static bool IsWarcraft3Map(DWORD * HeaderData)
{
DWORD DwordValue0 = BSWAP_INT32_UNSIGNED(HeaderData[0]);
DWORD DwordValue1 = BSWAP_INT32_UNSIGNED(HeaderData[1]);
return (DwordValue0 == 0x57334D48 && DwordValue1 == 0x00000000);
}
static bool IsAviFile(DWORD * HeaderData)
{
DWORD DwordValue0 = BSWAP_INT32_UNSIGNED(HeaderData[0]);
DWORD DwordValue2 = BSWAP_INT32_UNSIGNED(HeaderData[2]);
DWORD DwordValue3 = BSWAP_INT32_UNSIGNED(HeaderData[3]);
// Test for 'RIFF', 'AVI ' or 'LIST'
return (DwordValue0 == 0x46464952 && DwordValue2 == 0x20495641 && DwordValue3 == 0x5453494C);
}
static bool IsAviFile(void * pvFileBegin)
{
LPDWORD AviHeader = (DWORD *)pvFileBegin;
DWORD DwordValue0 = BSWAP_INT32_UNSIGNED(AviHeader[0]);
DWORD DwordValue2 = BSWAP_INT32_UNSIGNED(AviHeader[2]);
DWORD DwordValue3 = BSWAP_INT32_UNSIGNED(AviHeader[3]);
// Test for 'RIFF', 'AVI ' or 'LIST'
return (DwordValue0 == 0x46464952 && DwordValue2 == 0x20495641 && DwordValue3 == 0x5453494C);
}
static int LoadMpqPatch(TMPQFile * hf)
{
TPatchHeader PatchHeader;
DWORD dwBytesRead;
int nError = ERROR_SUCCESS;
// Read the patch header
SFileReadFile((HANDLE)hf, &PatchHeader, sizeof(TPatchHeader), &dwBytesRead);
if(dwBytesRead != sizeof(TPatchHeader))
nError = ERROR_FILE_CORRUPT;
// Verify the signatures in the patch header
if(nError == ERROR_SUCCESS)
{
// BSWAP the entire header, if needed
BSWAP_ARRAY32_UNSIGNED(&PatchHeader, sizeof(DWORD) * 6);
PatchHeader.dwXFRM = BSWAP_INT32_UNSIGNED(PatchHeader.dwXFRM);
PatchHeader.dwXfrmBlockSize = BSWAP_INT32_UNSIGNED(PatchHeader.dwXfrmBlockSize);
PatchHeader.dwPatchType = BSWAP_INT32_UNSIGNED(PatchHeader.dwPatchType);
if(PatchHeader.dwSignature != 0x48435450 || PatchHeader.dwMD5 != 0x5f35444d || PatchHeader.dwXFRM != 0x4d524658)
nError = ERROR_FILE_CORRUPT;
}
// Read the patch, depending on patch type
if(nError == ERROR_SUCCESS)
{
switch(PatchHeader.dwPatchType)
{
case 0x59504f43: // 'COPY'
nError = LoadMpqPatch_COPY(hf, &PatchHeader);
break;
case 0x30445342: // 'BSD0'
nError = LoadMpqPatch_BSD0(hf, &PatchHeader);
break;
default:
nError = ERROR_FILE_CORRUPT;
break;
}
}
return nError;
}
bool IsPatchData(const void * pvData, DWORD cbData, LPDWORD pdwPatchedFileSize)
{
TPatchHeader * pPatchHeader = (TPatchHeader *)pvData;
BLIZZARD_BSDIFF40_FILE DiffFile;
DWORD dwPatchType;
if(cbData >= sizeof(TPatchHeader) + sizeof(BLIZZARD_BSDIFF40_FILE))
{
dwPatchType = BSWAP_INT32_UNSIGNED(pPatchHeader->dwPatchType);
if(dwPatchType == 0x30445342)
{
// Give the caller the patch file size
if(pdwPatchedFileSize != NULL)
{
Decompress_RLE((LPBYTE)&DiffFile, sizeof(BLIZZARD_BSDIFF40_FILE), (LPBYTE)(pPatchHeader + 1), sizeof(BLIZZARD_BSDIFF40_FILE));
DiffFile.NewFileSize = BSWAP_INT64_UNSIGNED(DiffFile.NewFileSize);
*pdwPatchedFileSize = (DWORD)DiffFile.NewFileSize;
return true;
}
}
}
return false;
}
bool WINAPI SFileOpenArchive(
const char * szMpqName,
DWORD dwPriority,
DWORD dwFlags,
HANDLE * phMpq)
{
TFileStream * pStream = NULL; // Open file stream
TMPQArchive * ha = NULL; // Archive handle
ULONGLONG FileSize = 0; // Size of the file
int nError = ERROR_SUCCESS;
// Verify the parameters
if (szMpqName == NULL || *szMpqName == 0 || phMpq == NULL)
nError = ERROR_INVALID_PARAMETER;
// One time initialization of MPQ cryptography
InitializeMpqCryptography();
dwPriority = dwPriority;
// Open the MPQ archive file
if (nError == ERROR_SUCCESS)
{
if (!(dwFlags & MPQ_OPEN_ENCRYPTED))
{
pStream = FileStream_OpenFile(szMpqName, (dwFlags & MPQ_OPEN_READ_ONLY) ? false : true);
if (pStream == NULL)
nError = GetLastError();
}
else
{
pStream = FileStream_OpenEncrypted(szMpqName);
if (pStream == NULL)
nError = GetLastError();
}
}
// Allocate the MPQhandle
if (nError == ERROR_SUCCESS)
{
FileStream_GetSize(pStream, FileSize);
if ((ha = ALLOCMEM(TMPQArchive, 1)) == NULL)
nError = ERROR_NOT_ENOUGH_MEMORY;
}
// Initialize handle structure and allocate structure for MPQ header
if (nError == ERROR_SUCCESS)
{
memset(ha, 0, sizeof(TMPQArchive));
ha->pStream = pStream;
pStream = NULL;
// Remember if the archive is open for write
if (ha->pStream->StreamFlags & (STREAM_FLAG_READ_ONLY | STREAM_FLAG_ENCRYPTED_FILE))
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
// Also remember if we shall check sector CRCs when reading file
if (dwFlags & MPQ_OPEN_CHECK_SECTOR_CRC)
ha->dwFlags |= MPQ_FLAG_CHECK_SECTOR_CRC;
}
// Find the offset of MPQ header within the file
if (nError == ERROR_SUCCESS)
{
ULONGLONG SearchPos = 0;
DWORD dwHeaderID;
while (SearchPos < FileSize)
{
DWORD dwBytesAvailable = MPQ_HEADER_SIZE_V4;
// Cut the bytes available, if needed
if ((FileSize - SearchPos) < MPQ_HEADER_SIZE_V4)
dwBytesAvailable = (DWORD)(FileSize - SearchPos);
// Read the eventual MPQ header
if (!FileStream_Read(ha->pStream, &SearchPos, ha->HeaderData, dwBytesAvailable))
{
nError = GetLastError();
break;
}
// There are AVI files from Warcraft III with 'MPQ' extension.
