Created
September 3, 2016 06:44
-
-
Save acmi/9297acdc0c0320902f84a512e2ac5592 to your computer and use it in GitHub Desktop.
Lineage 2 dump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| void DumpFile() | |
| { | |
| typedef void (__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int); | |
| typedef void (__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int); | |
| f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "?appLoadFileToArray@@YAHAAV?$TArray@E@@PBGPAVFFileManager@@@Z"); | |
| f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "?appSaveArrayToFile@@YAHABV?$TArray@E@@PBGPAVFFileManager@@@Z"); | |
| char TArray[0x14]; | |
| memset(TArray,0,0x14); | |
| appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A"))); | |
| appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A"))); | |
| } | |
| bool dumped = false; | |
| void StartCheck() | |
| { | |
| // wait until WinDrv is loaded just so we know everything we need is initialized correctly | |
| if (GetModuleHandleA("WinDrv.dll") != NULL) { | |
| if (!dumped) { | |
| DumpFile(); | |
| dumped = true; | |
| } | |
| } | |
| } | |
| __declspec(dllexport) BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) | |
| { | |
| switch (ul_reason_for_call) | |
| { | |
| case DLL_PROCESS_ATTACH: | |
| case DLL_THREAD_ATTACH: | |
| StartCheck(); | |
| case DLL_THREAD_DETACH: | |
| case DLL_PROCESS_DETACH: | |
| break; | |
| } | |
| return TRUE; | |
| } |
Hi there,
Did everything as you described, but I think they patched it. After I tried to open L2.exe in order to invoke l2.bin it does nothing. The game doesn't open and interface.decrypt.u is not generating inside the system folder. I tried opening Core.dll with CFF Explorer and couldn't find appLoadFileToArray or appSaveArrayToFile inside it. Any ideas?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Attaching DLL:
Download and install Explorer Suite from NTCore
Open CFF Explorer and then open L2.bin inside CFF Explorer
On the left side, click "Import Adder"
Click "Add", locate your compiled DLL file
In "Exported Functions" box click "DllMain" then click "Import By Name"
Click "Rebuild Import Table"
On the left side, click "Rebuilder"
Click "Bind Import Table" check box then click "Rebuild"
Save L2.bin (Keep a backup of original ofc)