static bool IsWarcraft3Map(DWORD * HeaderData) { DWORD DwordValue0 = BSWAP_INT32_UNSIGNED(HeaderData[0]); DWORD DwordValue1 = BSWAP_INT32_UNSIGNED(HeaderData[1]); return (DwordValue0 == 0x57334D48 && DwordValue1 == 0x00000000); }
static bool IsAviFile(DWORD * HeaderData) { DWORD DwordValue0 = BSWAP_INT32_UNSIGNED(HeaderData[0]); DWORD DwordValue2 = BSWAP_INT32_UNSIGNED(HeaderData[2]); DWORD DwordValue3 = BSWAP_INT32_UNSIGNED(HeaderData[3]); // Test for 'RIFF', 'AVI ' or 'LIST' return (DwordValue0 == 0x46464952 && DwordValue2 == 0x20495641 && DwordValue3 == 0x5453494C); }
static bool IsAviFile(void * pvFileBegin) { LPDWORD AviHeader = (DWORD *)pvFileBegin; DWORD DwordValue0 = BSWAP_INT32_UNSIGNED(AviHeader[0]); DWORD DwordValue2 = BSWAP_INT32_UNSIGNED(AviHeader[2]); DWORD DwordValue3 = BSWAP_INT32_UNSIGNED(AviHeader[3]); // Test for 'RIFF', 'AVI ' or 'LIST' return (DwordValue0 == 0x46464952 && DwordValue2 == 0x20495641 && DwordValue3 == 0x5453494C); }
static int LoadMpqPatch(TMPQFile * hf) { TPatchHeader PatchHeader; DWORD dwBytesRead; int nError = ERROR_SUCCESS; // Read the patch header SFileReadFile((HANDLE)hf, &PatchHeader, sizeof(TPatchHeader), &dwBytesRead); if(dwBytesRead != sizeof(TPatchHeader)) nError = ERROR_FILE_CORRUPT; // Verify the signatures in the patch header if(nError == ERROR_SUCCESS) { // BSWAP the entire header, if needed BSWAP_ARRAY32_UNSIGNED(&PatchHeader, sizeof(DWORD) * 6); PatchHeader.dwXFRM = BSWAP_INT32_UNSIGNED(PatchHeader.dwXFRM); PatchHeader.dwXfrmBlockSize = BSWAP_INT32_UNSIGNED(PatchHeader.dwXfrmBlockSize); PatchHeader.dwPatchType = BSWAP_INT32_UNSIGNED(PatchHeader.dwPatchType); if(PatchHeader.dwSignature != 0x48435450 || PatchHeader.dwMD5 != 0x5f35444d || PatchHeader.dwXFRM != 0x4d524658) nError = ERROR_FILE_CORRUPT; } // Read the patch, depending on patch type if(nError == ERROR_SUCCESS) { switch(PatchHeader.dwPatchType) { case 0x59504f43: // 'COPY' nError = LoadMpqPatch_COPY(hf, &PatchHeader); break; case 0x30445342: // 'BSD0' nError = LoadMpqPatch_BSD0(hf, &PatchHeader); break; default: nError = ERROR_FILE_CORRUPT; break; } } return nError; }
bool IsPatchData(const void * pvData, DWORD cbData, LPDWORD pdwPatchedFileSize) { TPatchHeader * pPatchHeader = (TPatchHeader *)pvData; BLIZZARD_BSDIFF40_FILE DiffFile; DWORD dwPatchType; if(cbData >= sizeof(TPatchHeader) + sizeof(BLIZZARD_BSDIFF40_FILE)) { dwPatchType = BSWAP_INT32_UNSIGNED(pPatchHeader->dwPatchType); if(dwPatchType == 0x30445342) { // Give the caller the patch file size if(pdwPatchedFileSize != NULL) { Decompress_RLE((LPBYTE)&DiffFile, sizeof(BLIZZARD_BSDIFF40_FILE), (LPBYTE)(pPatchHeader + 1), sizeof(BLIZZARD_BSDIFF40_FILE)); DiffFile.NewFileSize = BSWAP_INT64_UNSIGNED(DiffFile.NewFileSize); *pdwPatchedFileSize = (DWORD)DiffFile.NewFileSize; return true; } } } return false; }
bool WINAPI SFileOpenArchive( const char * szMpqName, DWORD dwPriority, DWORD dwFlags, HANDLE * phMpq) { TFileStream * pStream = NULL; // Open file stream TMPQArchive * ha = NULL; // Archive handle ULONGLONG FileSize = 0; // Size of the file int nError = ERROR_SUCCESS; // Verify the parameters if (szMpqName == NULL || *szMpqName == 0 || phMpq == NULL) nError = ERROR_INVALID_PARAMETER; // One time initialization of MPQ cryptography InitializeMpqCryptography(); dwPriority = dwPriority; // Open the MPQ archive file if (nError == ERROR_SUCCESS) { if (!(dwFlags & MPQ_OPEN_ENCRYPTED)) { pStream = FileStream_OpenFile(szMpqName, (dwFlags & MPQ_OPEN_READ_ONLY) ? false : true); if (pStream == NULL) nError = GetLastError(); } else { pStream = FileStream_OpenEncrypted(szMpqName); if (pStream == NULL) nError = GetLastError(); } } // Allocate the MPQhandle if (nError == ERROR_SUCCESS) { FileStream_GetSize(pStream, FileSize); if ((ha = ALLOCMEM(TMPQArchive, 1)) == NULL) nError = ERROR_NOT_ENOUGH_MEMORY; } // Initialize handle structure and allocate structure for MPQ header if (nError == ERROR_SUCCESS) { memset(ha, 0, sizeof(TMPQArchive)); ha->pStream = pStream; pStream = NULL; // Remember if the archive is open for write if (ha->pStream->StreamFlags & (STREAM_FLAG_READ_ONLY | STREAM_FLAG_ENCRYPTED_FILE)) ha->dwFlags |= MPQ_FLAG_READ_ONLY; // Also remember if we shall check sector CRCs when reading file if (dwFlags & MPQ_OPEN_CHECK_SECTOR_CRC) ha->dwFlags |= MPQ_FLAG_CHECK_SECTOR_CRC; } // Find the offset of MPQ header within the file if (nError == ERROR_SUCCESS) { ULONGLONG SearchPos = 0; DWORD dwHeaderID; while (SearchPos < FileSize) { DWORD dwBytesAvailable = MPQ_HEADER_SIZE_V4; // Cut the bytes available, if needed if ((FileSize - SearchPos) < MPQ_HEADER_SIZE_V4) dwBytesAvailable = (DWORD)(FileSize - SearchPos); // Read the eventual MPQ header if (!FileStream_Read(ha->pStream, &SearchPos, ha->HeaderData, dwBytesAvailable)) { nError = GetLastError(); break; } // There are AVI files from Warcraft III with 'MPQ' extension. if (SearchPos == 0 && IsAviFile(ha->HeaderData)) { nError = ERROR_AVI_FILE; break; } // If there is the MPQ user data signature, process it dwHeaderID = BSWAP_INT32_UNSIGNED(*(LPDWORD)ha->HeaderData); if (dwHeaderID == ID_MPQ_USERDATA && ha->pUserData == NULL) { // Ignore the MPQ user data completely if the caller wants to open the MPQ as V1.0 if ((dwFlags & MPQ_OPEN_FORCE_MPQ_V1) == 0) { // Fill the user data header ha->pUserData = &ha->UserData; memcpy(ha->pUserData, ha->HeaderData, sizeof(TMPQUserData)); BSWAP_TMPQUSERDATA(ha->pUserData); // Remember the position of the user data and continue search ha->UserDataPos = SearchPos; SearchPos += ha->pUserData->dwHeaderOffs; continue; } } // There must be MPQ header signature if (dwHeaderID == ID_MPQ) { // Save the position where the MPQ header has been found if (ha->pUserData == NULL) ha->UserDataPos = SearchPos; ha->pHeader = (TMPQHeader *)ha->HeaderData; ha->MpqPos = SearchPos; // Now convert the header to version 4 BSWAP_TMPQHEADER(ha->pHeader); ConvertMpqHeaderToFormat4(ha, FileSize, dwFlags); break; } // Move to the next possible offset SearchPos += 0x200; } // If we haven't found MPQ header in the file, it's an error if (ha->pHeader == NULL) nError = ERROR_BAD_FORMAT; } // Fix table positions according to format if (nError == ERROR_SUCCESS) { // W3x Map Protectors use the fact that War3's Storm.dll ignores the MPQ user data, // and probably ignores the MPQ format version as well. The trick is to // fake MPQ format 2, with an improper hi-word position of hash table and block table // We can overcome such protectors by forcing opening the archive as MPQ v 1.0 if (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) { ha->pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1; ha->pHeader->dwHeaderSize = MPQ_HEADER_SIZE_V1; ha->dwFlags |= MPQ_FLAG_READ_ONLY; ha->pUserData = NULL; } // Both MPQ_OPEN_NO_LISTFILE or MPQ_OPEN_NO_ATTRIBUTES trigger read only mode if (dwFlags & (MPQ_OPEN_NO_LISTFILE | MPQ_OPEN_NO_ATTRIBUTES)) ha->dwFlags |= MPQ_FLAG_READ_ONLY; // Set the size of file sector ha->dwSectorSize = (0x200 << ha->pHeader->wSectorSize); // Verify if any of the tables doesn't start beyond the end of the file nError = VerifyMpqTablePositions(ha, FileSize); } // Read the hash table. // "interface.MPQ.part" in trial version of World of Warcraft // has compressed block table and hash table. if (nError == ERROR_SUCCESS) { // // Note: We will not check if the hash table is properly decrypted. // Some MPQ protectors corrupt the hash table by rewriting part of it. // Hash table, the way how it works, allows arbitrary values for unused entries. // nError = LoadHashTable(ha); } // Read Het and Bet tables, if they are present if (nError == ERROR_SUCCESS) { nError = LoadHetAndBetTable(ha); if (ha->pHetTable || ha->pBetTable) ha->dwFlags |= MPQ_FLAG_READ_ONLY; } // Now, build the file table. It will be built by combining // the block table, hi-block table, (attributes) and (listfile). if (nError == ERROR_SUCCESS) { nError = BuildFileTable(ha, FileSize); } // Verify the block table, if no kind of protection was detected if (nError == ERROR_SUCCESS && (ha->dwFlags & MPQ_FLAG_PROTECTED) == 0) { TFileEntry * pFileTableEnd = ha->pFileTable + ha->pHeader->dwBlockTableSize; TFileEntry * pFileEntry = ha->pFileTable; // ULONGLONG ArchiveSize = 0; ULONGLONG RawFilePos; // Parse all file entries for (pFileEntry = ha->pFileTable; pFileEntry < pFileTableEnd; pFileEntry++) { // If that file entry is valid, check the file position if (pFileEntry->dwFlags & MPQ_FILE_EXISTS) { // Get the 64-bit file position, // relative to the begin of the file RawFilePos = ha->MpqPos + pFileEntry->ByteOffset; // Begin of the file must be within range if (RawFilePos > FileSize) { nError = ERROR_FILE_CORRUPT; break; } // End of the file must be within range RawFilePos += pFileEntry->dwCmpSize; if (RawFilePos > FileSize) { nError = ERROR_FILE_CORRUPT; break; } // Also, we remember end of the file // if (RawFilePos > ArchiveSize) // ArchiveSize = RawFilePos; } } } // Load the "(attributes)" file and merge it to the file table if (nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_ATTRIBUTES) == 0) { // Ignore result of the operation. (attributes) is optional. SAttrLoadAttributes(ha); } // Load the internal listfile and include it to the file table if (nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_LISTFILE) == 0) { // Ignore result of the operation. (listfile) is optional. SFileAddListFile((HANDLE)ha, NULL); } // Test the indexes from BET and BET table #ifdef __STORMLIB_TEST__ if (nError == ERROR_SUCCESS) { TestNewHashBlockTables(ha); } #endif // Cleanup and exit if (nError != ERROR_SUCCESS) { FileStream_Close(pStream); FreeMPQArchive(ha); SetLastError(nError); ha = NULL; } *phMpq = ha; return (nError == ERROR_SUCCESS); }
static int ApplyFilePatch_BSD0( TMPQPatcher * pPatcher, PMPQ_PATCH_HEADER pFullPatch, LPBYTE pbTarget, LPBYTE pbSource) { PBLIZZARD_BSDIFF40_FILE pBsdiff; PBSDIFF_CTRL_BLOCK pCtrlBlock; LPBYTE pbPatchData = (LPBYTE)(pFullPatch + 1); LPBYTE pDataBlock; LPBYTE pExtraBlock; LPBYTE pbOldData = pbSource; LPBYTE pbNewData = pbTarget; DWORD dwCombineSize; DWORD dwNewOffset = 0; // Current position to patch DWORD dwOldOffset = 0; // Current source position DWORD dwNewSize; // Patched file size DWORD dwOldSize = pPatcher->cbFileData; // File size before patch // Get pointer to the patch header // Format of BSDIFF header corresponds to original BSDIFF, which is: // 0000 8 bytes signature "BSDIFF40" // 0008 8 bytes size of the control block // 0010 8 bytes size of the data block // 0018 8 bytes new size of the patched file pBsdiff = (PBLIZZARD_BSDIFF40_FILE)pbPatchData; pbPatchData += sizeof(BLIZZARD_BSDIFF40_FILE); // Get pointer to the 32-bit BSDIFF control block // The control block follows immediately after the BSDIFF header // and consists of three 32-bit integers // 0000 4 bytes Length to copy from the BSDIFF data block the new file // 0004 4 bytes Length to copy from the BSDIFF extra block // 0008 4 bytes Size to increment source file offset pCtrlBlock = (PBSDIFF_CTRL_BLOCK)pbPatchData; pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->CtrlBlockSize); // Get the pointer to the data block pDataBlock = (LPBYTE)pbPatchData; pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->DataBlockSize); // Get the pointer to the extra block pExtraBlock = (LPBYTE)pbPatchData; dwNewSize = (DWORD)BSWAP_INT64_UNSIGNED(pBsdiff->NewFileSize); // Now patch the file while(dwNewOffset < dwNewSize) { DWORD dwAddDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwAddDataLength); DWORD dwMovDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwMovDataLength); DWORD dwOldMoveLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwOldMoveLength); DWORD i; // Sanity check if((dwNewOffset + dwAddDataLength) > dwNewSize) return ERROR_FILE_CORRUPT; // Read the diff string to the target buffer memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength); pDataBlock += dwAddDataLength; // Get the longest block that we can combine dwCombineSize = ((dwOldOffset + dwAddDataLength) >= dwOldSize) ? (dwOldSize - dwOldOffset) : dwAddDataLength; if((dwNewOffset + dwCombineSize) > dwNewSize || (dwNewOffset + dwCombineSize) < dwNewOffset) return ERROR_FILE_CORRUPT; // Now combine the patch data with the original file for(i = 0; i < dwCombineSize; i++) pbNewData[dwNewOffset + i] = pbNewData[dwNewOffset + i] + pbOldData[dwOldOffset + i]; // Move the offsets dwNewOffset += dwAddDataLength; dwOldOffset += dwAddDataLength; // Sanity check if((dwNewOffset + dwMovDataLength) > dwNewSize) return ERROR_FILE_CORRUPT; // Copy the data from the extra block in BSDIFF patch memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength); pExtraBlock += dwMovDataLength; dwNewOffset += dwMovDataLength; // Move the old offset if(dwOldMoveLength & 0x80000000) dwOldMoveLength = 0x80000000 - dwOldMoveLength; dwOldOffset += dwOldMoveLength; pCtrlBlock++; } // The size after patch must match if(dwNewOffset != pFullPatch->dwSizeAfterPatch) return ERROR_FILE_CORRUPT; // Update the new data size pPatcher->cbFileData = dwNewOffset; return ERROR_SUCCESS; }
static int ApplyMpqPatch_BSD0( TMPQFile * hf, TPatchHeader * pPatchHeader) { PBLIZZARD_BSDIFF40_FILE pBsdiff; LPDWORD pCtrlBlock; LPBYTE pbPatchData = (LPBYTE)pPatchHeader + sizeof(TPatchHeader); LPBYTE pDataBlock; LPBYTE pExtraBlock; LPBYTE pbNewData = NULL; LPBYTE pbOldData = (LPBYTE)hf->pbFileData; DWORD dwNewOffset = 0; // Current position to patch DWORD dwOldOffset = 0; // Current source position DWORD dwNewSize; // Patched file size DWORD dwOldSize = hf->cbFileData; // File size before patch // Get pointer to the patch header // Format of BSDIFF header corresponds to original BSDIFF, which is: // 0000 8 bytes signature "BSDIFF40" // 0008 8 bytes size of the control block // 0010 8 bytes size of the data block // 0018 8 bytes new size of the patched file pBsdiff = (PBLIZZARD_BSDIFF40_FILE)pbPatchData; pbPatchData += sizeof(BLIZZARD_BSDIFF40_FILE); // Get pointer to the 32-bit BSDIFF control block // The control block follows immediately after the BSDIFF header // and consists of three 32-bit integers // 0000 4 bytes Length to copy from the BSDIFF data block the new file // 0004 4 bytes Length to copy from the BSDIFF extra block // 0008 4 bytes Size to increment source file offset pCtrlBlock = (LPDWORD)pbPatchData; pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->CtrlBlockSize); // Get the pointer to the data block pDataBlock = (LPBYTE)pbPatchData; pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->DataBlockSize); // Get the pointer to the extra block pExtraBlock = (LPBYTE)pbPatchData; dwNewSize = (DWORD)BSWAP_INT64_UNSIGNED(pBsdiff->NewFileSize); // Allocate new buffer pbNewData = ALLOCMEM(BYTE, dwNewSize); if(pbNewData == NULL) return ERROR_NOT_ENOUGH_MEMORY; // Now patch the file while(dwNewOffset < dwNewSize) { DWORD dwAddDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock[0]); DWORD dwMovDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock[1]); DWORD dwOldMoveLength = BSWAP_INT32_UNSIGNED(pCtrlBlock[2]); DWORD i; // Sanity check if((dwNewOffset + dwAddDataLength) > dwNewSize) { FREEMEM(pbNewData); return ERROR_FILE_CORRUPT; } // Read the diff string to the target buffer memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength); pDataBlock += dwAddDataLength; // Now combine the patch data with the original file for(i = 0; i < dwAddDataLength; i++) { if(dwOldOffset < dwOldSize) pbNewData[dwNewOffset] = pbNewData[dwNewOffset] + pbOldData[dwOldOffset]; dwNewOffset++; dwOldOffset++; } // Sanity check if((dwNewOffset + dwMovDataLength) > dwNewSize) { FREEMEM(pbNewData); return ERROR_FILE_CORRUPT; } // Copy the data from the extra block in BSDIFF patch memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength); pExtraBlock += dwMovDataLength; dwNewOffset += dwMovDataLength; // Move the old offset if(dwOldMoveLength & 0x80000000) dwOldMoveLength = 0x80000000 - dwOldMoveLength; dwOldOffset += dwOldMoveLength; pCtrlBlock += 3; } // Free the old file data FREEMEM(hf->pbFileData); // Put the new data to the fil structure hf->pbFileData = pbNewData; hf->cbFileData = dwNewSize; return ERROR_SUCCESS; }
bool WINAPI SFileOpenArchive( const TCHAR * szMpqName, DWORD dwPriority, DWORD dwFlags, HANDLE * phMpq) { TMPQUserData * pUserData; TFileStream * pStream = NULL; // Open file stream TMPQArchive * ha = NULL; // Archive handle TFileEntry * pFileEntry; ULONGLONG FileSize = 0; // Size of the file LPBYTE pbHeaderBuffer = NULL; // Buffer for searching MPQ header DWORD dwStreamFlags = (dwFlags & STREAM_FLAGS_MASK); bool bIsWarcraft3Map = false; int nError = ERROR_SUCCESS; // Verify the parameters if(szMpqName == NULL || *szMpqName == 0 || phMpq == NULL) { SetLastError(ERROR_INVALID_PARAMETER); return false; } // One time initialization of MPQ cryptography InitializeMpqCryptography(); dwPriority = dwPriority; // If not forcing MPQ v 1.0, also use file bitmap dwStreamFlags |= (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) ? 