Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Patching exe to load DLL
#11
Actually, you don't even have to use IIDking.
You just have to write ''call 7C801D7B''.
By the way, after that operation, the address of dll's code is save in ''eax''.

ex:

push addressA(written the name of dll)
call 7C801D7B
mov dword ptr ds:[addressB],eax

So, when you want to use the code in dll, you should write:
jmp dword ptr ds:[addressB+X]
X means the differend address you want to jump to.
Reply
Thanks given by:
#12
(05-18-2009, 07:56 AM)xxtomnyxx Wrote:  Actually, you don't even have to use IIDking.
You just have to write ''call 7C801D7B''.
By the way, after that operation, the address of dll's code is save in ''eax''.

ex:

push addressA(written the name of dll)
call 7C801D7B
mov dword ptr ds:[addressB],eax

So, when you want to use the code in dll, you should write:
jmp dword ptr ds:[addressB+X]
X means the differend address you want to jump to.
>>> "call 7C801D7B"
This does not work for every computers...
With different version of kernel32.dll in the windows, the address of LoadLibraryA varies a lot.
As I saw, Silva's first release of the exe for loading dll was done by this way, and it didn't work for my computer. Then, we turned out to use IIDKing.
Reply
Thanks given by:
#13
genevrier Wrote:=">>> "call 7C801D7B"
This does not work for every computers...

That's right.
But....if use IIDKing, it will enlarge LF2.exe and create a new area of memory.
I just don't want to change the capacity of LF2.

So....I try to understand how an exe load system dlls.
And....I succeed!
Binary code:

