[Guide] New form of how to use L2walker again in Dragon-Network

iambored · May 7, 2007

funny shit.

i made the 2nd dll. dunno who leaked it. i left some "signature" inside.

i can just say there's nothing bad inside.

funny is also that by saying that and being my first post, no one will download it now, cuz "brr HE NOT ONE OF US, MUST BE EVIL brr"

muahah.........

anyway the bigger one is just bigger cuz its based on a more recent version of drake's dll that allow dual box. and drake probably added some more code, which i didn't even bother to lookup, since my own dll works fine.

finally, don't trust your computer firewall so much. you'd better trust an external one. i could make the dll manipulate your firewall (or actually the kernel) and you wouldn't see it, as long as you run l2 with administrator rights (=like everyone)

anyway, its just a game ::)

Gyotto · May 7, 2007

Be Carefull...

IAMBORED pls post entire open code of your 160 Kb DLL...... !!!

sicky · May 7, 2007

funny shit.

i made the 2nd dll. dunno who leaked it. i left some "signature" inside.

i can just say there's nothing bad inside.

funny is also that by saying that and being my first post, no one will download it now, cuz "brr HE NOT ONE OF US, MUST BE EVIL brr"

muahah.........

anyway the bigger one is just bigger cuz its based on a more recent version of drake's dll that allow dual box. and drake probably added some more code, which i didn't even bother to lookup, since my own dll works fine.

finally, don't trust your computer firewall so much. you'd better trust an external one. i could make the dll manipulate your firewall (or actually the kernel) and you wouldn't see it, as long as you run l2 with administrator rights (=like everyone)

anyway, its just a game ::)

Eheheh... yeah you are true... the software firewall are not so sure... but outpost ask me what to do even if the system is asking for internet access... of course if u have the knowledge all the firewall can be bypassed... even an external linux box...

But however i can sniff packets sent by the PC if i have another in the same net... but im waiting to try your dll coz i hate this work... i prefer to wait and see if anyone got hacked by your dll :P

iambored · May 8, 2007

Be Carefull...

IAMBORED pls post entire open code of your 160 Kb DLL...... !!!

i don't have no 160kb dll.. this is just the one you have on the 2nd link.. 67K packed 166K unpacked if i remember right.

there's no such "code". the code is the dll lol. Just disassemble it. then you get asm. then you figure out what it does, and change it with an hex editor in the dll file. It's how i modify it anyway.

anyway.. just funny to see it up there ^^

Gyotto · May 8, 2007

Be Carefull...

IAMBORED pls post entire open code of your 160 Kb DLL...... !!!

i don't have no 160kb dll.. this is just the one you have on the 2nd link.. 67K packed 166K unpacked if i remember right.

there's no such "code". the code is the dll lol. Just disassemble it. then you get asm. then you figure out what it does, and change it with an hex editor in the dll file. It's how i modify it anyway.

anyway.. just funny to see it up there ^^

IAMBORED

Yes man !!

Your work is very good and we all are botting now thanx to your dll.

but as you know there are continue account hacks and my asshole is 1 micron diameter in this period.... :)

I meant that you please could explain us what modify you did on the dll. Im not a coder so i couldnt do it by myself.

I thought that your dll was the 160k one. So please can you gimme a direct link for your 67 kb dll ??? I cannot download it fron FILEFRONT.

And... sorry for my bad english.

x.3ller · May 8, 2007

yep pls share again that dll with 67kb size

lion · May 8, 2007

Some moderador (coder) could deep check this file for us ? plssss :(

Soviete · May 8, 2007

;----------------------------------------------------------------------------------------------------

; Exports

;

Index: 1 Name: AttachMe

;

;----------------------------------------------------------------------------------------------------

; Imports from oleaut32.dll

;

extrn SysFreeString

extrn SysReAllocStringLen

extrn SysAllocStringLen

;

; Imports from advapi32.dll

;

extrn RegQueryValueExA

extrn RegOpenKeyExA

extrn RegCloseKey

;

; Imports from user32.dll

;

extrn GetKeyboardType

extrn DestroyWindow

extrn LoadStringA

extrn MessageBoxA

extrn CharNextA

;

; Imports from kernel32.dll

;

extrn GetACP

extrn Sleep

extrn VirtualFree

extrn VirtualAlloc

extrn GetTickCount

extrn QueryPerformanceCounter

extrn GetCurrentThreadId

extrn InterlockedDecrement

extrn InterlockedIncrement

extrn VirtualQuery

extrn WideCharToMultiByte

extrn MultiByteToWideChar

extrn lstrlen

extrn lstrcpyn

extrn LoadLibraryExA

extrn GetThreadLocale

extrn GetStartupInfoA

extrn GetProcAddress

extrn GetModuleHandleA

extrn GetModuleFileNameA

extrn GetLocaleInfoA

extrn GetCommandLineA

extrn FreeLibrary

extrn FindFirstFileA

extrn FindClose

extrn ExitProcess

extrn ExitThread

extrn CreateThread

extrn CompareStringA

extrn WriteFile

extrn UnhandledExceptionFilter

extrn RtlUnwind

extrn RaiseException

extrn GetStdHandle

;

; Imports from kernel32.dll

;

extrn TlsSetValue

extrn TlsGetValue

extrn TlsFree

extrn TlsAlloc

extrn LocalFree

extrn LocalAlloc

;

; Imports from user32.dll

;

extrn PeekMessageA

extrn MsgWaitForMultipleObjects

extrn MessageBoxA

extrn LoadStringA

extrn GetSystemMetrics

extrn CharNextA

extrn CharToOemA

;