0 : STREAM_FLAG_USE_BITMAP; // Open the MPQ archive file pStream = FileStream_OpenFile(szMpqName, dwStreamFlags); if(pStream == NULL) return false; // Check the file size. There must be at least 0x20 bytes if(nError == ERROR_SUCCESS) { FileStream_GetSize(pStream, &FileSize); if(FileSize < MPQ_HEADER_SIZE_V1) nError = ERROR_BAD_FORMAT; } // Allocate the MPQhandle if(nError == ERROR_SUCCESS) { if((ha = STORM_ALLOC(TMPQArchive, 1)) == NULL) nError = ERROR_NOT_ENOUGH_MEMORY; } // Allocate buffer for searching MPQ header if(nError == ERROR_SUCCESS) { pbHeaderBuffer = STORM_ALLOC(BYTE, HEADER_SEARCH_BUFFER_SIZE); if(pbHeaderBuffer == NULL) nError = ERROR_NOT_ENOUGH_MEMORY; } // Find the position of MPQ header if(nError == ERROR_SUCCESS) { ULONGLONG SearchOffset = 0; ULONGLONG EndOfSearch = FileSize; DWORD dwStrmFlags = 0; DWORD dwHeaderSize; DWORD dwHeaderID; bool bSearchComplete = false; memset(ha, 0, sizeof(TMPQArchive)); ha->pfnHashString = HashStringSlash; ha->pStream = pStream; pStream = NULL; // Set the archive read only if the stream is read-only FileStream_GetFlags(ha->pStream, &dwStrmFlags); ha->dwFlags |= (dwStrmFlags & STREAM_FLAG_READ_ONLY) ? MPQ_FLAG_READ_ONLY : 0; // Also remember if we shall check sector CRCs when reading file ha->dwFlags |= (dwFlags & MPQ_OPEN_CHECK_SECTOR_CRC) ? MPQ_FLAG_CHECK_SECTOR_CRC : 0; // Also remember if this MPQ is a patch ha->dwFlags |= (dwFlags & MPQ_OPEN_PATCH) ? MPQ_FLAG_PATCH : 0; // Limit the header searching to about 130 MB of data if(EndOfSearch > 0x08000000) EndOfSearch = 0x08000000; // Find the offset of MPQ header within the file while(bSearchComplete == false && SearchOffset < EndOfSearch) { // Always read at least 0x1000 bytes for performance. // This is what Storm.dll (2002) does. DWORD dwBytesAvailable = HEADER_SEARCH_BUFFER_SIZE; DWORD dwInBufferOffset = 0; // Cut the bytes available, if needed if((FileSize - SearchOffset) < HEADER_SEARCH_BUFFER_SIZE) dwBytesAvailable = (DWORD)(FileSize - SearchOffset); // Read the eventual MPQ header if(!FileStream_Read(ha->pStream, &SearchOffset, pbHeaderBuffer, dwBytesAvailable)) { nError = GetLastError(); break; } // There are AVI files from Warcraft III with 'MPQ' extension. if(SearchOffset == 0) { if(IsAviFile((DWORD *)pbHeaderBuffer)) { nError = ERROR_AVI_FILE; break; } bIsWarcraft3Map = IsWarcraft3Map((DWORD *)pbHeaderBuffer); } // Search the header buffer while(dwInBufferOffset < dwBytesAvailable) { // Copy the data from the potential header buffer to the MPQ header memcpy(ha->HeaderData, pbHeaderBuffer + dwInBufferOffset, sizeof(ha->HeaderData)); // If there is the MPQ user data, process it // Note that Warcraft III does not check for user data, which is abused by many map protectors dwHeaderID = BSWAP_INT32_UNSIGNED(ha->HeaderData[0]); if(bIsWarcraft3Map == false && (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) == 0) { if(ha->pUserData == NULL && dwHeaderID == ID_MPQ_USERDATA) { // Verify if this looks like a valid user data pUserData = IsValidMpqUserData(SearchOffset, FileSize, ha->HeaderData); if(pUserData != NULL) { // Fill the user data header ha->UserDataPos = SearchOffset; ha->pUserData = &ha->UserData; memcpy(ha->pUserData, pUserData, sizeof(TMPQUserData)); // Continue searching from that position SearchOffset += ha->pUserData->dwHeaderOffs; break; } } } // There must be MPQ header signature. Note that STORM.dll from Warcraft III actually // tests the MPQ header size. It must be at least 0x20 bytes in order to load it // Abused by Spazzler Map protector. Note that the size check is not present // in Storm.dll v 1.00, so Diablo I code would load the MPQ anyway. dwHeaderSize = BSWAP_INT32_UNSIGNED(ha->HeaderData[1]); if(dwHeaderID == ID_MPQ && dwHeaderSize >= MPQ_HEADER_SIZE_V1) { // Now convert the header to version 4 nError = ConvertMpqHeaderToFormat4(ha, SearchOffset, FileSize, dwFlags); bSearchComplete = true; break; } // Check for MPK archives (Longwu Online - MPQ fork) if(dwHeaderID == ID_MPK) { // Now convert the MPK header to MPQ Header version 4 nError = ConvertMpkHeaderToFormat4(ha, FileSize, dwFlags); bSearchComplete = true; break; } // If searching for the MPQ header is disabled, return an error if(dwFlags & MPQ_OPEN_NO_HEADER_SEARCH) { nError = ERROR_NOT_SUPPORTED; bSearchComplete = true; break; } // Move the pointers SearchOffset += 0x200; dwInBufferOffset += 0x200; } } // Did we identify one of the supported headers? if(nError == ERROR_SUCCESS) { // Set the user data position to the MPQ header, if none if(ha->pUserData == NULL) ha->UserDataPos = SearchOffset; // Set the position of the MPQ header ha->pHeader = (TMPQHeader *)ha->HeaderData; ha->MpqPos = SearchOffset; ha->FileSize = FileSize; // Sector size must be nonzero. if(SearchOffset >= FileSize || ha->pHeader->wSectorSize == 0) nError = ERROR_BAD_FORMAT; } } // Fix table positions according to format if(nError == ERROR_SUCCESS) { // Dump the header // DumpMpqHeader(ha->pHeader); // W3x Map Protectors use the fact that War3's Storm.dll ignores the MPQ user data, // and ignores the MPQ format version as well. The trick is to // fake MPQ format 2, with an improper hi-word position of hash table and block table // We can overcome such protectors by forcing opening the archive as MPQ v 1.0 if(dwFlags & MPQ_OPEN_FORCE_MPQ_V1) { ha->pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1; ha->pHeader->dwHeaderSize = MPQ_HEADER_SIZE_V1; ha->dwFlags |= MPQ_FLAG_READ_ONLY; ha->pUserData = NULL; } // Both MPQ_OPEN_NO_LISTFILE or MPQ_OPEN_NO_ATTRIBUTES trigger read only mode if(dwFlags & (MPQ_OPEN_NO_LISTFILE | MPQ_OPEN_NO_ATTRIBUTES)) ha->dwFlags |= MPQ_FLAG_READ_ONLY; // Remember whether whis is a map for Warcraft III if(bIsWarcraft3Map) ha->dwFlags |= MPQ_FLAG_WAR3_MAP; // Set the size of file sector ha->dwSectorSize = (0x200 << ha->pHeader->wSectorSize); // Verify if any of the tables doesn't start beyond the end of the