Jump to content
MaxCheaters Official Group on Discord
-> Place your ad text here <-
We're Rebuilding – Join Our Staff Team

L2 Extenders

Anarchy
 Share

Recommended Posts

Anarchy Enthusiast

Anarchy

Posted
Posted

I find this forum extremely lacking in information for users on extenders, and the only semi-useful shares are pieces of code written by developers which are of no use to the average user or new-comer to the L2 Official experience. Many people also believe that as a result of commercially available extenders, such as dvampire and depmax, that there is no need for the average L2Off server owner to write their own extenders. But there are many things that neither dvampire or depmax do which can be of use to some.

So I have decided to write this little guide, with the full source-code included, that will show first of all how to create an IDA Pro Database for your L2Server.exe, and then how to remove the length limit from the //announce GM command using an extender.
I'm aiming this guide towards people who maybe know a little C++ but feel intimidated by the prospects of creating an extender, but rest assured, the basic's are quite easy once you get into it.

This guide is written for the dvampire L2Server.exe and so any addresses mentioned will only be valid for that exe, that also applies to the source.
Source -> http://rapidshare.com/files/394471289/Extender.rar.html
Attaching Guide -> http://www.maxcheaters.com/topic/75684-guide-attaching-an-extender/

The first thing you need when starting with extenders is IDA Pro, this program will disassemble the L2Server.exe into assembly, which is invaluable to any extender developer.
Some ASM knowledge is required, but the basics required to create simple but useful extenders are pretty easy to learn.


So, lets start by creating an IDA Pro database. Once you have downloaded and installed IDA Pro, you must open the 64bit version. You do not require a 64bit operating system to do this, so it is better you create an IDA database on your PC and not your server.
Once opened, you will be prompted by the "Welcome to IDA!" screen.
welcometl.jpg

The icon on the task bar, and at the top left of the welcome screen, should have a red "64" at the top right corner.
37924696.jpg

This means you are running the 64bit version of IDA Pro, if you do not see the red "64" you are running the wrong version.

Click the "New" button, and then IDA Pro will open and prompt you with the "New Disassembly Database" window.
newqm.jpg

Double click the "PE Executable" Icon and IDA will then ask you to locate the PE Executable you wish to disassemble, which is your L2Server.exe, so navigate to your L2Server.exe and select it.
selectx.jpg

You will now be prompted with the "PE Executable file loading wizard", with the latest version of IDA Pro, you don't have to change any of the analysis options to get a decent database, but the more advanced users may want/need to change some settings to get a correct analysis. If you want to change these settings, check the "Analysis Options" box and click next. I typically uncheck "Delete instructions with no xrefs" and "Create offset if data xref to seg32 exists" (After analysis and string generation I usually re-enable the 2nd option and reanalze to fix the data that should be offsets, without breaking unicode strings). Then just keep clicking next until the wizard closes.
IDA may then ask you to locate various .dll files depending on what other extenders are already attached to the L2Server.exe you have loaded, you can either locate these files and load them, or just click cancel as they are not necessary for the creation of the database. IDA will also ask if you wish to locate the debug information file, which you don't have, so click No. ( It doesn't matter if you click yes or no, as IDA will not find that file either way )
Now IDA will start analysing your L2Server.exe, depending on your computer's performance this process could take 5 minutes, or something like 20 minutes. For me it takes no longer than 5 minutes, and you can tell when it has finished by the auto analysis status icon on the toolbar, which looks like a yellow circle when IDA is still analysing, and it will turn green when it is done, you will also see "The initial autoanalysis has been finished" in the output window at the bottom of the IDA screen. Older versions of IDA will automatically generate strings on completion of the analysis, but the version I'm using doesn't, and so I go to View->Open Subviews->Strings (or SHIFT+F12) to generate the strings.

Congratulations. You have now created your IDA Database.


Now comes the more difficult part, now you have created your IDA Database you need to use it to find and fix the length limit for the //announce function.

For peoeple who aren't familliar with the structure of the l2server it may be difficult at first to find your way around, but after a while it becomes pretty easy. NCSoft has made our job as extender developers a lot easier because of the way they handle crashes, anyone who has seen a LinError.txt will have noticed the call-stack dump containing a lot of function names, and this is ultimately the easiest way to find a function you are looking for, by searching in the IDA Strings window for the name of the function.