if (SearchPos == 0 && IsAviFile(ha->HeaderData))
{
nError = ERROR_AVI_FILE;
break;
}
// If there is the MPQ user data signature, process it
dwHeaderID = BSWAP_INT32_UNSIGNED(*(LPDWORD)ha->HeaderData);
if (dwHeaderID == ID_MPQ_USERDATA && ha->pUserData == NULL)
{
// Ignore the MPQ user data completely if the caller wants to open the MPQ as V1.0
if ((dwFlags & MPQ_OPEN_FORCE_MPQ_V1) == 0)
{
// Fill the user data header
ha->pUserData = &ha->UserData;
memcpy(ha->pUserData, ha->HeaderData, sizeof(TMPQUserData));
BSWAP_TMPQUSERDATA(ha->pUserData);
// Remember the position of the user data and continue search
ha->UserDataPos = SearchPos;
SearchPos += ha->pUserData->dwHeaderOffs;
continue;
}
}
// There must be MPQ header signature
if (dwHeaderID == ID_MPQ)
{
// Save the position where the MPQ header has been found
if (ha->pUserData == NULL)
ha->UserDataPos = SearchPos;
ha->pHeader = (TMPQHeader *)ha->HeaderData;
ha->MpqPos = SearchPos;
// Now convert the header to version 4
BSWAP_TMPQHEADER(ha->pHeader);
ConvertMpqHeaderToFormat4(ha, FileSize, dwFlags);
break;
}
// Move to the next possible offset
SearchPos += 0x200;
}
// If we haven't found MPQ header in the file, it's an error
if (ha->pHeader == NULL)
nError = ERROR_BAD_FORMAT;
}
// Fix table positions according to format
if (nError == ERROR_SUCCESS)
{
// W3x Map Protectors use the fact that War3's Storm.dll ignores the MPQ user data,
// and probably ignores the MPQ format version as well. The trick is to
// fake MPQ format 2, with an improper hi-word position of hash table and block table
// We can overcome such protectors by forcing opening the archive as MPQ v 1.0
if (dwFlags & MPQ_OPEN_FORCE_MPQ_V1)
{
ha->pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1;
ha->pHeader->dwHeaderSize = MPQ_HEADER_SIZE_V1;
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
ha->pUserData = NULL;
}
// Both MPQ_OPEN_NO_LISTFILE or MPQ_OPEN_NO_ATTRIBUTES trigger read only mode
if (dwFlags & (MPQ_OPEN_NO_LISTFILE | MPQ_OPEN_NO_ATTRIBUTES))
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
// Set the size of file sector
ha->dwSectorSize = (0x200 << ha->pHeader->wSectorSize);
// Verify if any of the tables doesn't start beyond the end of the file
nError = VerifyMpqTablePositions(ha, FileSize);
}
// Read the hash table.
// "interface.MPQ.part" in trial version of World of Warcraft
// has compressed block table and hash table.
if (nError == ERROR_SUCCESS)
{
//
// Note: We will not check if the hash table is properly decrypted.
// Some MPQ protectors corrupt the hash table by rewriting part of it.
// Hash table, the way how it works, allows arbitrary values for unused entries.
//
nError = LoadHashTable(ha);
}
// Read Het and Bet tables, if they are present
if (nError == ERROR_SUCCESS)
{
nError = LoadHetAndBetTable(ha);
if (ha->pHetTable || ha->pBetTable)
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
}
// Now, build the file table. It will be built by combining
// the block table, hi-block table, (attributes) and (listfile).
if (nError == ERROR_SUCCESS)
{
nError = BuildFileTable(ha, FileSize);
}
// Verify the block table, if no kind of protection was detected
if (nError == ERROR_SUCCESS && (ha->dwFlags & MPQ_FLAG_PROTECTED) == 0)
{
TFileEntry * pFileTableEnd = ha->pFileTable + ha->pHeader->dwBlockTableSize;
TFileEntry * pFileEntry = ha->pFileTable;
// ULONGLONG ArchiveSize = 0;
ULONGLONG RawFilePos;
// Parse all file entries
for (pFileEntry = ha->pFileTable; pFileEntry < pFileTableEnd; pFileEntry++)
{
// If that file entry is valid, check the file position
if (pFileEntry->dwFlags & MPQ_FILE_EXISTS)
{
// Get the 64-bit file position,
// relative to the begin of the file
RawFilePos = ha->MpqPos + pFileEntry->ByteOffset;
// Begin of the file must be within range
if (RawFilePos > FileSize)
{
nError = ERROR_FILE_CORRUPT;
break;
}
// End of the file must be within range
RawFilePos += pFileEntry->dwCmpSize;
if (RawFilePos > FileSize)
{
nError = ERROR_FILE_CORRUPT;
break;
}
// Also, we remember end of the file
// if (RawFilePos > ArchiveSize)
// ArchiveSize = RawFilePos;
}
}
}
// Load the "(attributes)" file and merge it to the file table
if (nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_ATTRIBUTES) == 0)
{
// Ignore result of the operation. (attributes) is optional.
SAttrLoadAttributes(ha);
}
// Load the internal listfile and include it to the file table
if (nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_LISTFILE) == 0)
{
// Ignore result of the operation. (listfile) is optional.
SFileAddListFile((HANDLE)ha, NULL);
}
// Test the indexes from BET and BET table
#ifdef __STORMLIB_TEST__
if (nError == ERROR_SUCCESS)
{
TestNewHashBlockTables(ha);
}
#endif
// Cleanup and exit
if (nError != ERROR_SUCCESS)
{
FileStream_Close(pStream);
FreeMPQArchive(ha);
SetLastError(nError);
ha = NULL;
}
*phMpq = ha;
return (nError == ERROR_SUCCESS);
}
static int ApplyFilePatch_BSD0(
TMPQPatcher * pPatcher,
PMPQ_PATCH_HEADER pFullPatch,
LPBYTE pbTarget,
LPBYTE pbSource)
{
PBLIZZARD_BSDIFF40_FILE pBsdiff;
PBSDIFF_CTRL_BLOCK pCtrlBlock;
LPBYTE pbPatchData = (LPBYTE)(pFullPatch + 1);
LPBYTE pDataBlock;
LPBYTE pExtraBlock;
LPBYTE pbOldData = pbSource;
LPBYTE pbNewData = pbTarget;
DWORD dwCombineSize;
DWORD dwNewOffset = 0; // Current position to patch
DWORD dwOldOffset = 0; // Current source position
DWORD dwNewSize; // Patched file size
DWORD dwOldSize = pPatcher->cbFileData; // File size before patch
// Get pointer to the patch header
// Format of BSDIFF header corresponds to original BSDIFF, which is:
// 0000 8 bytes signature "BSDIFF40"
// 0008 8 bytes size of the control block
// 0010 8 bytes size of the data block
// 0018 8 bytes new size of the patched file
pBsdiff = (PBLIZZARD_BSDIFF40_FILE)pbPatchData;
pbPatchData += sizeof(BLIZZARD_BSDIFF40_FILE);
// Get pointer to the 32-bit BSDIFF control block
// The control block follows immediately after the BSDIFF header
// and consists of three 32-bit integers
// 0000 4 bytes Length to copy from the BSDIFF data block the new file
// 0004 4 bytes Length to copy from the BSDIFF extra block
// 0008 4 bytes Size to increment source file offset
pCtrlBlock = (PBSDIFF_CTRL_BLOCK)pbPatchData;
pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->CtrlBlockSize);
// Get the pointer to the data block
pDataBlock = (LPBYTE)pbPatchData;
pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->DataBlockSize);
// Get the pointer to the extra block
pExtraBlock = (LPBYTE)pbPatchData;
dwNewSize = (DWORD)BSWAP_INT64_UNSIGNED(pBsdiff->NewFileSize);
// Now patch the file
while(dwNewOffset < dwNewSize)
{
DWORD dwAddDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwAddDataLength);
DWORD dwMovDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwMovDataLength);
DWORD dwOldMoveLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwOldMoveLength);
DWORD i;
// Sanity check
if((dwNewOffset + dwAddDataLength) > dwNewSize)
return ERROR_FILE_CORRUPT;
