVersionInfo.SequenceEqual(buffer.AsSpan(i, 30)))
                    {
                        var offset = i + 30 + 12;

                        var minorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset));
                        var majorPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 2));
                        var privatePart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 4));
                        var buildPart = BinaryPrimitives.ReadUInt16LittleEndian(buffer.AsSpan(offset + 6));

                        return new ClientVersion(majorPart, minorPart, buildPart, privatePart);
                    }
                }
            }

22 replies

CC#

•Created by Bambino on 5/20/2023 in #help

✅ Reference not recognized

95 replies

Gaming

Programming