[Release] S4L Dump

02/13/2015 19:00 Cyrex'#1
Hey!
Wanted to share something with you, but this is rather for coders/reverse engineers: made a dump with fixed iat and unpacked and unbinded from RE protections. Able to start with right start params(means aeria login session).
strings decrypted etc.
If you have some skillz in static analysis you can find out funny things lolz.

So enjoy.

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]
02/13/2015 19:36 Rutherfordio#2
Dumped with? Kernel?
02/13/2015 19:47 Neyil#3
But this doesn't decrypt everything.. you need asm knowledges and most people here don't have that.. xD
of course doing that means you can make a first gen id manager with just cheat engine.. using equip pointers
This helps but I wish we had symbols for s4 lol
02/13/2015 20:04 Rutherfordio#4
Code:
S4DUMP.exe: The instruction at 0x77D3FD91 referenced memory at 0x77D3FD91. The memory could not be read (0x77D3FD91 -> 77D3FD91)
You can delete it.
02/13/2015 20:06 [P2933]Step29#5
Quote:
Originally Posted by Neyil View Post
But this doesn't decrypt everything.. you need asm knowledges and most people here don't have that.. xD
of course doing that means you can make a first gen id manager with just cheat engine.. using equip pointers
This helps but I wish we had symbols for s4 lol
Yeah, I agree if S4Client.exe had symbols then this game would become stupid easy to reverse engineer, but I think it's never existed publicly. Maybe we would have to dig deep like the KR Beta Client? Even if it's super old the hexs would still be very useful, as long as it has the symbols. If a devclient existed for this game they would def have the symbols ready.

But yeah, anyways thank you for releasing, sometimes I don't feel like popping up CE and it's always nice to look at the dump in IDA for quick XREFs and String Searching. Hopefully it will encourage some people here to start learning how editing s4 works and expand their knowledge, it isn't the best start due to no symbols, but it's all we got for now.





EDIT: Oh, you know what would make things a little easier? If we can get some Pink Imported Calls (IDA) from MSVCR/P80.dll. I noticed that S4client uses MSVCR/P80 a lot, especially for strings in the game. If we can gather all the functions from that DLL and put them in the dump s4client.exe, then I think it would slightly be useful then, we can pull up documents for msvcr and start learning how the devs coded these functions, then reverse engineer it, pursuing more creative hacks.
02/13/2015 20:23 JusticeS4L#6
how to use this share video please
02/13/2015 21:22 Neyil#7
Brb let me use my
Address checker for s4dump.exe
02/14/2015 11:32 Cyrex'#8
Quote:
Originally Posted by Rutherfordio View Post
Code:
S4DUMP.exe: The instruction at 0x77D3FD91 referenced memory at 0x77D3FD91. The memory could not be read (0x77D3FD91 -> 77D3FD91)
You can delete it.
Nope. Only because you are too dumb to reverse a dump it doesn't mean it doesn't work :).

Quote:
Originally Posted by Rutherfordio View Post
Dumped with? Kernel?
With OllyDump[plugin]....