morayati

katherine morayati

@morayati

permutations of: writing, music, code, games, vestiges of the '90s computer ecosystem, perfume, tea, cats, ??????

log inask
personal website
katherinemorayati.com/
github
github.com/katstasaph
rss
katherinemorayati.com/feed.xml
morayati
@morayati
bark
@bark
bark
@bark

trying to reverse engineer windows xp "internet checkers"

Internet Checkers from the MSN Gaming Zone which is Zone.com or something look i'm not good at history and it's not my thing

the checkers exe chkrzm.exe is a thin wrapper which exists only to grab a COM object ZoneM.Client and some random interface from zClientm.exe through which it calls a method and passes the strings Launch and

data=[ID=[mchkr_zm_***]data=[game=<Checkers>dll=<ZCorem.dll,cmnClim.dll>datafile=<ChkrRes.dll,CmnResm.dll>]server=[%1:0]name=[Checkers]family=[Checkers]icw=["%2"%3]setup=[CHKRZM]]

(after some formatting). so then obviously zClientm.exe which was already sitting there in the background being a COM or OLE server or something running a windows event loop parses that string and just, loads all those dlls. and then Something happens. cmnClim.dll pops open that ui and lets you press "Play" which of course causes it to load ZNetM.dll and through as many COM objects and c++ virtual classes and other unmentionable dlls as possible it finally bothers reaching out to checkers.freegames.zone.com:28805 or whatever else the little wrapper stuffed into the server key to that Launch garbage [yay for hosts file].

SO THEN

bark
@bark

spent a bit longer on it today with a different approach and yet again hit a mess that made it very hard to craft a packet that worked and then realised there was another mess hiding behind it and gave up

horrors below the fold

bark
@bark
=> got extra message
LinkHeader { signature: 4c694e6b, length: 130 }
ExtraHeader { unknown0: 140000, sequence_number: 1, checksum: 94849df0 }
0000:   79 62 62 6c  ab cd ef 98  1e 00 00 00  08 01 00 00   ybbl............
0010:   65 64 75 64  01 00 00 00  53 4c 43 49  44 3d 3c 31   edud....SLCID=<1
0020:   30 33 33 3e  55 4c 43 49  44 3d 3c 31  30 33 33 3e   033>ULCID=<1033>
0030:   49 4c 43 49  44 3d 3c 31  30 33 33 3e  55 54 43 4f   ILCID=<1033>UTCO
0040:   46 46 53 45  54 3d 3c 2d  36 30 30 3e  53 6b 69 6c   FFSET=<-600>Skil
0050:   6c 3d 3c 42  65 67 69 6e  6e 65 72 3e  43 68 61 74   l=<Beginner>Chat
0060:   3d 3c 4f 6e  3e 45 78 69  74 3d 3c 30  3e 00 1a 00   =<On>Exit=<0>...
0070:   cc cb 1a 00  90 f9 12 00  67 19 58 73  b8 54 1a 00   ........g.Xs.T..
0080:   cc cb 1a 00  90 19 58 73  c8 54 1a 00  a8 55 1a 00   ......Xs.T...U..
0090:   76 64 08 00  06 00 00 00  b8 f9 12 00  74 7b ab 73   vd..........t{.s
00a0:   06 7b ab 73  c1 7a ab 73  ff ff ff ff  06 00 00 00   .{.s.z.s........
00b0:   00 00 00 00  20 fa 12 00  00 00 00 00  06 7b ab 73   .... ........{.s
00c0:   e4 f9 12 00  34 87 41 7e  da 00 1d 00  13 01 00 00   ....4.A~........
00d0:   00 00 00 00  00 00 00 00  06 7b ab 73  cd ab ba dc   .........{.s....
00e0:   00 00 00 00  20 fa 12 00  06 7b ab 73  62 af 42 7e   .... ....{.sb.B~
00f0:   14 31 03 6f  f4 00 21 00  05 00 00 00  d0 77 19 00   .1.o..!......w..
0100:   60 7c 19 00  e4 ae 17 00  06 01 2a 00  ce 00 1f 00   `|........*.....
0110:   34 fa 12 00  92 84 01 6f  01 00 00 00                4......o....

ok then

You must log in to comment.

in reply to @bark's post:

in reply to @bark's post:

in reply to @bark's post:

in reply to @bark's post:

in reply to @bark's post:

bark
@bark

though it’s super unclear what’s like, causing the pieces to not appear :( the things which are actual like “game” messages all hit a null deref so it’s probably not those yet but i’m running out of things to try

login to reply
Pinned Tags