Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
Exported plaintext content from subgame2.exe and fix.dll

 
Post new topic   Reply to topic Printable version
 View previous topic  banner code Post :: Post (server.cfg/template.sss) Help me unde...  View next topic  
Author Message
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Fri Nov 13, 2009 8:42 pm    Post subject: Exported plaintext content from subgame2.exe and fix.dll Reply to topic Reply with quote

Might be interesting to skim these -- nothing new really.
http://www.hlrse.net/Qwerty/hxd_subgame2EXE.txt
http://www.hlrse.net/Qwerty/hxd_fixDLL.txt

However I did find some things that caught my attention that I did not see in the past (well, SOME I did see -- like the idblock.txt file).

subgame2.exe
Quote:
All
Shark
Lancaster
Terrier
Weasel
Leviathan
Spider
Javelin
Warbird

Quote:
pulled.dat
/nb.server.ini
/SPAWN
idblock.txt
ipallow.txt
ipblock.txt

Quote:
scrty
S
Z
subspace.exe
Update2.exe
Update1.exe
Update.exe
version%d\
version0

Quote:
Spawned TRACERT
SUBGAME2 /SPAWN tracert %s > spawn.log
SPAWN STARTED
SUBGAME2 /SPAWN %s > spawn.log

Quote:
(SPAWN)
(FIND)
(CHAT)
(ENEMYTEAM:%d)
(TEAM:%d)
(TO:----)
(TO:%s).%s> %s




Fix.dll
Quote:
$login
$pvt
$pub


Fix.dll -- server.ini stuff
Quote:
SyncJitter
AllVips
TrackFlood
CheckPrizeDistribution


Fix.dll - commands
Quote:
*locate
*rstat
*tmode
*bandwidth
?recycle
?set
?get


Quote:
noshutdown
*shutdown

Quote:
Undetermined
SOCKS5 proxy
Using proxy at localhost
ServerIP is not set in server.ini
Not using proxy
Using NAT
Using custom proxy

Quote:
(staff)
(local)

Quote:
-------------------: Extended version %s
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Samapico
No, these DO NOT look like penises, ok?


Joined: May 08 2003
Posts: 1252
Offline

PostPosted: Fri Nov 13, 2009 8:57 pm    Post subject: Reply to topic Reply with quote

pulled.dat?
_________________
(Insert a bunch of dead links here)
Back to top
View users profile Send private message Add User to Ignore List
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Fri Nov 13, 2009 9:24 pm    Post subject: Reply to topic Reply with quote

pulled.dat is an interesting one. No clue about it.

/SPAWN is an actual startup command. With this command, you startup Subgame2.exe AND the specified cmd/bat/exe/com file. I am thinking that Trench Wars might be using this kind of startup to either (1) execute itself to run itself twice simultaneously or (2) something else.

/nb.server.ini seems to be another startup command too, although I am not quite sure what this actually does.

Does anyone happen to know what the command line parameter is to automatically boot Subgame2 into offline mode?
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
cycad
Novice


Gender:Gender:Male
Joined: Feb 12 2004
Posts: 29
Offline

PostPosted: Sat Nov 21, 2009 12:27 pm    Post subject: Reply to topic Reply with quote

Check http://forums.minegoboom.com/viewtopic.php?t=8599.

Hit shift+12. Hit alt+t. Type in 'pulled.dat'. Double click the highlighted row. Offset 0x42b810 is highlighted (this is where pulled.dat is defined.) Highlight its identifier (aPulled_dat) then press 'x' to see all references to that text string. Double click the single reference that pops up. Offset 0x40b9d8 comes up in the disassembly. Notice that in the status bar at the bottom we are in the function PlayerHandleGamePacket. Looking below the current location, we see intrinsic strlen and strcpy (the repne scasb and rep movsd). Let's find where this string goes.

Presumably the call at offset 0x40ba0c operates on that string, because thats the only other call made before the function we are in exits (the epilogue is at 0x40ba18).

Double click on 'sub_41D440'. We see a bunch of mov operations. We don't care what this does right now, lets just get a high level picture from flow control. The only flow control we see is the call at 0x41d4b6, to sub_41CE60. Double click it, let's see what it does.