The function we need to find is the builder command handler function for the //announce command. So to start looking, go to the strings window, click search at the top of the screen, and then click search under that (or ALT+T Shortcut), and then as we are looking for the announce function, type announce into the box and hit enter. As your analysis may not go exactly the same as mine, and you may be using a different L2Server.exe, the strings that your search picks up may not be in the same order as mine.
The first result I get is 'set_interval_announce', which is another GM command, but not the one we are looking for, so I hit CTRL+T to find the next result, and my next results are, critannounce, delannounce, setannounce, and then the command we are looking for... announce. This string is the command which is stored in the builder command handler array, and you can use this string to find the announce function but it is easier to carry on searching for the actual announce function. So CTRL+T once more brings us  to exactly what we are looking for, BuilderCmd_announce, this string is the function name used by the L2Server for LinErrors, and so is referenced from the function we need.

So I hit enter in the Strings window, and that then opens the location of the string in the IDA View window, by using the keyboard shortcut CTRL+X IDA will then show you the xref's to that string. Click OK and IDA will now jump to where that string is referenced in our BuilderCmd_announce function. If you don't know assembly, this is the point where you will be quite confused by what is on the screen, and so I would suggest learning some basic assembly before attempting this.

For this part I am going to assume anyone reading this far knows some assembly and so you should be able to follow this pretty easily. I happen to know the reason for the character limit is because the L2Server copies only a maximum of 50 characters into the buffer which is sent to the "BroadcastToAllUser_Announce" function, which actually sends the announcement to the players ingame. To overcome this problem is an incredibly simple operation. The easiest way to find what we need to change is look for where the announcement string is copied into the buffer to be sent to the players, which is at the address 0x450A5E. The correct way to fix this function would be to overwrite the address in the builder command handler array for this function with a completely new function and rewrite the command handler function itself. But a much easier and much quicker way is to simply send the whole announce command string to the broadcast function instead of the buffer which contains the maxixmum 50 chars. The full announcement string is sent to the function from the builder command handler in the register r8, and at the top of the function the server moves the string (r8) into r12, so all we need to do is move r12 to rcx (the first argument register) for the function call rather than the limited buffer. To do this we need to replace the code at 0x450A63, with "mov rcx, r12". Which in opcode form is 498BCC, and as the code we are replacing is 8 bytes, and our new code is only 3, we must remember NOP the area, which means writing 0x90, for 5 bytes after our code. So we write 498BCC9090909090 to 0x450A63.

And it's done!

You could also just write the changes into the L2Server.exe using a hex editor, but that's far less fun.
The code for these changes can be found here: http://rapidshare.com/files/394471289/Extender.rar.html
And I hope that this guide helps more people become extender developers, because we are a rare breed in L2 these days, and it would be great to see more people doing things for themselves, rather than relying on dvampire or depmax to do everything for them.

Check this link for a guide of how to attach an extender to your L2Server.exe -> http://maxcheaters.com/forum/index.php?topic=154347.0

  • Like 2
  • Thanks 1
mcbigmac Newbie

mcbigmac

Posted
Posted

For the other people!!!!

 

 

China Exe Address(WHICH BTW IS THE LATEST BUILD AND THEREFOR SUPERIOR TO NORMAL C4 AND DVAMP EXE):

0x0043F7D6

 

Normal C4 Exe Address (Open PP / L2storm - amped 2.0a versions):

0x00450416

 

 

PS: Chicken helps you code.

 

Anarchy Enthusiast

Anarchy

Posted
  • Author
Posted

so use it then, the only reason I didn't is because I don't redistribute other people's work without their permission, plus as this was only a demonstration project to replace 4 bytes, it wasn't needed... or I would of included my memory writing class.

seasoned Newbie

seasoned

Posted
Posted

:o Really great.

Very good job.

 

/offtopic: you are little anarchy?

 

/offtopic2: when you are giving to s/o +1 karma, you are losing one of yours?

  • 2 weeks later...
mcbigmac Newbie

mcbigmac

Posted
Posted

does it matter if i compile the source in 32-bit machine or 64-bit machine?

 

It would be fairly bad to try an inject a 32bit dll into a 64bit application ;)

  • 1 month later...
  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • Artemis37
      Rose Interface Source (p520)

      By Artemis37 · Posted

      Do you sell interlude interfaces?
    • Databay
      █ 7,000,000+ RESIDENTIAL PROXIES ✅ FROM 0.65$ / GB █

      By Databay · Posted

      This is a bump
    • Nightw0lf
      How to start learning Java using Lineage 2 as an example?