// Read the diff string to the target buffer
memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength);
pDataBlock += dwAddDataLength;
// Get the longest block that we can combine
dwCombineSize = ((dwOldOffset + dwAddDataLength) >= dwOldSize) ? (dwOldSize - dwOldOffset) : dwAddDataLength;
if((dwNewOffset + dwCombineSize) > dwNewSize || (dwNewOffset + dwCombineSize) < dwNewOffset)
return ERROR_FILE_CORRUPT;
// Now combine the patch data with the original file
for(i = 0; i < dwCombineSize; i++)
pbNewData[dwNewOffset + i] = pbNewData[dwNewOffset + i] + pbOldData[dwOldOffset + i];
// Move the offsets
dwNewOffset += dwAddDataLength;
dwOldOffset += dwAddDataLength;
// Sanity check
if((dwNewOffset + dwMovDataLength) > dwNewSize)
return ERROR_FILE_CORRUPT;
// Copy the data from the extra block in BSDIFF patch
memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength);
pExtraBlock += dwMovDataLength;
dwNewOffset += dwMovDataLength;
// Move the old offset
if(dwOldMoveLength & 0x80000000)
dwOldMoveLength = 0x80000000 - dwOldMoveLength;
dwOldOffset += dwOldMoveLength;
pCtrlBlock++;
}
// The size after patch must match
if(dwNewOffset != pFullPatch->dwSizeAfterPatch)
return ERROR_FILE_CORRUPT;
// Update the new data size
pPatcher->cbFileData = dwNewOffset;
return ERROR_SUCCESS;
}
static int ApplyMpqPatch_BSD0(
TMPQFile * hf,
TPatchHeader * pPatchHeader)
{
PBLIZZARD_BSDIFF40_FILE pBsdiff;
LPDWORD pCtrlBlock;
LPBYTE pbPatchData = (LPBYTE)pPatchHeader + sizeof(TPatchHeader);
LPBYTE pDataBlock;
LPBYTE pExtraBlock;
LPBYTE pbNewData = NULL;
LPBYTE pbOldData = (LPBYTE)hf->pbFileData;
DWORD dwNewOffset = 0; // Current position to patch
DWORD dwOldOffset = 0; // Current source position
DWORD dwNewSize; // Patched file size
DWORD dwOldSize = hf->cbFileData; // File size before patch
// Get pointer to the patch header
// Format of BSDIFF header corresponds to original BSDIFF, which is:
// 0000 8 bytes signature "BSDIFF40"
// 0008 8 bytes size of the control block
// 0010 8 bytes size of the data block
// 0018 8 bytes new size of the patched file
pBsdiff = (PBLIZZARD_BSDIFF40_FILE)pbPatchData;
pbPatchData += sizeof(BLIZZARD_BSDIFF40_FILE);
// Get pointer to the 32-bit BSDIFF control block
// The control block follows immediately after the BSDIFF header
// and consists of three 32-bit integers
// 0000 4 bytes Length to copy from the BSDIFF data block the new file
// 0004 4 bytes Length to copy from the BSDIFF extra block
// 0008 4 bytes Size to increment source file offset
pCtrlBlock = (LPDWORD)pbPatchData;
pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->CtrlBlockSize);
// Get the pointer to the data block
pDataBlock = (LPBYTE)pbPatchData;
pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->DataBlockSize);
// Get the pointer to the extra block
pExtraBlock = (LPBYTE)pbPatchData;
dwNewSize = (DWORD)BSWAP_INT64_UNSIGNED(pBsdiff->NewFileSize);
// Allocate new buffer
pbNewData = ALLOCMEM(BYTE, dwNewSize);
if(pbNewData == NULL)
return ERROR_NOT_ENOUGH_MEMORY;
// Now patch the file
while(dwNewOffset < dwNewSize)
{
DWORD dwAddDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock[0]);
DWORD dwMovDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock[1]);
DWORD dwOldMoveLength = BSWAP_INT32_UNSIGNED(pCtrlBlock[2]);
DWORD i;
// Sanity check
if((dwNewOffset + dwAddDataLength) > dwNewSize)
{
FREEMEM(pbNewData);
return ERROR_FILE_CORRUPT;
}
// Read the diff string to the target buffer
memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength);
pDataBlock += dwAddDataLength;
// Now combine the patch data with the original file
for(i = 0; i < dwAddDataLength; i++)
{
if(dwOldOffset < dwOldSize)
pbNewData[dwNewOffset] = pbNewData[dwNewOffset] + pbOldData[dwOldOffset];
dwNewOffset++;
dwOldOffset++;
}
// Sanity check
if((dwNewOffset + dwMovDataLength) > dwNewSize)
{
FREEMEM(pbNewData);
return ERROR_FILE_CORRUPT;
}
// Copy the data from the extra block in BSDIFF patch
memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength);
pExtraBlock += dwMovDataLength;
dwNewOffset += dwMovDataLength;
// Move the old offset
if(dwOldMoveLength & 0x80000000)
dwOldMoveLength = 0x80000000 - dwOldMoveLength;
dwOldOffset += dwOldMoveLength;
pCtrlBlock += 3;
}
// Free the old file data
FREEMEM(hf->pbFileData);
// Put the new data to the fil structure
hf->pbFileData = pbNewData;
hf->cbFileData = dwNewSize;
return ERROR_SUCCESS;
}
bool WINAPI SFileOpenArchive(
const TCHAR * szMpqName,
DWORD dwPriority,
DWORD dwFlags,
HANDLE * phMpq)
{
TMPQUserData * pUserData;
TFileStream * pStream = NULL; // Open file stream
TMPQArchive * ha = NULL; // Archive handle
TFileEntry * pFileEntry;
ULONGLONG FileSize = 0; // Size of the file
LPBYTE pbHeaderBuffer = NULL; // Buffer for searching MPQ header
DWORD dwStreamFlags = (dwFlags & STREAM_FLAGS_MASK);
bool bIsWarcraft3Map = false;
int nError = ERROR_SUCCESS;
// Verify the parameters
if(szMpqName == NULL || *szMpqName == 0 || phMpq == NULL)
{
SetLastError(ERROR_INVALID_PARAMETER);
return false;
}
// One time initialization of MPQ cryptography
InitializeMpqCryptography();
dwPriority = dwPriority;
// If not forcing MPQ v 1.0, also use file bitmap
dwStreamFlags |= (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) ? 0 : STREAM_FLAG_USE_BITMAP;
// Open the MPQ archive file
pStream = FileStream_OpenFile(szMpqName, dwStreamFlags);
if(pStream == NULL)
return false;
// Check the file size. There must be at least 0x20 bytes
if(nError == ERROR_SUCCESS)
{
FileStream_GetSize(pStream, &FileSize);
if(FileSize < MPQ_HEADER_SIZE_V1)
nError = ERROR_BAD_FORMAT;
}
// Allocate the MPQhandle
if(nError == ERROR_SUCCESS)
{
if((ha = STORM_ALLOC(TMPQArchive, 1)) == NULL)
nError = ERROR_NOT_ENOUGH_MEMORY;
}
// Allocate buffer for searching MPQ header
if(nError == ERROR_SUCCESS)
{
pbHeaderBuffer = STORM_ALLOC(BYTE, HEADER_SEARCH_BUFFER_SIZE);
if(pbHeaderBuffer == NULL)
nError = ERROR_NOT_ENOUGH_MEMORY;
}
// Find the position of MPQ header
if(nError == ERROR_SUCCESS)
{
ULONGLONG SearchOffset = 0;
ULONGLONG EndOfSearch = FileSize;
DWORD dwStrmFlags = 0;
DWORD dwHeaderSize;
DWORD dwHeaderID;
bool bSearchComplete = false;
memset(ha, 0, sizeof(TMPQArchive));
ha->pfnHashString = HashStringSlash;
ha->pStream = pStream;
pStream = NULL;
// Set the archive read only if the stream is read-only
FileStream_GetFlags(ha->pStream, &dwStrmFlags);
ha->dwFlags |= (dwStrmFlags & STREAM_FLAG_READ_ONLY) ? MPQ_FLAG_READ_ONLY : 0;
// Also remember if we shall check sector CRCs when reading file
ha->dwFlags |= (dwFlags & MPQ_OPEN_CHECK_SECTOR_CRC) ? MPQ_FLAG_CHECK_SECTOR_CRC : 0;
// Also remember if this MPQ is a patch
ha->dwFlags |= (dwFlags & MPQ_OPEN_PATCH) ? MPQ_FLAG_PATCH : 0;
// Limit the header searching to about 130 MB of data
if(EndOfSearch > 0x08000000)
EndOfSearch = 0x08000000;
// Find the offset of MPQ header within the file
while(bSearchComplete == false && SearchOffset < EndOfSearch)
{
// Always read at least 0x1000 bytes for performance.