8C B8 04 00 00 00 00 00 00 00 00 00 60 BB 04 00 08 70 04 00 C0 BA 04 00 00 00 00 00 00 00 00 00
0A BC 04 00 38 72 04 00 94 B8 04 00 00 00 00 00 00 00 00 00 14 BC 04 00 10 70 04 00 F0 BA 04 00
00 00 00 00 00 00 00 00 20 BC 04 00 68 72 04 00 C4 B8 04 00 00 00 00 00 00 00 00 00 3A BD 04 00
40 70 04 00 44 BA 04 00 00 00 00 00 00 00 00 00 D8 BE 04 00 BC 71 04 00 9C B8 04 00 00 00 00 00
00 00 00 00 6C BF 04 00 18 70 04 00 84 B8 04 00 00 00 00 00 00 00 00 00 8A BF 04 00 00 70 04 00
3C BA 04 00 00 00 00 00 00 00 00 00 A8 BF 04 00 B4 71 04 00 40 BB 04 00 00 00 00 00 00 00 00 00
D8 BF 04 00 B8 72 04 00 74 B9 04 00 00 00 00 00 00 00 00 00 E0 C0 04 00 EC 70 04 00 AC BA 04 00
00 00 00 00 00 00 00 00 BC C2 04 00 24 72 04 00 48 B9 04 00 00 00 00 00 00 00 00 00 56 C5 04 00
C0 70 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76 BF 04 00 00 00 00 00
4C BB 04 00 00 00 00 00 01 00 00 80 00 00 00 00 5C BF 04 00 36 BF 04 00 28 BF 04 00 1A BF 04 00
0E BF 04 00 00 BF 04 00 46 BF 04 00 F0 BE 04 00 E4 BE 04 00 00 00 00 00 DC BC 04 00 A6 C6 04 00
94 C6 04 00 82 C6 04 00 78 C6 04 00 5E C6 04 00 48 C6 04 00 32 C6 04 00 22 C6 04 00 08 C6 04 00
F4 C5 04 00 D6 C5 04 00 BA C5 04 00 A6 C5 04 00 92 C5 04 00 80 C5 04 00 2C BC 04 00 42 BC 04 00
4E BC 04 00 62 BC 04 00 70 BC 04 00 86 BC 04 00 94 BC 04 00 9C BC 04 00 B4 BC 04 00 CC BC 04 00
F2 BC 04 00 02 BD 04 00 0E BD 04 00 1E BD 04 00 62 C5 04 00 B4 C6 04 00 00 00 00 00 12 C5 04 00
C8 C4 04 00 88 C4 04 00 42 C4 04 00 04 C4 04 00 C8 C3 04 00 88 C3 04 00 42 C3 04 00 C8 C2 04 00
04 C3 04 00 00 00 00 00 CE C0 04 00 5E C2 04 00 4C C2 04 00 3A C2 04 00 30 C2 04 00 28 C2 04 00
1A C2 04 00 10 C2 04 00 FA C1 04 00 E8 C1 04 00 D6 C1 04 00 C8 C1 04 00 B8 C1 04 00 A8 C1 04 00
94 C1 04 00 7E C1 04 00 70 C1 04 00 64 C1 04 00 5A C1 04 00 52 C1 04 00 44 C1 04 00 36 C1 04 00
2E C1 04 00 24 C1 04 00 14 C1 04 00 06 C1 04 00 C4 C0 04 00 EC C0 04 00 D8 C0 04 00 E2 BF 04 00
EC BF 04 00 FC BF 04 00 0C C0 04 00 16 C0 04 00 26 C0 04 00 30 C0 04 00 46 C0 04 00 4E C0 04 00
58 C0 04 00 62 C0 04 00 6C C0 04 00 74 C0 04 00 7C C0 04 00 86 C0 04 00 8E C0 04 00 96 C0 04 00
A0 C0 04 00 AA C0 04 00 BA C0 04 00 00 00 00 00 98 BF 04 00 00 00 00 00 84 BE 04 00 56 BD 04 00
64 BD 04 00 72 BD 04 00 82 BD 04 00 92 BD 04 00 A4 BD 04 00 B6 BD 04 00 C4 BD 04 00 D0 BD 04 00
E4 BD 04 00 F2 BD 04 00 02 BE 04 00 14 BE 04 00 26 BE 04 00 32 BE 04 00 44 BE 04 00 C4 BE 04 00
B6 BE 04 00 A6 BE 04 00 98 BE 04 00 48 BD 04 00 70 BE 04 00 5E BE 04 00 54 BE 04 00 00 00 00 00
6E C2 04 00 AC C2 04 00 98 C2 04 00 84 C2 04 00 00 00 00 00 FA BB 04 00 6A BB 04 00 78 BB 04 00
EC BB 04 00 DA BB 04 00 CA BB 04 00 B8 BB 04 00 AA BB 04 00 9E BB 04 00 90 BB 04 00 84 BB 04 00
00 00 00 00 0B 00 00 80 34 00 00 80 17 00 00 80 09 00 00 80 65 00 00 80 02 00 00 80 0D 00 00 80
0A 00 00 80 33 00 00 80 04 00 00 80 0C 00 00 80 01 00 00 80 13 00 00 80 10 00 00 80 74 00 00 80
14 00 00 80 03 00 00 80 73 00 00 80 39 00 00 80 00 00 00 00 C8 BF 04 00 B4 BF 04 00 00 00 00 00
0C 00 44 69 72 65 63 74 44 72 61 77 43 72 65 61 74 65 00 00 44 44 52 41 57 2E 64 6C 6C 00 76 00
6D 6D 69 6F 41 73 63 65 6E 64 00 00 80 00 6D 6D 69 6F 52 65 61 64 00 00 77 00 6D 6D 69 6F 43 6C
6F 73 65 00 79 00 6D 6D 69 6F 44 65 73 63 65 6E 64 00 7E 00 6D 6D 69 6F 4F 70 65 6E 41 00 94 00
74 69 6D 65 47 65 74 54 69 6D 65 00 17 00 6A 6F 79 47 65 74 44 65 76 43 61 70 73 41 00 00 1E 00
6A 6F 79 53 65 74 43 61 70 74 75 72 65 00 1F 00 6A 6F 79 53 65 74 54 68 72 65 73 68 6F 6C 64 00
1B 00 6A 6F 79 47 65 74 50 6F 73 45 78 00 19 00 6A 6F 79 47 65 74 4E 75 6D 44 65 76 73 00 57 49
4E 4D 4D 2E 64 6C 6C 00 44 53 4F 55 4E 44 2E 64 6C 6C 00 00 57 53 4F 43 4B 33 32 2E 64 6C 6C 00
3F 03 4F 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6E 67 41 00 00 BF 04 6C 73 74 72 6C 65 6E 41
00 00 F7 01 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 44 00 43 6C 6F 73 65 48 61 6E
64 6C 65 00 1F 03 4D 75 6C 74 69 42 79 74 65 54 6F 57 69 64 65 43 68 61 72 00 79 00 43 72 65 61
74 65 46 69 6C 65 41 00 2B 04 53 6C 65 65 70 00 F4 02 4C 65 61 76 65 43 72 69 74 69 63 61 6C 53
65 63 74 69 6F 6E 00 00 DA 00 45 6E 74 65 72 43 72 69 74 69 63 61 6C 53 65 63 74 69 6F 6E 00 00
E8 01 47 65 74 4C 6F 63 61 6C 54 69 6D 65 00 00 C2 02 49 6E 74 65 72 6C 6F 63 6B 65 64 45 78 63
68 61 6E 67 65 00 E7 01 47 65 74 4C 61 73 74 45 72 72 6F 72 00 00 97 04 57 72 69 74 65 46 69 6C
65 00 A4 00 43 72 65 61 74 65 54 68 72 65 61 64 00 00 B9 02 49 6E 69 74 69 61 6C 69 7A 65 43 72
69 74 69 63 61 6C 53 65 63 74 69 6F 6E 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 B8 02 53 68
6F 77 57 69 6E 64 6F 77 00 00 D8 01 4C 6F 61 64 49 6D 61 67 65 41 00 00 F8 01 4D 65 73 73 61 67
65 42 6F 78 41 00 A0 00 44 65 73 74 72 6F 79 57 69 6E 64 6F 77 00 E9 02 55 70 64 61 74 65 57 69
6E 64 6F 77 00 00 67 00 43 72 65 61 74 65 57 69 6E 64 6F 77 45 78 41 00 33 02 52 65 67 69 73 74
65 72 43 6C 61 73 73 41 00 00 D2 01 4C 6F 61 64 43 75 72 73 6F 72 41 00 D6 01 4C 6F 61 64 49 63
6F 6E 41 00 6F 01 47 65 74 53 79 73 74 65 6D 4D 65 74 72 69 63 73 00 00 31 01 47 65 74 4B 65 79
53 74 61 74 65 00 1E 02 50 6F 73 74 4D 65 73 73 61 67 65 41 00 00 20 02 50 6F 73 74 51 75 69 74
4D 65 73 73 61 67 65 00 95 00 44 65 66 57 69 6E 64 6F 77 50 72 6F 63 41 00 00 70 02 53 65 74 43
75 72 73 6F 72 00 45 00 43 6C 69 65 6E 74 54 6F 53 63 72 65 65 6E 00 00 0D 01 47 65 74 43 6C 69
65 6E 74 52 65 63 74 00 91 02 53 65 74 52 65 63 74 00 AA 01 49 6E 76 61 6C 69 64 61 74 65 52 65
63 74 00 00 A8 00 44 69 73 70 61 74 63 68 4D 65 73 73 61 67 65 41 00 00 D5 02 54 72 61 6E 73 6C
61 74 65 4D 65 73 73 61 67 65 00 00 4A 01 47 65 74 4D 65 73 73 61 67 65 41 00 1B 02 50 65 65 6B
4D 65 73 73 61 67 65 41 00 00 05 03 6B 65 79 62 64 5F 65 76 65 6E 74 00 36 01 47 65 74 4B 65 79
62 6F 61 72 64 53 74 61 74 65 00 00 55 53 45 52 33 32 2E 64 6C 6C 00 00 9F 02 54 65 78 74 4F 75
74 41 00 00 8D 02 53 65 74 54 65 78 74 43 6F 6C 6F 72 00 00 65 02 53 65 74 42 6B 43 6F 6C 6F 72
00 00 CD 00 44 65 6C 65 74 65 44 43 00 00 9A 02 53 74 72 65 74 63 68 42 6C 74 00 00 E2 01 47 65
74 4F 62 6A 65 63 74 41 00 00 5E 02 53 65 6C 65 63 74 4F 62 6A 65 63 74 00 00 2E 00 43 72 65 61
74 65 43 6F 6D 70 61 74 69 62 6C 65 44 43 00 00 D0 00 44 65 6C 65 74 65 4F 62 6A 65 63 74 00 00
47 44 49 33 32 2E 64 6C 6C 00 0B 00 47 65 74 4F 70 65 6E 46 69 6C 65 4E 61 6D 65 41 00 00 43 4F
4D 44 4C 47 33 32 2E 64 6C 6C 00 00 14 01 53 68 65 6C 6C 45 78 65 63 75 74 65 41 00 53 48 45 4C
4C 33 32 2E 64 6C 6C 00 10 00 43 6F 43 72 65 61 74 65 49 6E 73 74 61 6E 63 65 00 00 3D 00 43 6F
49 6E 69 74 69 61 6C 69 7A 65 00 00 6F 6C 65 33 32 2E 64 6C 6C 00 33 05 6D 65 6D 73 65 74 00 00
10 00 3F 3F 33 40 59 41 58 50 41 58 40 5A 00 00 0F 00 3F 3F 32 40 59 41 50 41 58 49 40 5A 00 00
2F 05 6D 65 6D 63 70 79 00 00 1E 00 3F 3F 5F 55 40 59 41 50 41 58 49 40 5A 00 4F 05 73 70 72 69
6E 74 66 00 74 00 5F 5F 43 78 78 46 72 61 6D 65 48 61 6E 64 6C 65 72 33 00 00 ED 04 66 72 65 65
00 00 E6 04 66 70 72 69 6E 74 66 00 D9 04 66 63 6C 6F 73 65 00 00 F1 04 66 73 63 61 6E 66 00 00
DA 04 66 65 6F 66 00 00 E4 04 66 6F 70 65 6E 00 24 05 6D 61 6C 6C 6F 63 00 00 41 05 72 61 6E 64
00 00 DF 04 66 67 65 74 73 00 34 01 5F 63 68 64 69 72 00 00 E5 01 5F 67 65 74 63 77 64 00 7A 02
5F 6C 6F 63 61 6C 74 69 6D 65 36 34 00 00 D1 03 5F 74 69 6D 65 36 34 00 53 05 73 73 63 61 6E 66
00 00 CE 04 63 61 6C 6C 6F 63 00 00 52 05 73 72 61 6E 64 00 4D 53 56 43 52 38 30 2E 64 6C 6C 00
76 01 5F 65 78 63 65 70 74 5F 68 61 6E 64 6C 65 72 34 5F 63 6F 6D 6D 6F 6E 00 18 01 5F 61 6D 73
67 5F 65 78 69 74 00 00 A0 00 5F 5F 67 65 74 6D 61 69 6E 61 72 67 73 00 2F 01 5F 63 65 78 69 74
00 00 7F 01 5F 65 78 69 74 00 67 00 5F 58 63 70 74 46 69 6C 74 65 72 00 2B 02 5F 69 73 6D 62 62
6C 65 61 64 00 00 D6 04 65 78 69 74 00 00 03 01 5F 61 63 6D 64 6C 6E 00 0A 02 5F 69 6E 69 74 74
65 72 6D 00 0B 02 5F 69 6E 69 74 74 65 72 6D 5F 65 00 3F 01 5F 63 6F 6E 66 69 67 74 68 72 65 61
64 6C 6F 63 61 6C 65 00 E9 00 5F 5F 73 65 74 75 73 65 72 6D 61 74 68 65 72 72 00 00 11 01 5F 61