; Imports from kernel32.dll

;

extrn WriteProcessMemory

extrn WritePrivateProfileStringA

extrn WriteFile

extrn WaitForSingleObject

extrn VirtualQuery

extrn VirtualProtectEx

extrn TerminateProcess

extrn Sleep

extrn SetFilePointer

extrn SetEvent

extrn SetEndOfFile

extrn ResumeThread

extrn ResetEvent

extrn ReadProcessMemory

extrn ReadFile

extrn OpenProcess

extrn LoadLibraryA

extrn LeaveCriticalSection

extrn InitializeCriticalSection

extrn GetVersionExA

extrn GetThreadLocale

extrn GetStdHandle

extrn GetProcAddress

extrn GetPrivateProfileStringA

extrn GetModuleHandleA

extrn GetModuleFileNameA

extrn GetLocaleInfoA

extrn GetLocalTime

extrn GetLastError

extrn GetFullPathNameA

extrn GetExitCodeThread

extrn GetDiskFreeSpaceA

extrn GetDateFormatA

extrn GetCurrentThreadId

extrn GetCurrentProcessId

extrn GetCPInfo

extrn InterlockedIncrement

extrn InterlockedExchange

extrn InterlockedDecrement

extrn FreeLibrary

extrn FormatMessageA

extrn EnumCalendarInfoA

extrn EnterCriticalSection

extrn DeleteCriticalSection

extrn CreateMutexA

extrn CreateFileA

extrn CreateEventA

extrn CompareStringA

extrn CloseHandle

;

; Imports from kernel32.dll

;

extrn Sleep

;

; Imports from oleaut32.dll

;

extrn SafeArrayPtrOfIndex

extrn SafeArrayGetUBound

extrn SafeArrayGetLBound

extrn SafeArrayCreate

extrn VariantChangeType

extrn VariantCopy

extrn VariantClear

extrn VariantInit

;

;----------------------------------------------------------------------------------------------------

Soviete · May 8, 2007

Drakes one.

;------------------------------------------------------------------------------

; Imports from kernel32.dll

;

extrn LoadLibraryA

extrn GetProcAddress

extrn VirtualAlloc

extrn VirtualFree

;

; Imports from oleaut32.dll

;

extrn SysFreeString

;

; Imports from advapi32.dll

;

extrn RegQueryValueExA

;

; Imports from user32.dll

;

extrn GetKeyboardType

;

;------------------------------------------------------------------------------

iambored · May 9, 2007

u need to compare against old one from drake because he changed it. also one is packed the other not.

if both files were packed with the same packer you wouldn't see any import difference, because, well, its packed. you only see the calls from the packer.

here's a newly packed version in UPX e.g.

http://rapidshare.com/files/30274070/fldrv.dll.html

its 77k.

there are tons of different packers

if you wanna check the dll you gotta unpack it first. there are automatic unpackers on the net, but the best is to do it yourself.

download ollydbg http://www.ollydbg.de/

open the dll with it (say ok blabla when it warns you)

run it (F9)

go into the views, select memory, see the rows corresponding to fldrv.dll. there are section names (.text, .bss etc <= this is delphi code from drake that's why there is this kind of section btw) dump the one starting with e PE (portable executable) header, its easy to see, there is a string like "This program cannot be run in dos mode"

dump it (right click => dump) and reconstruct the dll (with LordPE or others I think most tools can do it), and tada, its unpacked.

Alternative: load the dll the same wait in olly (or in L2.exe if u want) and use some automatic memory dumper like PE Tools. (it will reconstruct it for you, too)

Once you dumped both dll, you can compare them. Good luck.

ps: remember, my dll is based on drake's first dll, the one blocking dualbox and l2w. I didn't see a need to patch the new one, since he simply allowed dualbox on it (but not l2w)

sicky · May 9, 2007

So... anyone have tried it?

We know it works... but its safe 100%? Can all of us be sure of it?

iambored · May 9, 2007

So... anyone have tried it?

We know it works... but its safe 100%? Can all of us be sure of it?

i don't think you'll ever be sure. even 100% legal crap you can't be sure of it.

even drake's files, maybe drake trojan u, how can u be 100% sure ? maybe his client is compromise, u never know.

it's like if something guy with 500 posts came here and said "im the best ever, and i say its sure".

and u will trust him, yet maybe he just lied the 500 past posts lol

i gave you the tools above to check it for yourself however

lion · May 9, 2007

So... anyone have tried it?

We know it works... but its safe 100%? Can all of us be sure of it?

i don't think you'll ever be sure. even 100% legal crap you can't be sure of it.

even drake's files, maybe drake trojan u, how can u be 100% sure ? maybe his client is compromise, u never know.

it's like if something guy with 500 posts came here and said "im the best ever, and i say its sure".

and u will trust him, yet maybe he just lied the 500 past posts lol

i gave you the tools above to check it for yourself however

Ok.. im belive in you iambored... one question.. You make this dll ?

mpj123 · May 9, 2007

yes, he made one of them...

sicky · May 9, 2007

So... anyone have tried it?

We know it works... but its safe 100%? Can all of us be sure of it?

i don't think you'll ever be sure. even 100% legal crap you can't be sure of it.

even drake's files, maybe drake trojan u, how can u be 100% sure ? maybe his client is compromise, u never know.

it's like if something guy with 500 posts came here and said "im the best ever, and i say its sure".

and u will trust him, yet maybe he just lied the 500 past posts lol

i gave you the tools above to check it for yourself however

Same for me... i believe in u... and some friends are using your dll with no problems...

Thx for your share... ;)

It was only a question... dont be angry of it ;)

[Guide] New form of how to use L2walker again in Dragon-Network

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Posts

Topics