// This is what Storm.dll (2002) does.
DWORD dwBytesAvailable = HEADER_SEARCH_BUFFER_SIZE;
DWORD dwInBufferOffset = 0;
// Cut the bytes available, if needed
if((FileSize - SearchOffset) < HEADER_SEARCH_BUFFER_SIZE)
dwBytesAvailable = (DWORD)(FileSize - SearchOffset);
// Read the eventual MPQ header
if(!FileStream_Read(ha->pStream, &SearchOffset, pbHeaderBuffer, dwBytesAvailable))
{
nError = GetLastError();
break;
}
// There are AVI files from Warcraft III with 'MPQ' extension.
if(SearchOffset == 0)
{
if(IsAviFile((DWORD *)pbHeaderBuffer))
{
nError = ERROR_AVI_FILE;
break;
}
bIsWarcraft3Map = IsWarcraft3Map((DWORD *)pbHeaderBuffer);
}
// Search the header buffer
while(dwInBufferOffset < dwBytesAvailable)
{
// Copy the data from the potential header buffer to the MPQ header
memcpy(ha->HeaderData, pbHeaderBuffer + dwInBufferOffset, sizeof(ha->HeaderData));
// If there is the MPQ user data, process it
// Note that Warcraft III does not check for user data, which is abused by many map protectors
dwHeaderID = BSWAP_INT32_UNSIGNED(ha->HeaderData[0]);
if(bIsWarcraft3Map == false && (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) == 0)
{
if(ha->pUserData == NULL && dwHeaderID == ID_MPQ_USERDATA)
{
// Verify if this looks like a valid user data
pUserData = IsValidMpqUserData(SearchOffset, FileSize, ha->HeaderData);
if(pUserData != NULL)
{
// Fill the user data header
ha->UserDataPos = SearchOffset;
ha->pUserData = &ha->UserData;
memcpy(ha->pUserData, pUserData, sizeof(TMPQUserData));
// Continue searching from that position
SearchOffset += ha->pUserData->dwHeaderOffs;
break;
}
}
}
// There must be MPQ header signature. Note that STORM.dll from Warcraft III actually
// tests the MPQ header size. It must be at least 0x20 bytes in order to load it
// Abused by Spazzler Map protector. Note that the size check is not present
// in Storm.dll v 1.00, so Diablo I code would load the MPQ anyway.
dwHeaderSize = BSWAP_INT32_UNSIGNED(ha->HeaderData[1]);
if(dwHeaderID == ID_MPQ && dwHeaderSize >= MPQ_HEADER_SIZE_V1)
{
// Now convert the header to version 4
nError = ConvertMpqHeaderToFormat4(ha, SearchOffset, FileSize, dwFlags);
bSearchComplete = true;
break;
}
// Check for MPK archives (Longwu Online - MPQ fork)
if(dwHeaderID == ID_MPK)
{
// Now convert the MPK header to MPQ Header version 4
nError = ConvertMpkHeaderToFormat4(ha, FileSize, dwFlags);
bSearchComplete = true;
break;
}
// If searching for the MPQ header is disabled, return an error
if(dwFlags & MPQ_OPEN_NO_HEADER_SEARCH)
{
nError = ERROR_NOT_SUPPORTED;
bSearchComplete = true;
break;
}
// Move the pointers
SearchOffset += 0x200;
dwInBufferOffset += 0x200;
}
}
// Did we identify one of the supported headers?
if(nError == ERROR_SUCCESS)
{
// Set the user data position to the MPQ header, if none
if(ha->pUserData == NULL)
ha->UserDataPos = SearchOffset;
// Set the position of the MPQ header
ha->pHeader = (TMPQHeader *)ha->HeaderData;
ha->MpqPos = SearchOffset;
ha->FileSize = FileSize;
// Sector size must be nonzero.
if(SearchOffset >= FileSize || ha->pHeader->wSectorSize == 0)
nError = ERROR_BAD_FORMAT;
}
}
// Fix table positions according to format
if(nError == ERROR_SUCCESS)
{
// Dump the header
// DumpMpqHeader(ha->pHeader);
// W3x Map Protectors use the fact that War3's Storm.dll ignores the MPQ user data,
// and ignores the MPQ format version as well. The trick is to
// fake MPQ format 2, with an improper hi-word position of hash table and block table
// We can overcome such protectors by forcing opening the archive as MPQ v 1.0
if(dwFlags & MPQ_OPEN_FORCE_MPQ_V1)
{
ha->pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1;
ha->pHeader->dwHeaderSize = MPQ_HEADER_SIZE_V1;
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
ha->pUserData = NULL;
}
// Both MPQ_OPEN_NO_LISTFILE or MPQ_OPEN_NO_ATTRIBUTES trigger read only mode
if(dwFlags & (MPQ_OPEN_NO_LISTFILE | MPQ_OPEN_NO_ATTRIBUTES))
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
// Remember whether whis is a map for Warcraft III
if(bIsWarcraft3Map)
ha->dwFlags |= MPQ_FLAG_WAR3_MAP;
// Set the size of file sector
ha->dwSectorSize = (0x200 << ha->pHeader->wSectorSize);
// Verify if any of the tables doesn't start beyond the end of the file
nError = VerifyMpqTablePositions(ha, FileSize);
}
// Read the hash table. Ignore the result, as hash table is no longer required
// Read HET table. Ignore the result, as HET table is no longer required
if(nError == ERROR_SUCCESS)
{
nError = LoadAnyHashTable(ha);
}
// Now, build the file table. It will be built by combining
// the block table, BET table, hi-block table, (attributes) and (listfile).
if(nError == ERROR_SUCCESS)
{
nError = BuildFileTable(ha);
}
// Load the internal listfile and include it to the file table
if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_LISTFILE) == 0)
{
// Quick check for (listfile)
pFileEntry = GetFileEntryLocale(ha, LISTFILE_NAME, LANG_NEUTRAL);
if(pFileEntry != NULL)
{
// Ignore result of the operation. (listfile) is optional.