64 6A 75 73 74 5F 66 64 69 76 00 00 CC 00 5F 5F 70 5F 5F 63 6F 6D 6D 6F 64 65 00 00 D0 00 5F 5F
70 5F 5F 66 6D 6F 64 65 00 00 6D 01 5F 65 6E 63 6F 64 65 5F 70 6F 69 6E 74 65 72 00 E6 00 5F 5F
73 65 74 5F 61 70 70 5F 74 79 70 65 00 00 4E 01 5F 63 72 74 5F 64 65 62 75 67 67 65 72 5F 68 6F
6F 6B 00 00 ED 03 5F 75 6E 6C 6F 63 6B 00 97 00 5F 5F 64 6C 6C 6F 6E 65 78 69 74 00 7C 02 5F 6C
6F 63 6B 00 22 03 5F 6F 6E 65 78 69 74 00 63 01 5F 64 65 63 6F 64 65 5F 70 6F 69 6E 74 65 72 00
11 02 5F 69 6E 76 6F 6B 65 5F 77 61 74 73 6F 6E 00 00 42 01 5F 63 6F 6E 74 72 6F 6C 66 70 5F 73
00 00 6A 00 49 6E 74 65 72 6E 65 74 43 6C 6F 73 65 48 61 6E 64 6C 65 00 9E 00 49 6E 74 65 72 6E
65 74 52 65 61 64 46 69 6C 65 00 00 97 00 49 6E 74 65 72 6E 65 74 4F 70 65 6E 55 72 6C 41 00 00
96 00 49 6E 74 65 72 6E 65 74 4F 70 65 6E 41 00 57 49 4E 49 4E 45 54 2E 64 6C 6C 00 01 04 3F 3F
5F 44 3F 24 62 61 73 69 63 5F 6F 66 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69
74 73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 58 58 5A 00 00 47 06 3F 63 6C 6F 73 65
40 3F 24 62 61 73 69 63 5F 6F 66 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69 74
73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 58 58 5A 00 FF 0B 3F 77 72 69 74 65 40 3F
24 62 61 73 69 63 5F 6F 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69 74 73 40 44
40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 41 41 56 31 32 40 50 42 44 48 40 5A 00 4F 01 3F 3F
30 3F 24 62 61 73 69 63 5F 6F 66 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69 74
73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 40 50 42 44 48 48 40 5A 00 00 F5 03 3F 3F
5F 44 3F 24 62 61 73 69 63 5F 69 66 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69
74 73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 58 58 5A 00 00 44 06 3F 63 6C 6F 73 65
40 3F 24 62 61 73 69 63 5F 69 66 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69 74
73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 58 58 5A 00 9F 0A 3F 72 65 61 64 40 3F 24
62 61 73 69 63 5F 69 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69 74 73 40 44 40
73 74 64 40 40 40 73 74 64 40 40 51 41 45 41 41 56 31 32 40 50 41 44 48 40 5A 00 00 28 01 3F 3F
30 3F 24 62 61 73 69 63 5F 69 66 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72 61 69 74
73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 40 50 42 44 48 48 40 5A 00 00 A6 0B 3F 74
65 6C 6C 67 40 3F 24 62 61 73 69 63 5F 69 73 74 72 65 61 6D 40 44 55 3F 24 63 68 61 72 5F 74 72
61 69 74 73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 3F 41 56 3F 24 66 70 6F 73 40 48
40 32 40 58 5A 00 04 0B 3F 73 65 65 6B 67 40 3F 24 62 61 73 69 63 5F 69 73 74 72 65 61 6D 40 44
55 3F 24 63 68 61 72 5F 74 72 61 69 74 73 40 44 40 73 74 64 40 40 40 73 74 64 40 40 51 41 45 41
41 56 31 32 40 4A 48 40 5A 00 4D 53 56 43 50 38 30 2E 64 6C 6C 00 BF 02 49 6E 74 65 72 6C 6F 63
6B 65 64 43 6F 6D 70 61 72 65 45 78 63 68 61 6E 67 65 00 00 3C 02 47 65 74 53 74 61 72 74 75 70
49 6E 66 6F 41 00 37 04 54 65 72 6D 69 6E 61 74 65 50 72 6F 63 65 73 73 00 00 AA 01 47 65 74 43
75 72 72 65 6E 74 50 72 6F 63 65 73 73 00 48 04 55 6E 68 61 6E 64 6C 65 64 45 78 63 65 70 74 69
6F 6E 46 69 6C 74 65 72 00 00 1F 04 53 65 74 55 6E 68 61 6E 64 6C 65 64 45 78 63 65 70 74 69 6F
6E 46 69 6C 74 65 72 00 D6 02 49 73 44 65 62 75 67 67 65 72 50 72 65 73 65 6E 74 00 59 03 51 75
65 72 79 50 65 72 66 6F 72 6D 61 6E 63 65 43 6F 75 6E 74 65 72 00 6A 02 47 65 74 54 69 63 6B 43
6F 75 6E 74 00 00 AE 01 47 65 74 43 75 72 72 65 6E 74 54 68 72 65 61 64 49 64 00 00 AB 01 47 65
74 43 75 72 72 65 6E 74 50 72 6F 63 65 73 73 49 64 00 53 02 47 65 74 53 79 73 74 65 6D 54 69 6D
65 41 73 46 69 6C 65 54 69 6D 65 00 53 01 47 65 74 41 43 50 00 00 E9 01 47 65 74 4C 6F 63 61 6C
65 49 6E 66 6F 41 00 00 63 02 47 65 74 54 68 72 65 61 64 4C 6F 63 61 6C 65 00 7A 02 47 65 74 56
65 72 73 69 6F 6E 45 78 41 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 3C 62 67 6D 5F 62 65 67
69 6E 3E 00


