Chat
Discord
What you need:
IIDKing v2.01
OllyDBG
1.Open IIDKing and Open LF2 with it.
2.Press "Click to pick DLL(s) and their API(s) to add.
3.Browse to C:/windows/system32/kernel32.dll
4.Scroll down in the window appeared until you see "LoadLibaryA"
5.Select it and press "Add them!"
Should be at this stage:
![[Image: iddking.png]](http://img27.imageshack.us/img27/5979/iddking.png)
Just press "Add them!!" and you are finished.
IDDKing made a txt file in your lf2 directory. Open it. It should say something like:
Now it is time for Olly.
1.Open lf2 in olly.
*The first line selected is the called the Entry point.
2.Change the call at the entry point to call an empty location at the bottom of the file. For example:
3.Now at 00446A61(or where ever you choose to call), put the original call again( CALL 00445B31).
4.Scroll up a few lines(I did it at 00446A4E), right click, binary> edit. Type in rarara.dll (in the ASCII box).
5.Now scroll back to the call and write PUSH X (X being where you wrote the dll name, for me its 00446A4E).
6.Remember the txt that IDDKing made? Open it and copy paste the call part (call dword ptr [74f134]), then paste it into olly after the push.
7.return to the rest of the code. (RET command, it is a asm command thingy)
Example:
You're done :).
PS: Make sure the exe you are patching is based on the no-num version... Otherwise the DLL won't work.
IIDKing v2.01
OllyDBG
1.Open IIDKing and Open LF2 with it.
2.Press "Click to pick DLL(s) and their API(s) to add.
3.Browse to C:/windows/system32/kernel32.dll
4.Scroll down in the window appeared until you see "LoadLibaryA"
5.Select it and press "Add them!"
Should be at this stage:
Just press "Add them!!" and you are finished.
IDDKing made a txt file in your lf2 directory. Open it. It should say something like:
Code:
kernel32.dll::LoadLibraryA->call dword ptr [74f134]Now it is time for Olly.
1.Open lf2 in olly.
*The first line selected is the called the Entry point.
2.Change the call at the entry point to call an empty location at the bottom of the file. For example:
|
ASM-Code:
;before CALL 00445B31 ;after CALL 00446A61 |
3.Now at 00446A61(or where ever you choose to call), put the original call again( CALL 00445B31).
4.Scroll up a few lines(I did it at 00446A4E), right click, binary> edit. Type in rarara.dll (in the ASCII box).
5.Now scroll back to the call and write PUSH X (X being where you wrote the dll name, for me its 00446A4E).
6.Remember the txt that IDDKing made? Open it and copy paste the call part (call dword ptr [74f134]), then paste it into olly after the push.
7.return to the rest of the code. (RET command, it is a asm command thingy)
Example:
Code:
00446333 . 72 61 72 61 72>ASCII "rarara.dll",0
0044633E /$ 68 33634400 PUSH lf2_load.00446333 ; /FileName = "rarara.dll"
00446343 |. FF15 34F17400 CALL DWORD PTR DS:[<&kernel32.LoadLibrar>; \LoadLibraryA
00446349 |. FF15 2E634400 CALL DWORD PTR DS:[44632E] ; lf2_load.00445AA1
0044634F \. C3 RETNYou're done :).
PS: Make sure the exe you are patching is based on the no-num version... Otherwise the DLL won't work.
![[Image: doty7Xn.gif]](http://i.imgur.com/doty7Xn.gif)
10 ʏᴇᴀʀs sɪɴᴄᴇ ɪʀᴄ ɢᴏᴏᴅ.ɪ ᴡᴀʟᴋ ᴛʜʀᴏᴜɢʜ ᴛʜᴇ ᴇᴍᴘᴛʏ sᴛʀᴇᴇᴛs ᴛʀʏɪɴɢ ᴛᴏ ᴛʜɪɴᴋ ᴏғ sᴏᴍᴇᴛʜɪɴɢ ᴇʟsᴇ ʙᴜᴛ ᴍʏ ᴘᴀᴛʜ ᴀʟᴡᴀʏs ʟᴇᴀᴅs ᴛᴏ ᴛʜᴇ ɪʀᴄ. ɪ sᴛᴀʀᴇ ᴀᴛ ᴛʜᴇ sᴄʀᴇᴇɴ ғᴏʀ ʜᴏᴜʀs ᴀɴᴅ ᴛʀʏ ᴛᴏ sᴜᴍᴍᴏɴ ᴛʜᴇ ɢᴏᴏᴅ ɪʀᴄ. ɪ ᴡᴀᴛᴄʜ ᴏᴛʜᴇʀ ɪʀᴄ ᴄʜᴀɴɴᴇʟs ʙᴜᴛ ɪᴛ ɪs ɴᴏ ɢᴏᴏᴅ. ɪ ᴘᴇsᴛᴇʀ ᴢᴏʀᴛ ᴀɴᴅ ᴛʀʏ ᴛᴏ ʀᴇsɪsᴛ ʜɪs sᴇxɪɴᴇss ʙᴜᴛ ɪᴛ ɪs ᴀʟʟ ᴍᴇᴀɴɪɴɢʟᴇss. ᴛʜᴇ ᴇɴᴅ ɪs ɴᴇᴀʀ.ɪ ᴛʜᴇɴ ᴜsᴜᴀʟʟʏ ʀᴇᴀᴅ sᴏᴍᴇ ᴏʟᴅ ɪʀᴄ ʟᴏɢs ᴀɴᴅ ᴄʀʏ ᴍʏsᴇʟғ ᴛᴏ sʟᴇᴇᴘ.