      By Nightw0lf · Posted

      in conclusion when somebody who has a project for 10+ years still on development writes an e-say to try until you succeed and then advertises his project, one of the reasons is he needs money, so l2j has once more become pure expensive hobby, you wont make money out of it.   You can still use L2jFrozen and get better results for this, i know some people that done it    keep in mind that C in aCis stands for Crappy, and after all these years its not a cool wordplay anymore, its a fact, prove me wrong.
    • Tryskell
      How to start learning Java using Lineage 2 as an example?

      By Tryskell · Posted

      First, don't really follow the "main voice", moreover if you consider it an hobby. Simply do what you want, you got only one life so use it as you want. If you make it an hobby, it's exactly like piano, or velo - only practice makes you better.   Secondly, how do you learn things ? It's actually a really important question, since some can simply be scholar, read books (theory) then practice ; and some simply can't read books. I'm the second type, I hated school, I find it boring - my knowledge in Java comes from try-and-fail. You improve your coding style every year or so, I can myself rewrite my own code (which I already considered top-notched) after a while. You always learn something new - even if Java barely evolves. L2J is a fun way to learn programming, it's a giant sandbox where you can edit anything, and I believe it should be taken as it.   My own way of learning was as follow : Add existing customs, no matter what they are : the point is to know main classes used by L2J / customs. L2J is barely Java knowledge ; the true knowledge is to know WHAT to search in WHICH location (what I call, organization). You have to understand than EVERYTHING you think already exists, in a form on another, in the source code. A custom is only the association of the different mechanisms you found "here and there", glued together in a proper goal. Once you know main classes to edit, and the customs you added are compiling fine, the main point is to know WHAT exactly you DID. Try to understand WHY and WHERE you actually copied the code. Third point would be to MANIPULATE the customs you added in order to fit your wish. First edit little values, then logic conditions ; eventually add a new Config, or a new functionality to the custom. Fourth point would be to begin to craft your own ideas. Once again, EVERYTHING already exists, in a form or another. You want a cycled event ? You got Seven Signs main task as exemple. Npc ? Search any type of Npc and figure out what it does. Fifth point would be to understand Java - mostly containers (WHAT and WHERE to use them), variables types and main Java mechanisms (inheritance, static modifier, etc). You should also begin to cut your code into maintainable classes or methods. Java can actually run without optimization, but bigger your ideas, more optimized and well-thought it should be. It's direct saved time in the future, and you would thank yourself doing so. Main tips : ALWAYS use any type of versioning system - GIT or SVN. It allows to save your work, step by step and eventually revert back anytime you want if you terribly messed up. L2J is 80% organization knowledge, and 20% Java knowledge. Basically, if you know WHAT and WHERE to search, if you aren't dumb, it's easy to replicate and re-use things. Cherry on top is to use a already good coded pack to avoid copy-paste crap and get bad habits. Avoid any type of russian or brazilian packs, for exemple - their best ability is to leak someone's else code. Obviously you need some default sense of logic, but Java and programming in general help you to improve it.   Finally, most of your questions could be solved joining related Discord (at least for aCis, I can't speak for others) - from the moment your question was correctly asked (and you seemed to search for the answer). My community (and myself) welcomes newbies, but got some issues with noobies.   The simpliest is to try, fail and repeat until you succeed - it sounds stupid, but that's basically how life works.   PS : about Java ressources, before ChatGPT, it was mostly about stackoverflow website, and site like Baeldung's one. With ChatGPT and alike, you generally double-cross AI output to avoid fucked up answers. Also, care about AI, they are often hallucinating really hard, even today. They can give you complete wrong answer, you tell them they are wrong, and they say "indeed, I suck, sorry - here's a new fucked up answer". You shouldn't 100% rely over AI answer, even if that can give sometimes legit answers, full code or just skeletons of ideas.   PPS : I don't think there are reliable ressources regarding L2J itself, also most of the proposed code decays pretty fast if the source code is actually maintained (at least for aCis). Still, old coded customs for old aCis sources are actually a good beginner challenge to apply on latest source.
    • Atom
      L2 Reborn x1 Origins

      By Atom · Posted

      Add prices please.

  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock