This my method of creating an unbanner.
I created my own proxy DLL for hooking the IDirectPlay8Client interface, and then used OutputDebugStringEx() [my own OutputDebugString()- that takes format string specifiers] to reverse engineer the first few packets being sent off when an attempt is made to connect to a server the player is banned on.
#define BAN_ID 0x4B
#pragma pack(1)
typedef struct _VC_MSG
{
USHORT usUnknown;
BYTE byMsgID;
} VC_MSG, *PVC_MSG;
typedef struct _SBAN_DATA
{
VC_MSG vcMsg;
CLSID CLSID_MachineGUID;
} SBAN_DATA, *PSBAN_DATA;
HRESULT STDMETHODCALLTYPE hkIDirectPlay8Client::Send(const DPN_BUFFER_DESC *const prgBufferDesc, const DWORD cBufferDesc, const DWORD dwTimeOut, void *const pvAsyncContext, DPNHANDLE *const phAsyncHandle, const DWORD dwFlags)
{
PVC_MSG pVCMsg = (PVC_MSG)prgBufferDesc->pBufferData;
switch(pVCMsg->byMsgID)
{
case BAN_ID:
{
srand(time(NULL));
USES_CONVERSION;
CLSID CLSID_RandMachineGUID;
CLSID_RandMachineGUID.Data1 = (unsigned long)rand();
CLSID_RandMachineGUID.Data2 = (unsigned short)rand();
CLSID_RandMachineGUID.Data3 = (unsigned short)rand();
for (DWORD i = 0; i < sizeof(CLSID_RandMachineGUID.Data4); i++)
{
CLSID_RandMachineGUID.Data4 = (unsigned char)(rand() % 256);
}
PSBAN_DATA pBanData = (PSBAN_DATA)prgBufferDesc->pBufferData;
memcpy(pBanData->CLSID_MachineGUID, &CLSID_RandMachineGUID, sizeof(CLSID_RandMachineGUID));
break;
}
}
return m_pdPlay8Client->Send(prgBufferDesc, cBufferDesc, dwTimeOut, pvAsyncContext, phAsyncHandle, dwFlags);
}
}