file nError = VerifyMpqTablePositions(ha, FileSize); } // Read the hash table. Ignore the result, as hash table is no longer required // Read HET table. Ignore the result, as HET table is no longer required if(nError == ERROR_SUCCESS) { nError = LoadAnyHashTable(ha); } // Now, build the file table. It will be built by combining // the block table, BET table, hi-block table, (attributes) and (listfile). if(nError == ERROR_SUCCESS) { nError = BuildFileTable(ha); } // Load the internal listfile and include it to the file table if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_LISTFILE) == 0) { // Quick check for (listfile) pFileEntry = GetFileEntryLocale(ha, LISTFILE_NAME, LANG_NEUTRAL); if(pFileEntry != NULL) { // Ignore result of the operation. (listfile) is optional. SFileAddListFile((HANDLE)ha, NULL); ha->dwFileFlags1 = pFileEntry->dwFlags; } } // Load the "(attributes)" file and merge it to the file table if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_ATTRIBUTES) == 0 && (ha->dwFlags & MPQ_FLAG_BLOCK_TABLE_CUT) == 0) { // Quick check for (attributes) pFileEntry = GetFileEntryLocale(ha, ATTRIBUTES_NAME, LANG_NEUTRAL); if(pFileEntry != NULL) { // Ignore result of the operation. (attributes) is optional. SAttrLoadAttributes(ha); ha->dwFileFlags2 = pFileEntry->dwFlags; } } // Remember whether the archive has weak signature. Only for MPQs format 1.0. if(nError == ERROR_SUCCESS) { // Quick check for (signature) pFileEntry = GetFileEntryLocale(ha, SIGNATURE_NAME, LANG_NEUTRAL); if(pFileEntry != NULL) { // Just remember that the archive is weak-signed assert((pFileEntry->dwFlags & MPQ_FILE_EXISTS) != 0); ha->dwFileFlags3 = pFileEntry->dwFlags; } // Finally, set the MPQ_FLAG_READ_ONLY if the MPQ was found malformed ha->dwFlags |= (ha->dwFlags & MPQ_FLAG_MALFORMED) ? MPQ_FLAG_READ_ONLY : 0; } // Cleanup and exit if(nError != ERROR_SUCCESS) { FileStream_Close(pStream); FreeArchiveHandle(ha); SetLastError(nError); ha = NULL; } // Free the header buffer if(pbHeaderBuffer != NULL) STORM_FREE(pbHeaderBuffer); if(phMpq != NULL) *phMpq = ha; return (nError == ERROR_SUCCESS); }
BOOL SFileOpenArchiveEx( const char * szMpqName, DWORD dwPriority, DWORD dwFlags, HANDLE * phMPQ, DWORD dwAccessMode) { LARGE_INTEGER TempPos; TMPQArchive * ha = NULL; // Archive handle HANDLE hFile = INVALID_HANDLE_VALUE;// Opened archive file handle DWORD dwMaxBlockIndex = 0; // Maximum value of block entry DWORD dwBlockTableSize = 0; // Block table size. DWORD dwTransferred; // Number of bytes read DWORD dwBytes = 0; // Number of bytes to read int nError = ERROR_SUCCESS; // Check the right parameters if(nError == ERROR_SUCCESS) { if(szMpqName == NULL || *szMpqName == 0 || phMPQ == NULL) nError = ERROR_INVALID_PARAMETER; } // Ensure that StormBuffer is allocated if(nError == ERROR_SUCCESS) nError = PrepareStormBuffer(); // Open the MPQ archive file if(nError == ERROR_SUCCESS) { hFile = CreateFile(szMpqName, dwAccessMode, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); if(hFile == INVALID_HANDLE_VALUE) nError = GetLastError(); } // Allocate the MPQhandle if(nError == ERROR_SUCCESS) { if((ha = ALLOCMEM(TMPQArchive, 1)) == NULL) nError = ERROR_NOT_ENOUGH_MEMORY; } // Initialize handle structure and allocate structure for MPQ header if(nError == ERROR_SUCCESS) { memset(ha, 0, sizeof(TMPQArchive)); strncpy(ha->szFileName, szMpqName, strlen(szMpqName)); ha->hFile = hFile; ha->dwPriority = dwPriority; ha->pHeader = &ha->Header; ha->pListFile = NULL; hFile = INVALID_HANDLE_VALUE; } // Find the offset of MPQ header within the file if(nError == ERROR_SUCCESS) { LARGE_INTEGER SearchPos = {0}; LARGE_INTEGER MpqPos = {0}; DWORD dwHeaderID; for(;;) { // Invalidate the MPQ ID and read the eventual header SetFilePointer(ha->hFile, MpqPos.LowPart, &MpqPos.HighPart, FILE_BEGIN); ReadFile(ha->hFile, ha->pHeader, sizeof(TMPQHeader2), &dwTransferred, NULL); dwHeaderID = BSWAP_INT32_UNSIGNED(ha->pHeader->dwID); // Special check : Some MPQs are actually AVI files, only with // changed extension. if(MpqPos.QuadPart == 0 && IsAviFile(ha->pHeader)) { nError = ERROR_AVI_FILE; break; } // If different number of bytes read, break the loop if(dwTransferred != sizeof(TMPQHeader2)) { nError = ERROR_BAD_FORMAT; break; } // If there is the MPQ shunt signature, process it if(dwHeaderID == ID_MPQ_SHUNT && ha->pShunt == NULL) { // Fill the shunt header ha->ShuntPos = MpqPos; ha->pShunt = &ha->Shunt; memcpy(ha->pShunt, ha->pHeader, sizeof(TMPQShunt)); BSWAP_TMPQSHUNT(ha->pShunt); // Set the MPQ pos and repeat the search MpqPos.QuadPart = SearchPos.QuadPart + ha->pShunt->dwHeaderPos; continue; } // There must be MPQ header signature if(dwHeaderID == ID_MPQ) { BSWAP_TMPQHEADER(ha->pHeader); // Save the position where the MPQ header has been found ha->MpqPos = MpqPos; // If valid signature has been found, break the loop if(ha->pHeader->wFormatVersion == MPQ_FORMAT_VERSION_1) { // W3M Map Protectors set some garbage value into the "dwHeaderSize" // field of MPQ header. This value is apparently ignored by Storm.dll if(ha->pHeader->dwHeaderSize != sizeof(TMPQHeader) && ha->pHeader->dwHeaderSize != sizeof(TMPQHeader2)) { ha->dwFlags |= MPQ_FLAG_PROTECTED; ha->pHeader->dwHeaderSize = sizeof(TMPQHeader); } if(ha->pHeader->dwHashTablePos < ha->pHeader->dwArchiveSize && ha->pHeader->dwBlockTablePos < ha->pHeader->dwArchiveSize) { break; } } if(ha->pHeader->wFormatVersion == MPQ_FORMAT_VERSION_2) { break; } nError = ERROR_NOT_SUPPORTED; break; } // If a MPQ shunt already has been found, // and no MPQ header was at potision pointed by the shunt, // then the archive is corrupt if(ha->pShunt != NULL) { nError = ERROR_BAD_FORMAT; break; } // Move to the next possible offset