Ahh. GetTickCount() call, followed by WriteToNetwork(). This string is getting sent to someone.

Hit escape twice to go back to where we started. We are now at 0x40ba0c. Let's scroll up. Maybe we can see where this string is from and who it's going to.

Scrolling up to 0x40b8c7, which is marked as 'pkt_game_handle_0x16', w e know we are in the handler for the game packet 0x16. What is this packet? No clue yet.

At offset 0x40b8d2 we see a reference that retrieve a player pointer from the global array of all players, followed by a check to see if they are sysop at 0x40b8e5. So the source or target must be a sysop.

Lets look at the prototype for the current function. Hit 'y'. The first argument is a PLAYER structure (it's actually the 'this' pointer, which we know from the __thiscall I marked earlier, which I knew to mark because ecx was used before being set at the beginning of the function, which means the calling function set it).

Let's see what goes on before the jump to the packet handler. Highlight 'pkt_game_handle_0x16 and hit 'x' to see references to this location. Double click the first item that pops up, a jump to it. We are now at 0x408eb6. Scrolling up, we are at the entrance to the function (0x408e90). The ECX reference @ 0x408e9f contains the 'this' pointer, which is PLAYER class pointer. That gets moved into the EBP register. Not that this function has an ESP based from, and EBP does not point to the stack -- it point's to the current players class.

Hit escape to go back to the pkt_game_handle_0x16 definition. We know that EBP has the current players PLAYER pointer, so the mov eax, [ebp+58h] instruction at 0x40b8c7 is pulling information from the current player's structure. What is this information? Let's see.

That EAX value is used as an index into the PlayerArray (global array of all players in subgame). So we could right now go to the structure window and define offset 0x58 in the PLAYER struct to be 'some_index_into_PlayerArray]. But let's not do that right now. :)

So it looks like PLAYER offset 0x58 contains the index into PlayerArray which is some other player's PLAYER pointer. I assume its the destination player.

Looking at the string reference at 0x40b8d2, one 'thing' is getting forwarded from one sysop to another (the sysop check is at 0x40b8e5).

So how does PLAYER offset 0x58 get set? And what is the data being sent? Why is it sysop-only? Why is it named pulled.dat? It looks like we have more questions than answers (oh how common this is...).

At this point we would have to trace references to PLAYER pointer offsets 0x58 and see what sets it. I would probably do this dynamically with a debugger and breakpoints.

But I hope this gives enough information to get started. Always keep it interesting...
Back to top
View users profile Send private message Add User to Ignore List
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Sun Nov 22, 2009 7:59 pm    Post subject: Reply to topic Reply with quote

Quote:
To disable *shutdown create noshutdown directory to server directory.

Quote:
----------------------------- version 1.34.12a --------------------------------
Added proxy detection to /*einfo. Proxy is detected for Continuum 0.37 and
later clients. You need to set server IP address in server.ini [Misc] ServerIP
for it to work.
* Undetermined - SS 1.3x or Continuum 0.36 clients
* SOCKS5 proxy - User is using Continuum's built in SOCKS5 proxy
* Using proxy at localhost - player is using proxy ran in same machine as
Continuum client. There is no other reason to do so than monitoring or
tampering with packet stream
* Using custom proxy - player is using custom proxy. Suspect cheating.
* Using NAT - player is using router or firewall doing NAT translation
* Not using proxy - no proxy was detected between client and server

Quote:
----------------------------- version 1.34.12pr3 ------------------------------
Added support for team sounds. Regular users can play sounds %150 - %255 in
team chat, zone sysops can upload these sounds in lvz file

Quote:
New command: *relkills <0 or 1> - toggles sending kills reliably on and off.
Normally server sends kill messages as non-reliable messages if killed player's
bounty is less than 200 (teamkills are always non-reliable). Setting
*relkills 1 will make server send kill messages reliably,

New command: /*bandwidth <bandwidth> - allow to set cutback watermark per
player, overriding arena's Latency:CutbackWatermark setting


Last edited by L.C. on Sun Nov 22, 2009 8:09 pm, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
JoWie
Server Help Squatter


