Guide L2 Extenders

femalesoulhound · December 28, 2011

wow... nice share anarchy let me try :) thks

Inken · February 22, 2012

I think, i'm dummy. I can't understand for what we used to change extenders? I learned how to do that, but for wut?

`zэlaи · March 8, 2012

Well it's really nice Guide! Keep up the good job in the Section :D

-Zelan

RainforestSpirit · March 26, 2012

nice boy

supersam999 · July 1, 2012

I don't get it , could you explain me ?

supersam999 · July 1, 2012

Does it works on HB ?

paylis92 · July 5, 2012

nice share !

Mechas · September 12, 2012

Excelent guide, just I need, thx

starletgti · January 8, 2013

after analyzing the leaked C4 PTS L2server.exe with latest IDA(6) for x64 i get no string names equal to function calls like thoose you describe but i can only find strings like Loading Multisell, Loading Henna etc. Most of functions named sub_******. And the ida's debugger for x64 processes like this one don't work, it asks for something like "dbgsrv.exe". Am i doing something wrong?

~BorealP · January 9, 2013

Have some one a link to download IDA PRO?

Best Regards

mcbigmac · January 9, 2013

after analyzing the leaked C4 PTS L2server.exe with latest IDA(6) for x64 i get no string names equal to function calls like thoose you describe but i can only find strings like Loading Multisell, Loading Henna etc. Most of functions named sub_******. And the ida's debugger for x64 processes like this one don't work, it asks for something like "dbgsrv.exe". Am i doing something wrong?

....you expect IDA to analyze and research everything for you?

There's a reason no one learns this in L2 (and probably other MMO's too).

You need to map stuff yourself - and if your well versed in IDC script you could write one that:

1. Fetches said strings

2. Renames the function within to said string.

Alternatively find a c4 func list - and write a simpler IDC script to rename functions.

(Which all of us do).

starletgti · January 9, 2013

mcbigmac i am not expect anything i just made this question because my results are not the same as thoose described by the author of this topic.

Could you please be more spesific about the IDC script? how it will map sub_"hexaddr" functions to real named functions?

mcbigmac · January 10, 2013

mcbigmac i am not expect anything i just made this question because my results are not the same as thoose described by the author of this topic.

Could you please be more spesific about the IDC script? how it will map sub_"hexaddr" functions to real named functions?

The Guide never tells you that it will name functions - it will only find the strings used by the L2SERVER_GUARD\CrashGuard to make Lin2Error debug info.

IDC is IDA's "script" language - google it.

If your missing the actual strings - go to StringTypes - change from ansi to Unicode (option 6),

close Strings Tab, alt+f12 again to reload unicode strings.

Problem solved.

Sighed · January 10, 2013

after analyzing the leaked C4 PTS L2server.exe with latest IDA(6) for x64 i get no string names equal to function calls like thoose you describe but i can only find strings like Loading Multisell, Loading Henna etc. Most of functions named sub_******. And the ida's debugger for x64 processes like this one don't work, it asks for something like "dbgsrv.exe". Am i doing something wrong?

Best way is to find the L2Server Guard Stack function, that is pressent in almost every function in l2server, and then use the cross reference and you will see all functions where the Guard Stack is present, then is just renaming the functions in IDA.

starletgti · January 10, 2013

Thanks a lot !!! Problem Solved :D

Guide L2 Extenders

Recommended Posts

femalesoulhound

Inken

`zэlaи

RainforestSpirit

supersam999

supersam999

paylis92

Mechas

starletgti

~BorealP

mcbigmac

starletgti

mcbigmac

Sighed

starletgti

Join the conversation

Anarchy

Posts

Topics

Browse

Activity

Store