SFileAddListFile((HANDLE)ha, NULL);
ha->dwFileFlags1 = pFileEntry->dwFlags;
}
}
// Load the "(attributes)" file and merge it to the file table
if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_ATTRIBUTES) == 0 && (ha->dwFlags & MPQ_FLAG_BLOCK_TABLE_CUT) == 0)
{
// Quick check for (attributes)
pFileEntry = GetFileEntryLocale(ha, ATTRIBUTES_NAME, LANG_NEUTRAL);
if(pFileEntry != NULL)
{
// Ignore result of the operation. (attributes) is optional.
SAttrLoadAttributes(ha);
ha->dwFileFlags2 = pFileEntry->dwFlags;
}
}
// Remember whether the archive has weak signature. Only for MPQs format 1.0.
if(nError == ERROR_SUCCESS)
{
// Quick check for (signature)
pFileEntry = GetFileEntryLocale(ha, SIGNATURE_NAME, LANG_NEUTRAL);
if(pFileEntry != NULL)
{
// Just remember that the archive is weak-signed
assert((pFileEntry->dwFlags & MPQ_FILE_EXISTS) != 0);
ha->dwFileFlags3 = pFileEntry->dwFlags;
}
// Finally, set the MPQ_FLAG_READ_ONLY if the MPQ was found malformed
ha->dwFlags |= (ha->dwFlags & MPQ_FLAG_MALFORMED) ? MPQ_FLAG_READ_ONLY : 0;
}
// Cleanup and exit
if(nError != ERROR_SUCCESS)
{
FileStream_Close(pStream);
FreeArchiveHandle(ha);
SetLastError(nError);
ha = NULL;
}
// Free the header buffer
if(pbHeaderBuffer != NULL)
STORM_FREE(pbHeaderBuffer);
if(phMpq != NULL)
*phMpq = ha;
return (nError == ERROR_SUCCESS);
}
BOOL SFileOpenArchiveEx(
const char * szMpqName,
DWORD dwPriority,
DWORD dwFlags,
HANDLE * phMPQ,
DWORD dwAccessMode)
{
LARGE_INTEGER TempPos;
TMPQArchive * ha = NULL; // Archive handle
HANDLE hFile = INVALID_HANDLE_VALUE;// Opened archive file handle
DWORD dwMaxBlockIndex = 0; // Maximum value of block entry
DWORD dwBlockTableSize = 0; // Block table size.
DWORD dwTransferred; // Number of bytes read
DWORD dwBytes = 0; // Number of bytes to read
int nError = ERROR_SUCCESS;
// Check the right parameters
if(nError == ERROR_SUCCESS)
{
if(szMpqName == NULL || *szMpqName == 0 || phMPQ == NULL)
nError = ERROR_INVALID_PARAMETER;
}
// Ensure that StormBuffer is allocated
if(nError == ERROR_SUCCESS)
nError = PrepareStormBuffer();
// Open the MPQ archive file
if(nError == ERROR_SUCCESS)
{
hFile = CreateFile(szMpqName, dwAccessMode, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if(hFile == INVALID_HANDLE_VALUE)
nError = GetLastError();
}
// Allocate the MPQhandle
if(nError == ERROR_SUCCESS)
{
if((ha = ALLOCMEM(TMPQArchive, 1)) == NULL)
nError = ERROR_NOT_ENOUGH_MEMORY;
}
// Initialize handle structure and allocate structure for MPQ header
if(nError == ERROR_SUCCESS)
{
memset(ha, 0, sizeof(TMPQArchive));
strncpy(ha->szFileName, szMpqName, strlen(szMpqName));
ha->hFile = hFile;
ha->dwPriority = dwPriority;
ha->pHeader = &ha->Header;
ha->pListFile = NULL;
hFile = INVALID_HANDLE_VALUE;
}
// Find the offset of MPQ header within the file
if(nError == ERROR_SUCCESS)
{
LARGE_INTEGER SearchPos = {0};
LARGE_INTEGER MpqPos = {0};
DWORD dwHeaderID;
for(;;)
{
// Invalidate the MPQ ID and read the eventual header
SetFilePointer(ha->hFile, MpqPos.LowPart, &MpqPos.HighPart, FILE_BEGIN);
ReadFile(ha->hFile, ha->pHeader, sizeof(TMPQHeader2), &dwTransferred, NULL);
dwHeaderID = BSWAP_INT32_UNSIGNED(ha->pHeader->dwID);
// Special check : Some MPQs are actually AVI files, only with
// changed extension.
if(MpqPos.QuadPart == 0 && IsAviFile(ha->pHeader))
{
nError = ERROR_AVI_FILE;
break;
}
// If different number of bytes read, break the loop
if(dwTransferred != sizeof(TMPQHeader2))
{
nError = ERROR_BAD_FORMAT;
break;
}
// If there is the MPQ shunt signature, process it
if(dwHeaderID == ID_MPQ_SHUNT && ha->pShunt == NULL)
{
// Fill the shunt header
ha->ShuntPos = MpqPos;
ha->pShunt = &ha->Shunt;
memcpy(ha->pShunt, ha->pHeader, sizeof(TMPQShunt));
BSWAP_TMPQSHUNT(ha->pShunt);
// Set the MPQ pos and repeat the search
MpqPos.QuadPart = SearchPos.QuadPart + ha->pShunt->dwHeaderPos;
continue;
}
// There must be MPQ header signature
if(dwHeaderID == ID_MPQ)
{
BSWAP_TMPQHEADER(ha->pHeader);
// Save the position where the MPQ header has been found
ha->MpqPos = MpqPos;
// If valid signature has been found, break the loop
if(ha->pHeader->wFormatVersion == MPQ_FORMAT_VERSION_1)
{
// W3M Map Protectors set some garbage value into the "dwHeaderSize"
// field of MPQ header. This value is apparently ignored by Storm.dll
if(ha->pHeader->dwHeaderSize != sizeof(TMPQHeader) &&
ha->pHeader->dwHeaderSize != sizeof(TMPQHeader2))
{
ha->dwFlags |= MPQ_FLAG_PROTECTED;
ha->pHeader->dwHeaderSize = sizeof(TMPQHeader);
}
if(ha->pHeader->dwHashTablePos < ha->pHeader->dwArchiveSize &&
ha->pHeader->dwBlockTablePos < ha->pHeader->dwArchiveSize)
{
break;
}
}
if(ha->pHeader->wFormatVersion == MPQ_FORMAT_VERSION_2)
{
break;
}
nError = ERROR_NOT_SUPPORTED;
break;
}
// If a MPQ shunt already has been found,
// and no MPQ header was at potision pointed by the shunt,
// then the archive is corrupt
if(ha->pShunt != NULL)
{
nError = ERROR_BAD_FORMAT;
break;
}
// Move to the next possible offset
SearchPos.QuadPart += 0x200;
MpqPos = SearchPos;
}
}
// Relocate tables position
if(nError == ERROR_SUCCESS)
{
// Clear the fields not supported in older formats
if(ha->pHeader->wFormatVersion < MPQ_FORMAT_VERSION_2)
{
ha->pHeader->ExtBlockTablePos.QuadPart = 0;
ha->pHeader->wBlockTablePosHigh = 0;
ha->pHeader->wHashTablePosHigh = 0;
}
ha->dwBlockSize = (0x200 << ha->pHeader->wBlockSize);
nError = RelocateMpqTablePositions(ha);
}
// Allocate buffers
if(nError == ERROR_SUCCESS)
{
//
// Note that the block table should be as large as the hash table
// (For later file additions).
