Guide L2 Extenders

[femalesoulhound]

wow... nice share anarchy let me try :) thks

[Inken]

I think, i'm dummy. I can't understand for what we used to change extenders? I learned how to do that, but for wut?

[`zэlaи]

Well it's really nice Guide! Keep up the good job in the Section :D

 

-Zelan

[RainforestSpirit]

nice boy

[supersam999]

I don't get it , could you explain me ?

[supersam999]

Does it works on HB ?

[paylis92]

nice share !

[Mechas]

Excelent guide, just I need, thx

[starletgti]

after analyzing the leaked C4 PTS L2server.exe with latest IDA(6) for x64 i get no string names equal to function calls like thoose you describe but i can only find strings like Loading Multisell, Loading Henna etc. Most of functions named sub_******.  And the ida's debugger for x64 processes like this one don't work, it asks for something like "dbgsrv.exe". Am i doing something wrong?

[~BorealP]

Have some one a link to download IDA PRO?

 

Best Regards

[mcbigmac]

after analyzing the leaked C4 PTS L2server.exe with latest IDA(6) for x64 i get no string names equal to function calls like thoose you describe but i can only find strings like Loading Multisell, Loading Henna etc. Most of functions named sub_******.  And the ida's debugger for x64 processes like this one don't work, it asks for something like "dbgsrv.exe". Am i doing something wrong?

 

....you expect IDA to analyze and research everything for you?

There's a reason no one learns this in L2 (and probably other MMO's too).

 

You need to map stuff yourself - and if your well versed in IDC script you could write one that:

1. Fetches said strings

2. Renames the function within to said string.

 

Alternatively find a c4 func list - and write a simpler IDC script to rename functions.

(Which all of us do).

[starletgti]

mcbigmac i am not expect anything i just made this question because my results are not the same as thoose described by the author of this topic.

 

Could you please be more spesific about the IDC script? how it will map sub_"hexaddr" functions to real named functions?

[mcbigmac]

mcbigmac i am not expect anything i just made this question because my results are not the same as thoose described by the author of this topic.

 

Could you please be more spesific about the IDC script? how it will map sub_"hexaddr" functions to real named functions?

 

The Guide never tells you that it will name functions - it will only find the strings used by the L2SERVER_GUARD\CrashGuard to make Lin2Error debug info.

IDC is IDA's "script" language - google it.

 

 

If your missing the actual strings - go to StringTypes - change from ansi to Unicode (option 6),

close Strings Tab, alt+f12 again to reload unicode strings.

 

Problem solved.

 

[Sighed]

after analyzing the leaked C4 PTS L2server.exe with latest IDA(6) for x64 i get no string names equal to function calls like thoose you describe but i can only find strings like Loading Multisell, Loading Henna etc. Most of functions named sub_******.  And the ida's debugger for x64 processes like this one don't work, it asks for something like "dbgsrv.exe". Am i doing something wrong?

 

Best way is to find the L2Server Guard Stack function, that is pressent in almost every function in l2server, and then use the cross reference and you will see all functions where the Guard Stack is present, then is just renaming the functions in IDA.

[starletgti]

Thanks a lot !!! Problem Solved :D