Gender:Gender:Male
Joined: Feb 25 2004
Posts: 215
Offline

PostPosted: Sun Nov 22, 2009 8:08 pm    Post subject: Reply to topic Reply with quote

C2S 0x16 is upload file packet, this may explain the sysop only
Back to top
View users profile Send private message Add User to Ignore List
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Wed Nov 25, 2009 7:48 pm    Post subject: Reply to topic Reply with quote

Quote:
/nb.server.ini
/nb starts Subgame2 in offline mode. The initials stand for "no billing/er".
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Wed Mar 17, 2010 5:25 am    Post subject: Reply to topic Reply with quote

Quote:
All
Shark
Lancaster
Terrier
Weasel
Leviathan
Spider
Javelin
Warbird
I think this partly makes a reference to templates.sss. For the settings regarding ship settings, "all" is used.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Samapico
No, these DO NOT look like penises, ok?


Joined: May 08 2003
Posts: 1252
Offline

PostPosted: Wed Mar 17, 2010 6:55 am    Post subject: Reply to topic Reply with quote

L.C. wrote:
Quote:
All
Shark
Lancaster
Terrier
Weasel
Leviathan
Spider
Javelin
Warbird
I think this partly makes a reference to templates.sss. For the settings regarding ship settings, "all" is used.

Note the order is also the reverse order of how the settings will appear in Esc-C editor... The Terrier being after the Weasel, for some reason (most likely a mistake)
The fact that it is in reverse order is probably just some technical thing about how that part is implemented.
Back to top
View users profile Send private message Add User to Ignore List
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Wed Mar 17, 2010 6:01 pm    Post subject: Reply to topic Reply with quote

I wonder if swapping the two in Subgame2's HEX would fix that. After all, Subgame2 isn't "secured" like Continuum.exe and fix.dll.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Dr Brain
Flip-flopping like a wind surfer


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline

PostPosted: Wed Mar 17, 2010 6:23 pm    Post subject: Reply to topic Reply with quote

It might fix that problem, but it'd introduce a whole new problem with all the settings being swapped between the two ships.
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me
Back to top
View users profile Send private message Add User to Ignore List AIM Address Yahoo Messenger MSN Messenger
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Wed Mar 17, 2010 6:28 pm    Post subject: Reply to topic Reply with quote

How might it introduce new problems? icon_confused.gif I can't imagine how it would, seeing as how *.cfg stores everything for Terrier under [Terrier]. Swapping orders won't change the *.cfg. :X
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Dr Brain
Flip-flopping like a wind surfer


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline

PostPosted: Wed Mar 17, 2010 7:03 pm    Post subject: Reply to topic Reply with quote

No, but you'd make it so everything under [Terrier] goes to ship 6, aka the Weasel.
Back to top
View users profile Send private message Add User to Ignore List AIM Address Yahoo Messenger MSN Messenger
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Wed Mar 17, 2010 7:52 pm    Post subject: Reply to topic Reply with quote

Dr Brain wrote:
No, but you'd make it so everything under [Terrier] goes to ship 6, aka the Weasel.
*testing*

EDIT: You are correct.

It doesn't appear as if there is any easy way to "fix" it either (from my standpoint anyway).
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Samapico
No, these DO NOT look like penises, ok?


Joined: May 08 2003
Posts: 1252
Offline

PostPosted: Wed Mar 17, 2010 8:34 pm    Post subject: Reply to topic Reply with quote

Dr Brain wrote:
No, but you'd make it so everything under [Terrier] goes to ship 6, aka the Weasel.
Uh? I would have thought it would do something like:
-[4 other ships]
-Read 'Weasel'
-Read the .cfg value for [Weasel]
-Send that
-Read 'Terrier'
- ...

In which case there would be no problem... So you're saying it does something like this? :
-[4 other ships]
-Read 'Weasel'
-Read the .cfg value for ship 6, even if it's the 5th ship we check, but just because I know we put it in a stupid 1,2,3,4,6,5,7,8 order
-Send that setting with the Weasel tag
-Read 'Terrier'
- ...

I really don't see how it could be that way
Back to top
View users profile Send private message Add User to Ignore List
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Wed Mar 17, 2010 9:24 pm    Post subject: Reply to topic Reply with quote

Samapico wrote:
Uh? I would have thought it would do something like:
-[4 other ships]
-Read 'Weasel'
-Read the .cfg value for [Weasel]
-Send that
-Read 'Terrier'
- ...
That's what I was thinking too. Because "all" was there, I was led to think that if "Weasel" is in there, it should search for [Weasel], and not have a fixed order (stupid, no?). It was to my assumption that that section may primarily be in regards to template.sss, but I suppose this isn't fully correct (after testing of course).

I need to put an entry for Warbird in template.sss and see if it overwrites [All].

Samapico wrote:
In which case there would be no problem... So you're saying it does something like this? :
-[4 other ships]
-Read 'Weasel'
-Read the .cfg value for ship 6, even if it's the 5th ship we check, but just because I know we put it in a stupid 1,2,3,4,6,5,7,8 order
-Send that setting with the Weasel tag
-Read 'Terrier'
- ...

I really don't see how it could be that way
So yes, Subgame2 was coded in a stupid way as far as this goes. It uses a fixed order rather than grab "Name" and locate [Name]. If you change Weasel to Terrier, it will still look for [Weasel] and not [Terrier].

Last edited by L.C. on Wed Mar 17, 2010 9:27 pm, edited 1 time in total
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Dr Brain
Flip-flopping like a wind surfer


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline

PostPosted: Wed Mar 17, 2010 9:26 pm    Post subject: Reply to topic Reply with quote

Samapico, why it works like that really isn't the issue. The important fact is that there is only one string in the binary. If you rename "Terrier" to "Weasel" the internal index of the string and ship haven't been altered.

No string manipulation in the binary will decouple the indexes. Any successful change would have to work at a lower level.
Back to top
View users profile Send private message Add User to Ignore List AIM Address Yahoo Messenger MSN Messenger
Samapico
No, these DO NOT look like penises, ok?


Joined: May 08 2003
Posts: 1252
Offline

PostPosted: Wed Mar 17, 2010 11:04 pm    Post subject: Reply to topic Reply with quote

But if it grabbed the setting from the correspondnig [Section] in the cfg, it wouldn't use the index at all
Back to top
View users profile Send private message Add User to Ignore List
Dr Brain
Flip-flopping like a wind surfer


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline

PostPosted: Thu Mar 18, 2010 6:19 am    Post subject: Reply to topic Reply with quote

Where does it get that section string from? As I said, there seems to be only one copy of the ship string in the binary.
Back to top
View users profile Send private message Add User to Ignore List AIM Address Yahoo Messenger MSN Messenger
L.C.
Server Help Squatter


Age:33
Gender:Gender:Male
Joined: Jan 03 2003
Posts: 574
Location: Missouri, US
Offline

PostPosted: Thu Mar 18, 2010 5:05 pm    Post subject: Reply to topic Reply with quote

Dr Brain wrote:
Where does it get that section string from? As I said, there seems to be only one copy of the ship string in the binary.
I think you are missing the point Samapico is trying to point out. It is possible for a program to be programmed that if String exists, search for [String]. x will always equal x.

In other words, before I actually swapped the two ship names in Subgame2.exe, it is unknown by you (unless you already tested, which you failed to mention), me, or Samapico whether it worked by fixed index (which is what you are saying, and how it actually is after testing) or by the above paragraph. Our (Samapico and I) initial thoughts were the first paragraph of this post, unlike yours -- which was fixed index.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Dr Brain
Flip-flopping like a wind surfer


Age:38
Gender:Gender:Male
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline

PostPosted: Fri Mar 19, 2010 1:54 am    Post subject: Reply to topic Reply with quote

I have no idea what you mean by that.

Short of generating the string through mathematical means, the string must exist in the binary. If there's only one copy, as you indicated, then it has to work the way I said. No, I haven't done any testing. It's just obvious how it must work given your statements about the strings in the binary.
Back to top
View users profile Send private message Add User to Ignore List AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> General Questions All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 410 page(s) served in previous 5 minutes.

phpBB Created this page in 0.685667 seconds : 46 queries executed (84.2%): GZIP compression disabled