MangiS 0 Posted June 16, 2010 (edited) #include <string.au3> $packet = Binary("0x0F000001FC") $protocolid = BinaryMid($packet, 1, 1) $clientvers = BinaryMid($packet, 2) MsgBox(0, "NUMBER:", "Protocol Id:" & Int($protocolid) & ". ClientVers:" & $clientvers) ; test 2 $lalz = Binary(Int(508)) MsgBox(0, "508 Binary", $lalz & ".") So the problem is in 'decoding' the protocol id is correct (15) but the problem is in the clientvers clientvers should be 508 but i get 0 then with test 2 i tried to get binary value of Int 508 and its reversed (wtf?!!) FC010000 when the packet 000001FC and if i try to convert it back to int (FC010000) i get 252 Please explain me how to do this im newbie in theese things Edited June 16, 2010 by MangiS Share this post Link to post Share on other sites
Ascend4nt 131 Posted June 16, 2010 Welcome too the little-endian world of Intel x86/x64. Whereas the data is stored from lowest to highest bytes (read in binary as 'left-to-right' as 0x00,0x00,0x01,0xFC), the data is grabbed on an x86/x64 Intel machine in little-endian form. This means that if a 16-bit variable is grabbed, you will wind up with 0x0000, or if you grab from BinaryMid($packet,4) you will wind up with 0xFC01. If you grab a 32-bit variable, it will be 0xFC010000. big-endian machines are the opposite of course.In machine code there's a simple way of reversing endianness (the instruction 'bswap'). However, in higher level languages you need code tricks like below:$clientvers = Number("0x"&Hex(BinaryMid($packet, 2)))Wikipedia article on Endianness My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
MangiS 0 Posted June 16, 2010 Welcome too the little-endian world of Intel x86/x64. Whereas the data is stored from lowest to highest bytes (read in binary as 'left-to-right' as 0x00,0x00,0x01,0xFC), the data is grabbed on an x86/x64 Intel machine in little-endian form. This means that if a 16-bit variable is grabbed, you will wind up with 0x0000, or if you grab from BinaryMid($packet,4) you will wind up with 0xFC01. If you grab a 32-bit variable, it will be 0xFC010000. big-endian machines are the opposite of course.In machine code there's a simple way of reversing endianness (the instruction 'bswap'). However, in higher level languages you need code tricks like below:$clientvers = Number("0x"&Hex(BinaryMid($packet, 2)))Wikipedia article on EndiannessThank you very much Share this post Link to post Share on other sites
Ascend4nt 131 Posted June 18, 2010 MangiS, just to keep this in the thread (and out of my PM): So now my problem is that i cant convert binary (long) to int the packet is 0x00E3206C03CEC7E7 and it should be 63930468005758951 but when i try to convert it i fail.. first the swapping trick does not work here and u can't directly full value so i tried to split it to 2 parts (0x00E3206C and 0x03CEC7E7) but then i still don't get requed value , so can you help me convert this ? Since this is a 64-bit value, you can instead use something like Int("0x"&"00E3206C03CEC7E7"), but this will fail when the upper bit is set (it will return a negative value). Likewise, the following will give you a signed 64-bit integer: $stTemp=DllStructCreate("int64") DllStructSetData($stTemp,1,"0x00E3206C03CEC7E7") ConsoleWrite("value:"&DllStructGetData($stTemp,1)&@CRLF) IMPORTANT: There's currently no workaround for signed integers (any 64-bit value with the top bit set), however, you can check if it is negative, add a value to 'pop' the top bit (add (-9223372036854775807-1) [you must write it like that otherwise AutoIT will truncate it]), and then manually calculate an addition of '9223372036854775808'.. using string addition, I guess. Maybe someone else would have a better way to get a positive 64-bit number when the top bit is set though? I can't think of any easy way at the moment. My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
MangiS 0 Posted June 18, 2010 MangiS, just to keep this in the thread (and out of my PM): Since this is a 64-bit value, you can instead use something like Int("0x"&"00E3206C03CEC7E7"), but this will fail when the upper bit is set (it will return a negative value). Likewise, the following will give you a signed 64-bit integer: $stTemp=DllStructCreate("int64") DllStructSetData($stTemp,1,"0x00E3206C03CEC7E7") ConsoleWrite("value:"&DllStructGetData($stTemp,1)&@CRLF) IMPORTANT: There's currently no workaround for signed integers (any 64-bit value with the top bit set), however, you can check if it is negative, add a value to 'pop' the top bit (add (-9223372036854775807-1) [you must write it like that otherwise AutoIT will truncate it]), and then manually calculate an addition of '9223372036854775808'.. using string addition, I guess. Maybe someone else would have a better way to get a positive 64-bit number when the top bit is set though? I can't think of any easy way at the moment. tried dll struct , but it returns 0 Share this post Link to post Share on other sites
Ascend4nt 131 Posted June 18, 2010 (edited) Grab the Binary section (up to 8 bytes - or 16 characters using hex notation), and put it in the struct using String(): Something like: $bBin=BinaryMid($bDataStream,1,8) $stTemp=DllStructCreate("int64") DllStructSetData($stTemp,1,String($bBin)) ConsoleWrite("value:"&DllStructGetData($stTemp,1)&@CRLF) It seems odd but it has to be converted to "0x##.." before being put into that 64-bit element. Edited June 18, 2010 by Ascend4nt My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
MangiS 0 Posted June 18, 2010 (edited) Grab the Binary section (up to 8 bytes - or 16 characters using hex notation), and put it in the struct using String(): Something like: $bBin=BinaryMid($bDataStream,1,8) $stTemp=DllStructCreate("int64") DllStructSetData($stTemp,1,String($bBin)) ConsoleWrite("value:"&DllStructGetData($stTemp,1)&@CRLF) It seems odd but it has to be converted to "0x##.." before being put into that 64-bit element. $bDataStream = Binary("0x00E3206C03CEC7E7") $bBin=BinaryMid($bDataStream,1,8) $stTemp=DllStructCreate("int64") DllStructSetData($stTemp,1,String($bBin)) ConsoleWrite("value:"&DllStructGetData($stTemp,1)&@CRLF) still 0 what im doing wrong? Edited June 18, 2010 by MangiS Share this post Link to post Share on other sites
Ascend4nt 131 Posted June 18, 2010 Running what you posted, I get this: value:63930468005758951 Make sure you are using the latest AutoIT (v 3.3.6.1) My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
MangiS 0 Posted June 18, 2010 (edited) Running what you posted, I get this:value:63930468005758951Make sure you are using the latest AutoIT (v 3.3.6.1)Thank you so much again i was using older AutoITnow i almost done packet decoder Edit:As i saw in newest version it can be done only using Int()but one more stupid question how to do from int64 to binary? 'because using Binary() it converts it to like 0x363339333034333830303537 Edited June 18, 2010 by MangiS Share this post Link to post Share on other sites
Ascend4nt 131 Posted June 18, 2010 Look on the forums for some decimal to hexadecimal conversion routines, there's plenty of them around, though I think many have issues with signed numbers or >32-bit numbers. After the conversion is done, prefix it with "0x" and convert it to binary with Binary($sHexString). My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