SearchPos.QuadPart += 0x200; MpqPos = SearchPos; } } // Relocate tables position if(nError == ERROR_SUCCESS) { // Clear the fields not supported in older formats if(ha->pHeader->wFormatVersion < MPQ_FORMAT_VERSION_2) { ha->pHeader->ExtBlockTablePos.QuadPart = 0; ha->pHeader->wBlockTablePosHigh = 0; ha->pHeader->wHashTablePosHigh = 0; } ha->dwBlockSize = (0x200 << ha->pHeader->wBlockSize); nError = RelocateMpqTablePositions(ha); } // Allocate buffers if(nError == ERROR_SUCCESS) { // // Note that the block table should be as large as the hash table // (For later file additions). // // I have found a MPQ which has the block table larger than // the hash table. We should avoid buffer overruns caused by that. // dwBlockTableSize = max(ha->pHeader->dwHashTableSize, ha->pHeader->dwBlockTableSize); ha->pHashTable = ALLOCMEM(TMPQHash, ha->pHeader->dwHashTableSize); ha->pBlockTable = ALLOCMEM(TMPQBlock, dwBlockTableSize); ha->pExtBlockTable = ALLOCMEM(TMPQBlockEx, dwBlockTableSize); ha->pbBlockBuffer = ALLOCMEM(BYTE, ha->dwBlockSize); if(!ha->pHashTable || !ha->pBlockTable || !ha->pExtBlockTable || !ha->pbBlockBuffer) nError = ERROR_NOT_ENOUGH_MEMORY; } // Read the hash table into memory if(nError == ERROR_SUCCESS) { dwBytes = ha->pHeader->dwHashTableSize * sizeof(TMPQHash); SetFilePointer(ha->hFile, ha->HashTablePos.LowPart, &ha->HashTablePos.HighPart, FILE_BEGIN); ReadFile(ha->hFile, ha->pHashTable, dwBytes, &dwTransferred, NULL); if(dwTransferred != dwBytes) nError = ERROR_FILE_CORRUPT; } // Decrypt hash table and check if it is correctly decrypted if(nError == ERROR_SUCCESS) { TMPQHash * pHashEnd = ha->pHashTable + ha->pHeader->dwHashTableSize; TMPQHash * pHash; // We have to convert the hash table from LittleEndian BSWAP_ARRAY32_UNSIGNED((DWORD *)ha->pHashTable, (dwBytes / sizeof(DWORD))); DecryptHashTable((DWORD *)ha->pHashTable, (BYTE *)"(hash table)", (ha->pHeader->dwHashTableSize * 4)); // Check hash table if is correctly decrypted for(pHash = ha->pHashTable; pHash < pHashEnd; pHash++) { // Note: Some MPQs from World of Warcraft have wPlatform set to 0x0100. // If not free or deleted hash entry, check for valid values if(pHash->dwBlockIndex < HASH_ENTRY_DELETED) { // The block index should not be larger than size of the block table if(pHash->dwBlockIndex > ha->pHeader->dwBlockTableSize) { nError = ERROR_BAD_FORMAT; break; } // Remember the highest block table entry if(pHash->dwBlockIndex > dwMaxBlockIndex) dwMaxBlockIndex = pHash->dwBlockIndex; } } } // Now, read the block table if(nError == ERROR_SUCCESS) { memset(ha->pBlockTable, 0, dwBlockTableSize * sizeof(TMPQBlock)); dwBytes = ha->pHeader->dwBlockTableSize * sizeof(TMPQBlock); SetFilePointer(ha->hFile, ha->BlockTablePos.LowPart, &ha->BlockTablePos.HighPart, FILE_BEGIN); ReadFile(ha->hFile, ha->pBlockTable, dwBytes, &dwTransferred, NULL); // We have to convert every DWORD in ha->block from LittleEndian BSWAP_ARRAY32_UNSIGNED((DWORD *)ha->pBlockTable, dwBytes / sizeof(DWORD)); if(dwTransferred != dwBytes) nError = ERROR_FILE_CORRUPT; } // Decrypt block table. // Some MPQs don't have Decrypted block table, e.g. cracked Diablo version // We have to check if block table is really encrypted if(nError == ERROR_SUCCESS) { TMPQBlock * pBlockEnd = ha->pBlockTable + ha->pHeader->dwBlockTableSize; TMPQBlock * pBlock = ha->pBlockTable; BOOL bBlockTableEncrypted = FALSE; // Verify all blocks entries in the table // The loop usually stops at the first entry while(pBlock < pBlockEnd) { // The lower 8 bits of the MPQ flags are always zero. // Note that this may change in next MPQ versions if(pBlock->dwFlags & 0x000000FF) { bBlockTableEncrypted = TRUE; break; } // Move to the next block table entry pBlock++; } if(bBlockTableEncrypted) { DecryptBlockTable((DWORD *)ha->pBlockTable, (BYTE *)"(block table)", (ha->pHeader->dwBlockTableSize * 4)); } } // Now, read the extended block table. // For V1 archives, we still will maintain the extended block table // (it will be filled with zeros) // TODO: Test with >4GB if(nError == ERROR_SUCCESS) { memset(ha->pExtBlockTable, 0, dwBlockTableSize * sizeof(TMPQBlockEx)); if(ha->pHeader->ExtBlockTablePos.QuadPart != 0) { dwBytes = ha->pHeader->dwBlockTableSize * sizeof(TMPQBlockEx); SetFilePointer(ha->hFile, ha->ExtBlockTablePos.LowPart, &ha->ExtBlockTablePos.HighPart, FILE_BEGIN); ReadFile(ha->hFile, ha->pExtBlockTable, dwBytes, &dwTransferred, NULL); // We have to convert every DWORD in ha->block from LittleEndian BSWAP_ARRAY16_UNSIGNED((USHORT *)ha->pExtBlockTable, dwBytes / sizeof(USHORT)); // The extended block table is not encrypted (so far) if(dwTransferred != dwBytes) nError = ERROR_FILE_CORRUPT; } } // Verify the both block tables (If the MPQ file is not protected) if(nError == ERROR_SUCCESS && (ha->dwFlags & MPQ_FLAG_PROTECTED) == 0) { TMPQBlockEx * pBlockEx = ha->pExtBlockTable; TMPQBlock * pBlockEnd = ha->pBlockTable + dwMaxBlockIndex + 1; TMPQBlock * pBlock = ha->pBlockTable; // If the MPQ file is not protected, // we will check if all sizes in the block table is correct. // Note that we will not relocate the block table (change from previous versions) for(; pBlock < pBlockEnd; pBlock++, pBlockEx++) { if(pBlock->dwFlags & MPQ_FILE_EXISTS) { // Get the 64-bit file position TempPos.HighPart = pBlockEx->wFilePosHigh; TempPos.LowPart = pBlock->dwFilePos; if(TempPos.QuadPart > ha->MpqSize.QuadPart || pBlock->dwCSize > ha->MpqSize.QuadPart) { nError = ERROR_BAD_FORMAT; break; } } } } // If the user didn't specified otherwise, // include the internal listfile to the TMPQArchive structure if((dwFlags & MPQ_OPEN_NO_LISTFILE) == 0) { if(nError == ERROR_SUCCESS) SListFileCreateListFile(ha); // Add the internal listfile if(nError == ERROR_SUCCESS) SFileAddListFile((HANDLE)ha, NULL); } // Cleanup and exit if(nError != ERROR_SUCCESS) { FreeMPQArchive(ha); if(hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile); SetLastError(nError); } else { if(pFirstOpen == NULL) pFirstOpen = ha; } *phMPQ = ha; return (nError == ERROR_SUCCESS); }