//
// I have found a MPQ which has the block table larger than
// the hash table. We should avoid buffer overruns caused by that.
//
dwBlockTableSize = max(ha->pHeader->dwHashTableSize, ha->pHeader->dwBlockTableSize);
ha->pHashTable = ALLOCMEM(TMPQHash, ha->pHeader->dwHashTableSize);
ha->pBlockTable = ALLOCMEM(TMPQBlock, dwBlockTableSize);
ha->pExtBlockTable = ALLOCMEM(TMPQBlockEx, dwBlockTableSize);
ha->pbBlockBuffer = ALLOCMEM(BYTE, ha->dwBlockSize);
if(!ha->pHashTable || !ha->pBlockTable || !ha->pExtBlockTable || !ha->pbBlockBuffer)
nError = ERROR_NOT_ENOUGH_MEMORY;
}
// Read the hash table into memory
if(nError == ERROR_SUCCESS)
{
dwBytes = ha->pHeader->dwHashTableSize * sizeof(TMPQHash);
SetFilePointer(ha->hFile, ha->HashTablePos.LowPart, &ha->HashTablePos.HighPart, FILE_BEGIN);
ReadFile(ha->hFile, ha->pHashTable, dwBytes, &dwTransferred, NULL);
if(dwTransferred != dwBytes)
nError = ERROR_FILE_CORRUPT;
}
// Decrypt hash table and check if it is correctly decrypted
if(nError == ERROR_SUCCESS)
{
TMPQHash * pHashEnd = ha->pHashTable + ha->pHeader->dwHashTableSize;
TMPQHash * pHash;
// We have to convert the hash table from LittleEndian
BSWAP_ARRAY32_UNSIGNED((DWORD *)ha->pHashTable, (dwBytes / sizeof(DWORD)));
DecryptHashTable((DWORD *)ha->pHashTable, (BYTE *)"(hash table)", (ha->pHeader->dwHashTableSize * 4));
// Check hash table if is correctly decrypted
for(pHash = ha->pHashTable; pHash < pHashEnd; pHash++)
{
// Note: Some MPQs from World of Warcraft have wPlatform set to 0x0100.
// If not free or deleted hash entry, check for valid values
if(pHash->dwBlockIndex < HASH_ENTRY_DELETED)
{
// The block index should not be larger than size of the block table
if(pHash->dwBlockIndex > ha->pHeader->dwBlockTableSize)
{
nError = ERROR_BAD_FORMAT;
break;
}
// Remember the highest block table entry
if(pHash->dwBlockIndex > dwMaxBlockIndex)
dwMaxBlockIndex = pHash->dwBlockIndex;
}
}
}
// Now, read the block table
if(nError == ERROR_SUCCESS)
{
memset(ha->pBlockTable, 0, dwBlockTableSize * sizeof(TMPQBlock));
dwBytes = ha->pHeader->dwBlockTableSize * sizeof(TMPQBlock);
SetFilePointer(ha->hFile, ha->BlockTablePos.LowPart, &ha->BlockTablePos.HighPart, FILE_BEGIN);
ReadFile(ha->hFile, ha->pBlockTable, dwBytes, &dwTransferred, NULL);
// We have to convert every DWORD in ha->block from LittleEndian
BSWAP_ARRAY32_UNSIGNED((DWORD *)ha->pBlockTable, dwBytes / sizeof(DWORD));
if(dwTransferred != dwBytes)
nError = ERROR_FILE_CORRUPT;
}
// Decrypt block table.
// Some MPQs don't have Decrypted block table, e.g. cracked Diablo version
// We have to check if block table is really encrypted
if(nError == ERROR_SUCCESS)
{
TMPQBlock * pBlockEnd = ha->pBlockTable + ha->pHeader->dwBlockTableSize;
TMPQBlock * pBlock = ha->pBlockTable;
BOOL bBlockTableEncrypted = FALSE;
// Verify all blocks entries in the table
// The loop usually stops at the first entry
while(pBlock < pBlockEnd)
{
// The lower 8 bits of the MPQ flags are always zero.
// Note that this may change in next MPQ versions
if(pBlock->dwFlags & 0x000000FF)
{
bBlockTableEncrypted = TRUE;
break;
}
// Move to the next block table entry
pBlock++;
}
if(bBlockTableEncrypted)
{
DecryptBlockTable((DWORD *)ha->pBlockTable,
(BYTE *)"(block table)",
(ha->pHeader->dwBlockTableSize * 4));
}
}
// Now, read the extended block table.
// For V1 archives, we still will maintain the extended block table
// (it will be filled with zeros)
// TODO: Test with >4GB
if(nError == ERROR_SUCCESS)
{
memset(ha->pExtBlockTable, 0, dwBlockTableSize * sizeof(TMPQBlockEx));
if(ha->pHeader->ExtBlockTablePos.QuadPart != 0)
{
dwBytes = ha->pHeader->dwBlockTableSize * sizeof(TMPQBlockEx);
SetFilePointer(ha->hFile,
ha->ExtBlockTablePos.LowPart,
&ha->ExtBlockTablePos.HighPart,
FILE_BEGIN);
ReadFile(ha->hFile, ha->pExtBlockTable, dwBytes, &dwTransferred, NULL);
// We have to convert every DWORD in ha->block from LittleEndian
BSWAP_ARRAY16_UNSIGNED((USHORT *)ha->pExtBlockTable, dwBytes / sizeof(USHORT));
// The extended block table is not encrypted (so far)
if(dwTransferred != dwBytes)
nError = ERROR_FILE_CORRUPT;
}
}
// Verify the both block tables (If the MPQ file is not protected)
if(nError == ERROR_SUCCESS && (ha->dwFlags & MPQ_FLAG_PROTECTED) == 0)
{
TMPQBlockEx * pBlockEx = ha->pExtBlockTable;
TMPQBlock * pBlockEnd = ha->pBlockTable + dwMaxBlockIndex + 1;
TMPQBlock * pBlock = ha->pBlockTable;
// If the MPQ file is not protected,
// we will check if all sizes in the block table is correct.