Copy the code and replace area from ''44B76C'' to ''44C6CF''(or 4B76C to 4C6CF).
The code will be:
call dword ptr ds:[4470BC]

The method can be used for any version of LF2 if you replace the right area.
Reply
Thanks given by: genevrier
#14
yeah thnx it helped a lot
Reply
Thanks given by:
#15
lord silva, i cant understand where in olly thing i should do it. can you explane more how to do the olly thing?
Reply
Thanks given by:
#16
Quote:4.Scroll up a few lines(I did it at 00446A4E), right click, binary> edit. Type in rarara.dll (in the ASCII box).
i can't find this
maybe you'll make video ?
Reply
Thanks given by:
#17
Silva Wrote:Important Stuff:
Is it possible to .... ? Yes.
Is it practical? Maybe.
Will someone bother doing it? Probably not.
Will Silva do it if you ask him? No.
Will Silva get annoyed if you pm him about it? Yes
Reply
Thanks given by: Divisor
#18
can anyone tell me why this post has been removed 2 times?
In ASCII box i can write only one letter:/
Because nobody understands you. Sorry :/ - Simoneon
i can write 'r' no 'rarara.dll'
[Image: 63714442.png]
edited
Reply
Thanks given by:
#19
uncheck the keep size box
Reply
Thanks given by:
#20
can u patch my exe? Where can i send u the file
Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)