bool WINAPI SFileOpenArchive( const TCHAR * szMpqName, DWORD dwPriority, DWORD dwFlags, HANDLE * phMpq) { TMPQUserData * pUserData; TFileStream * pStream = NULL; // Open file stream TMPQArchive * ha = NULL; // Archive handle TFileEntry * pFileEntry; ULONGLONG FileSize = 0; // Size of the file int nError = ERROR_SUCCESS; // Verify the parameters if(szMpqName == NULL || *szMpqName == 0 || phMpq == NULL) nError = ERROR_INVALID_PARAMETER; // One time initialization of MPQ cryptography InitializeMpqCryptography(); dwPriority = dwPriority; // Open the MPQ archive file if(nError == ERROR_SUCCESS) { DWORD dwStreamFlags = (dwFlags & STREAM_FLAGS_MASK); // If not forcing MPQ v 1.0, also use file bitmap dwStreamFlags |= (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) ? 0 : STREAM_FLAG_USE_BITMAP; // Initialize the stream pStream = FileStream_OpenFile(szMpqName, dwStreamFlags); if(pStream == NULL) nError = GetLastError(); } // Check the file size. There must be at least 0x20 bytes if(nError == ERROR_SUCCESS) { FileStream_GetSize(pStream, &FileSize); if(FileSize < MPQ_HEADER_SIZE_V1) nError = ERROR_BAD_FORMAT; } // Allocate the MPQhandle if(nError == ERROR_SUCCESS) { if((ha = STORM_ALLOC(TMPQArchive, 1)) == NULL) nError = ERROR_NOT_ENOUGH_MEMORY; } // Initialize handle structure and allocate structure for MPQ header if(nError == ERROR_SUCCESS) { ULONGLONG SearchOffset = 0; DWORD dwStreamFlags = 0; DWORD dwHeaderSize; DWORD dwHeaderID; memset(ha, 0, sizeof(TMPQArchive)); ha->pfnHashString = HashString; ha->pStream = pStream; pStream = NULL; // Set the archive read only if the stream is read-only FileStream_GetFlags(ha->pStream, &dwStreamFlags); ha->dwFlags |= (dwStreamFlags & STREAM_FLAG_READ_ONLY) ? MPQ_FLAG_READ_ONLY : 0; // Also remember if we shall check sector CRCs when reading file if(dwFlags & MPQ_OPEN_CHECK_SECTOR_CRC) ha->dwFlags |= MPQ_FLAG_CHECK_SECTOR_CRC; // Find the offset of MPQ header within the file while(SearchOffset < FileSize) { DWORD dwBytesAvailable = MPQ_HEADER_SIZE_V4; // Cut the bytes available, if needed if((FileSize - SearchOffset) < MPQ_HEADER_SIZE_V4) dwBytesAvailable = (DWORD)(FileSize - SearchOffset); // Read the eventual MPQ header if(!FileStream_Read(ha->pStream, &SearchOffset, ha->HeaderData, dwBytesAvailable)) { nError = GetLastError(); break; } // There are AVI files from Warcraft III with 'MPQ' extension. if(SearchOffset == 0 && IsAviFile(ha->HeaderData)) { nError = ERROR_AVI_FILE; break; } // If there is the MPQ user data signature, process it dwHeaderID = BSWAP_INT32_UNSIGNED(ha->HeaderData[0]); if(dwHeaderID == ID_MPQ_USERDATA && ha->pUserData == NULL && (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) == 0) { // Verify if this looks like a valid user data pUserData = IsValidMpqUserData(SearchOffset, FileSize, ha->HeaderData); if(pUserData != NULL) { // Fill the user data header ha->UserDataPos = SearchOffset; ha->pUserData = &ha->UserData; memcpy(ha->pUserData, pUserData, sizeof(TMPQUserData)); // Continue searching from that position SearchOffset += ha->pUserData->dwHeaderOffs; continue; } } // There must be MPQ header signature. Note that STORM.dll from Warcraft III actually // tests the MPQ header size. It must be at least 0x20 bytes in order to load it // Abused by Spazzler Map protector. Note that the size check is not present // in Storm.dll v 1.00, so Diablo I code would load the MPQ anyway. dwHeaderSize = BSWAP_INT32_UNSIGNED(ha->HeaderData[1]); if(dwHeaderID == ID_MPQ && dwHeaderSize >= MPQ_HEADER_SIZE_V1) { // Now convert the header to version 4 nError = ConvertMpqHeaderToFormat4(ha, SearchOffset, FileSize, dwFlags); break; } // Check for MPK archives (Longwu Online - MPQ fork) if(dwHeaderID == ID_MPK) { // Now convert the MPK header to MPQ Header version 4 nError = ConvertMpkHeaderToFormat4(ha, FileSize, dwFlags); break; } // If searching for the MPQ header is disabled, return an error if(dwFlags & MPQ_OPEN_NO_HEADER_SEARCH) { nError = ERROR_NOT_SUPPORTED; break; } // Move to the next possible offset SearchOffset += 0x200; } // Did we identify one of the supported headers? if(nError == ERROR_SUCCESS) { // Set the user data position to the MPQ header, if none if(ha->pUserData == NULL) ha->UserDataPos = SearchOffset; // Set the position of the MPQ header ha->pHeader = (TMPQHeader *)ha->HeaderData; ha->MpqPos = SearchOffset; // Sector size must be nonzero. if(SearchOffset >= FileSize || ha->pHeader->wSectorSize == 0) nError = ERROR_BAD_FORMAT; } } // Fix table positions according to format if(nError == ERROR_SUCCESS) { // Dump the header // DumpMpqHeader(ha->pHeader); // W3x Map Protectors use the fact that War3's Storm.dll ignores the MPQ user data, // and ignores the MPQ format version as well. The trick is to // fake MPQ format 2, with an improper hi-word position of hash table and block table // We can overcome such protectors by forcing opening the archive as MPQ v 1.0 if(dwFlags & MPQ_OPEN_FORCE_MPQ_V1) { ha->pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1; ha->pHeader->dwHeaderSize = MPQ_HEADER_SIZE_V1; ha->dwFlags |= MPQ_FLAG_READ_ONLY; ha->pUserData = NULL; } // Both MPQ_OPEN_NO_LISTFILE or MPQ_OPEN_NO_ATTRIBUTES trigger read only mode if(dwFlags & (MPQ_OPEN_NO_LISTFILE | MPQ_OPEN_NO_ATTRIBUTES)) ha->dwFlags |= MPQ_FLAG_READ_ONLY; // Set the size of file sector ha->dwSectorSize = (0x200 << ha->pHeader->wSectorSize); // Verify if any of the tables doesn't start