// Note that we will not relocate the block table (change from previous versions)
for(; pBlock < pBlockEnd; pBlock++, pBlockEx++)
{
if(pBlock->dwFlags & MPQ_FILE_EXISTS)
{
// Get the 64-bit file position
TempPos.HighPart = pBlockEx->wFilePosHigh;
TempPos.LowPart = pBlock->dwFilePos;
if(TempPos.QuadPart > ha->MpqSize.QuadPart || pBlock->dwCSize > ha->MpqSize.QuadPart)
{
nError = ERROR_BAD_FORMAT;
break;
}
}
}
}
// If the user didn't specified otherwise,
// include the internal listfile to the TMPQArchive structure
if((dwFlags & MPQ_OPEN_NO_LISTFILE) == 0)
{
if(nError == ERROR_SUCCESS)
SListFileCreateListFile(ha);
// Add the internal listfile
if(nError == ERROR_SUCCESS)
SFileAddListFile((HANDLE)ha, NULL);
}
// Cleanup and exit
if(nError != ERROR_SUCCESS)
{
FreeMPQArchive(ha);
if(hFile != INVALID_HANDLE_VALUE)
CloseHandle(hFile);
SetLastError(nError);
}
else
{
if(pFirstOpen == NULL)
pFirstOpen = ha;
}
*phMPQ = ha;
return (nError == ERROR_SUCCESS);
}
bool WINAPI SFileOpenArchive(
const TCHAR * szMpqName,
DWORD dwPriority,
DWORD dwFlags,
HANDLE * phMpq)
{
TMPQUserData * pUserData;
TFileStream * pStream = NULL; // Open file stream
TMPQArchive * ha = NULL; // Archive handle
TFileEntry * pFileEntry;
ULONGLONG FileSize = 0; // Size of the file
int nError = ERROR_SUCCESS;
// Verify the parameters
if(szMpqName == NULL || *szMpqName == 0 || phMpq == NULL)
nError = ERROR_INVALID_PARAMETER;
// One time initialization of MPQ cryptography
InitializeMpqCryptography();
dwPriority = dwPriority;
// Open the MPQ archive file
if(nError == ERROR_SUCCESS)
{
DWORD dwStreamFlags = (dwFlags & STREAM_FLAGS_MASK);
// If not forcing MPQ v 1.0, also use file bitmap
dwStreamFlags |= (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) ? 0 : STREAM_FLAG_USE_BITMAP;
// Initialize the stream
pStream = FileStream_OpenFile(szMpqName, dwStreamFlags);
if(pStream == NULL)
nError = GetLastError();
}
// Check the file size. There must be at least 0x20 bytes
if(nError == ERROR_SUCCESS)
{
FileStream_GetSize(pStream, &FileSize);
if(FileSize < MPQ_HEADER_SIZE_V1)
nError = ERROR_BAD_FORMAT;
}
// Allocate the MPQhandle
if(nError == ERROR_SUCCESS)
{
if((ha = STORM_ALLOC(TMPQArchive, 1)) == NULL)
nError = ERROR_NOT_ENOUGH_MEMORY;
}
// Initialize handle structure and allocate structure for MPQ header
if(nError == ERROR_SUCCESS)
{
ULONGLONG SearchOffset = 0;
DWORD dwStreamFlags = 0;
DWORD dwHeaderSize;
DWORD dwHeaderID;
memset(ha, 0, sizeof(TMPQArchive));
ha->pfnHashString = HashString;
ha->pStream = pStream;
pStream = NULL;
// Set the archive read only if the stream is read-only
FileStream_GetFlags(ha->pStream, &dwStreamFlags);
ha->dwFlags |= (dwStreamFlags & STREAM_FLAG_READ_ONLY) ? MPQ_FLAG_READ_ONLY : 0;
// Also remember if we shall check sector CRCs when reading file
if(dwFlags & MPQ_OPEN_CHECK_SECTOR_CRC)
ha->dwFlags |= MPQ_FLAG_CHECK_SECTOR_CRC;
// Find the offset of MPQ header within the file
while(SearchOffset < FileSize)
{
DWORD dwBytesAvailable = MPQ_HEADER_SIZE_V4;
// Cut the bytes available, if needed
if((FileSize - SearchOffset) < MPQ_HEADER_SIZE_V4)
dwBytesAvailable = (DWORD)(FileSize - SearchOffset);
// Read the eventual MPQ header
if(!FileStream_Read(ha->pStream, &SearchOffset, ha->HeaderData, dwBytesAvailable))
{
nError = GetLastError();
break;
}
// There are AVI files from Warcraft III with 'MPQ' extension.
if(SearchOffset == 0 && IsAviFile(ha->HeaderData))
{
nError = ERROR_AVI_FILE;
break;
}
// If there is the MPQ user data signature, process it
dwHeaderID = BSWAP_INT32_UNSIGNED(ha->HeaderData[0]);
if(dwHeaderID == ID_MPQ_USERDATA && ha->pUserData == NULL && (dwFlags & MPQ_OPEN_FORCE_MPQ_V1) == 0)
{
// Verify if this looks like a valid user data
pUserData = IsValidMpqUserData(SearchOffset, FileSize, ha->HeaderData);
if(pUserData != NULL)
{
// Fill the user data header
ha->UserDataPos = SearchOffset;
ha->pUserData = &ha->UserData;
memcpy(ha->pUserData, pUserData, sizeof(TMPQUserData));
// Continue searching from that position
SearchOffset += ha->pUserData->dwHeaderOffs;
continue;
}
}
// There must be MPQ header signature. Note that STORM.dll from Warcraft III actually
// tests the MPQ header size. It must be at least 0x20 bytes in order to load it
// Abused by Spazzler Map protector. Note that the size check is not present
// in Storm.dll v 1.00, so Diablo I code would load the MPQ anyway.
dwHeaderSize = BSWAP_INT32_UNSIGNED(ha->HeaderData[1]);
if(dwHeaderID == ID_MPQ && dwHeaderSize >= MPQ_HEADER_SIZE_V1)
{
// Now convert the header to version 4
nError = ConvertMpqHeaderToFormat4(ha, SearchOffset, FileSize, dwFlags);
break;
}
// Check for MPK archives (Longwu Online - MPQ fork)
if(dwHeaderID == ID_MPK)
{
// Now convert the MPK header to MPQ Header version 4
nError = ConvertMpkHeaderToFormat4(ha, FileSize, dwFlags);
break;
}
// If searching for the MPQ header is disabled, return an error
if(dwFlags & MPQ_OPEN_NO_HEADER_SEARCH)
{
nError = ERROR_NOT_SUPPORTED;
break;
}
// Move to the next possible offset
SearchOffset += 0x200;
}
// Did we identify one of the supported headers?
if(nError == ERROR_SUCCESS)
{
// Set the user data position to the MPQ header, if none
if(ha->pUserData == NULL)
ha->UserDataPos = SearchOffset;
// Set the position of the MPQ header
ha->pHeader = (TMPQHeader *)ha->HeaderData;
ha->MpqPos = SearchOffset;
// Sector size must be nonzero.
if(SearchOffset >= FileSize || ha->pHeader->wSectorSize == 0)
nError = ERROR_BAD_FORMAT;
}
}
// Fix table positions according to format
if(nError == ERROR_SUCCESS)
{
// Dump the header
// DumpMpqHeader(ha->pHeader);
// W3x Map Protectors use the fact that War3's Storm.dll ignores the MPQ user data,
// and ignores the MPQ format version as well. The trick is to
// fake MPQ format 2, with an improper hi-word position of hash table and block table
// We can overcome such protectors by forcing opening the archive as MPQ v 1.0
if(dwFlags & MPQ_OPEN_FORCE_MPQ_V1)
{
ha->pHeader->wFormatVersion = MPQ_FORMAT_VERSION_1;
ha->pHeader->dwHeaderSize = MPQ_HEADER_SIZE_V1;
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
ha->pUserData = NULL;
}
// Both MPQ_OPEN_NO_LISTFILE or MPQ_OPEN_NO_ATTRIBUTES trigger read only mode
if(dwFlags & (MPQ_OPEN_NO_LISTFILE | MPQ_OPEN_NO_ATTRIBUTES))
ha->dwFlags |= MPQ_FLAG_READ_ONLY;
// Set the size of file sector
ha->dwSectorSize = (0x200 << ha->pHeader->wSectorSize);
// Verify if any of the tables doesn't start beyond the end of the file
nError = VerifyMpqTablePositions(ha, FileSize);
}
// Read the hash table. Ignore the result, as hash table is no longer required
// Read HET table. Ignore the result, as HET table is no longer required
if(nError == ERROR_SUCCESS)
{
nError = LoadAnyHashTable(ha);
}
// Now, build the file table. It will be built by combining
// the block table, BET table, hi-block table, (attributes) and (listfile).
if(nError == ERROR_SUCCESS)
{
nError = BuildFileTable(ha);
}
// Verify the file table, if no kind of malformation was detected
if(nError == ERROR_SUCCESS && (ha->dwFlags & MPQ_FLAG_MALFORMED) == 0)
{
TFileEntry * pFileTableEnd = ha->pFileTable + ha->dwFileTableSize;
ULONGLONG RawFilePos;
// Parse all file entries
for(pFileEntry = ha->pFileTable; pFileEntry < pFileTableEnd; pFileEntry++)
{
// If that file entry is valid, check the file position
if(pFileEntry->dwFlags & MPQ_FILE_EXISTS)
{
// Get the 64-bit file position,
// relative to the begin of the file
RawFilePos = ha->MpqPos + pFileEntry->ByteOffset;
// Begin of the file must be within range
if(RawFilePos > FileSize)
{
nError = ERROR_FILE_CORRUPT;
break;
}
// End of the file must be within range
RawFilePos += pFileEntry->dwCmpSize;
if(RawFilePos > FileSize)
{
nError = ERROR_FILE_CORRUPT;
break;
}
}
}
}
// Load the internal listfile and include it to the file table
if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_LISTFILE) == 0)
{
// Save the flags for (listfile)
pFileEntry = GetFileEntryLocale(ha, LISTFILE_NAME, LANG_NEUTRAL);
if(pFileEntry != NULL)
{
// Ignore result of the operation. (listfile) is optional.
SFileAddListFile((HANDLE)ha, NULL);
ha->dwFileFlags1 = pFileEntry->dwFlags;
}
}
// Load the "(attributes)" file and merge it to the file table
if(nError == ERROR_SUCCESS && (dwFlags & MPQ_OPEN_NO_ATTRIBUTES) == 0)
{
// Save the flags for (attributes)
pFileEntry = GetFileEntryLocale(ha, ATTRIBUTES_NAME, LANG_NEUTRAL);
if(pFileEntry != NULL)
{
// Ignore result of the operation. (attributes) is optional.
SAttrLoadAttributes(ha);
ha->dwFileFlags2 = pFileEntry->dwFlags;
}
}
// Cleanup and exit
if(nError != ERROR_SUCCESS)
{
FileStream_Close(pStream);
FreeMPQArchive(ha);
SetLastError(nError);
ha = NULL;
}
*phMpq = ha;
return (nError == ERROR_SUCCESS);
}
static int ApplyFilePatch_BSD0(
TMPQPatcher * pPatcher,
PMPQ_PATCH_HEADER pFullPatch,
unsigned char * pbTarget,
unsigned char * pbSource)
{
PBLIZZARD_BSDIFF40_FILE pBsdiff;
PBSDIFF_CTRL_BLOCK pCtrlBlock;
unsigned char * pbPatchData = (unsigned char *)(pFullPatch + 1);
unsigned char * pDataBlock;
unsigned char * pExtraBlock;
unsigned char * pbOldData = pbSource;
unsigned char * pbNewData = pbTarget;
uint32_t dwCombineSize;
uint32_t dwNewOffset = 0; /* Current position to patch */
uint32_t dwOldOffset = 0; /* Current source position */
uint32_t dwNewSize; /* Patched file size */
uint32_t dwOldSize = pPatcher->cbFileData; /* File size before patch */
/* Get pointer to the patch header */
/* Format of BSDIFF header corresponds to original BSDIFF, which is: */
/* 0000 8 bytes signature "BSDIFF40" */
/* 0008 8 bytes size of the control block */
/* 0010 8 bytes size of the data block */
/* 0018 8 bytes new size of the patched file */
pBsdiff = (PBLIZZARD_BSDIFF40_FILE)pbPatchData;
pbPatchData += sizeof(BLIZZARD_BSDIFF40_FILE);
/* Get pointer to the 32-bit BSDIFF control block */
/* The control block follows immediately after the BSDIFF header */
/* and consists of three 32-bit integers */
/* 0000 4 bytes Length to copy from the BSDIFF data block the new file */
/* 0004 4 bytes Length to copy from the BSDIFF extra block */
/* 0008 4 bytes Size to increment source file offset */
pCtrlBlock = (PBSDIFF_CTRL_BLOCK)pbPatchData;
pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->CtrlBlockSize);
/* Get the pointer to the data block */
pDataBlock = (unsigned char *)pbPatchData;
pbPatchData += (size_t)BSWAP_INT64_UNSIGNED(pBsdiff->DataBlockSize);
/* Get the pointer to the extra block */
pExtraBlock = (unsigned char *)pbPatchData;
dwNewSize = (uint32_t)BSWAP_INT64_UNSIGNED(pBsdiff->NewFileSize);
/* Now patch the file */
while(dwNewOffset < dwNewSize)
{
uint32_t dwAddDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwAddDataLength);
uint32_t dwMovDataLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwMovDataLength);
uint32_t dwOldMoveLength = BSWAP_INT32_UNSIGNED(pCtrlBlock->dwOldMoveLength);
uint32_t i;
/* Sanity check */
if((dwNewOffset + dwAddDataLength) > dwNewSize)
return ERROR_FILE_CORRUPT;
/* Read the diff string to the target buffer */
memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength);
pDataBlock += dwAddDataLength;
/* Get the longest block that we can combine */
dwCombineSize = ((dwOldOffset + dwAddDataLength) >= dwOldSize) ? (dwOldSize - dwOldOffset) : dwAddDataLength;
/* Now combine the patch data with the original file */
for(i = 0; i < dwCombineSize; i++)
pbNewData[dwNewOffset + i] = pbNewData[dwNewOffset + i] + pbOldData[dwOldOffset + i];
/* Move the offsets */
dwNewOffset += dwAddDataLength;
dwOldOffset += dwAddDataLength;
/* Sanity check */
if((dwNewOffset + dwMovDataLength) > dwNewSize)
return ERROR_FILE_CORRUPT;
/* Copy the data from the extra block in BSDIFF patch */
memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength);
pExtraBlock += dwMovDataLength;
dwNewOffset += dwMovDataLength;
/* Move the old offset */
if(dwOldMoveLength & 0x80000000)
dwOldMoveLength = 0x80000000 - dwOldMoveLength;
dwOldOffset += dwOldMoveLength;
pCtrlBlock++;
}
/* The size after patch must match */
if(dwNewOffset != pFullPatch->dwSizeAfterPatch)
return ERROR_FILE_CORRUPT;
/* Update the new data size */
pPatcher->cbFileData = dwNewOffset;
return ERROR_SUCCESS;
}