beyond the end of the file nError = VerifyMpqTablePositions(ha, FileSize); } // Read the hash table. Ignore the result, as hash table is no longer required // Read HET table. Ignore the result, as HET table is no longer required if(nError == ERROR_SUCCESS) { nError = LoadAnyHashTable(ha); } // Now, build the file table. It will be built by combining // the block table, BET table, hi-block table, (attributes) and (listfile). if(nError == ERROR_SUCCESS) { nError = BuildFileTable(ha); } // Verify the file table, if no kind of malformation was detected if(nError == ERROR_SUCCESS && (ha->dwFlags & MPQ_FLAG_MALFORMED) == 0) { TFileEntry * pFileTableEnd = ha->pFileTable + ha->dwFileTableSize; ULONGLONG RawFilePos; // Parse all file entries for(pFileEntry = ha->pFileTable; pFileEntry < pFileTableEnd; pFileEntry++) { // If that file entry is valid, check the file position if(pFileEntry->dwFlags & MPQ_FILE_EXISTS) { // Get the 64-bit file position, // relative to the begin of the file RawFilePos = ha->MpqPos + pFileEntry->ByteOffset; // Begin of the file must be within range if(RawFilePos > FileSize) { nError = ERROR_FILE_CORRUPT; break; } // End of the file must be within range RawFilePos += pFileEntry->dwCmpSize; if(RawFilePos > FileSize) { nError = ERROR_FILE_CORRUPT; break; } } } } // Load the internal listfile and include it to the file table if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_LISTFILE) == 0) { // Save the flags for (listfile) pFileEntry = GetFileEntryLocale(ha, LISTFILE_NAME, LANG_NEUTRAL); if(pFileEntry != NULL) { // Ignore result of the operation. (listfile) is optional. SFileAddListFile((HANDLE)ha, NULL); ha->dwFileFlags1 = pFileEntry->dwFlags; } } // Load the "(attributes)" file and merge it to the file table if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_ATTRIBUTES) == 0) { // Save the flags for (attributes) pFileEntry = GetFileEntryLocale(ha, ATTRIBUTES_NAME, LANG_NEUTRAL); if(pFileEntry != NULL) { // Ignore result of the operation. (attributes) is optional. SAttrLoadAttributes(ha); ha->dwFileFlags2 = pFileEntry->dwFlags; } } // Cleanup and exit if(nError != ERROR_SUCCESS) { FileStream_Close(pStream); FreeMPQArchive(ha); SetLastError(nError); ha = NULL; } *phMpq = ha; return (nError == ERROR_SUCCESS); }
static int ApplyFilePatch_BSD0( TMPQPatcher * pPatcher, PMPQ_PATCH_HEADER pFullPatch, unsigned char * pbTarget, unsigned char * pbSource) { PBLIZZARD_BSDIFF40_FILE pBsdiff; PBSDIFF_CTRL_BLOCK pCtrlBlock; unsigned char * pbPatchData = (unsigned char *)(pFullPatch + 1); unsigned char * pDataBlock; unsigned char * pExtraBlock; unsigned char * pbOldData = pbSource; unsigned char * pbNewData = pbTarget; uint32_t dwCombineSize; uint32_t dwNewOffset = 0; /* Current position to patch */ uint32_t dwOldOffset = 0; /* Current source position */ uint32_t dwNewSize; /* Patched file size */ uint32_t dwOldSize = pPatcher->cbFileData; /* File size before patch */ /* Get pointer to the patch header */ /* Format of BSDIFF header corresponds to original BSDIFF, which is: */ /* 0000 8 bytes signature "BSDIFF40" */ /* 0008 8 bytes size of the control block */ /* 0010 8 bytes size of the data block */ /* 0018 8 bytes new size of the patched file */ pBsdiff = (PBLIZZARD_BSDIFF40_FILE)pbPatchData; pbPatchData += sizeof(BLIZZARD_BSDIFF40_FILE); /* Get pointer to the 32-bit BSDIFF control block */ /* The control block follows immediately after the BSDIFF header */ /* and consists of three 32-bit integers */ /* 0000 4 bytes Length to copy from the BSDIFF data block the new file */ /* 0004 4 bytes Length to copy from the BSDIFF extra block */ /* 0008 4 bytes Size to increment source file offset */ pCtrlBlock = (PBSDIFF_CTRL_BLOCK)pbPatchData; pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->CtrlBlockSize); /* Get the pointer to the data block */ pDataBlock = (unsigned char *)pbPatchData; pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->DataBlockSize); /* Get the pointer to the extra block */ pExtraBlock = (unsigned char *)pbPatchData; dwNewSize = (uint32_t)BSWAP_INT64_UNSIGNED(pBsdiff->NewFileSize); /* Now patch the file */ while(dwNewOffset < dwNewSize) { uint32_t dwAddDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwAddDataLength); uint32_t dwMovDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwMovDataLength); uint32_t dwOldMoveLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwOldMoveLength); uint32_t i; /* Sanity check */ if((dwNewOffset + dwAddDataLength) > dwNewSize) return ERROR_FILE_CORRUPT; /* Read the diff string to the target buffer */ memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength); pDataBlock += dwAddDataLength; /* Get the longest block that we can combine */ dwCombineSize = ((dwOldOffset + dwAddDataLength) >= dwOldSize) ? (dwOldSize - dwOldOffset) : dwAddDataLength; /* Now combine the patch data with the original file */ for(i = 0; i < dwCombineSize; i++) pbNewData[dwNewOffset + i] = pbNewData[dwNewOffset + i] + pbOldData[dwOldOffset + i]; /* Move the offsets */ dwNewOffset += dwAddDataLength; dwOldOffset += dwAddDataLength; /* Sanity check */ if((dwNewOffset + dwMovDataLength) > dwNewSize) return ERROR_FILE_CORRUPT; /* Copy the data from the extra block in BSDIFF patch */ memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength); pExtraBlock += dwMovDataLength; dwNewOffset += dwMovDataLength; /* Move the old offset */ if(dwOldMoveLength & 0x80000000) dwOldMoveLength = 0x80000000 - dwOldMoveLength; dwOldOffset += dwOldMoveLength; pCtrlBlock++; } /* The size after patch must match */ if(dwNewOffset != pFullPatch->dwSizeAfterPatch) return ERROR_FILE_CORRUPT; /* Update the new data size */ pPatcher->cbFileData = dwNewOffset; return ERROR_SUCCESS; }