[Release] S4Client Dump

12/26/2016 22:33 Cyrex'#1

Since, at least in my case, you are mostly unable to generate a dump from the client because of firstly, XC (which can easily be bypassed for dumping purposes), and especially secondly, some clientside protection including messing with the PE header, I decided to make use of @[Only registered and activated users can see links. Click Here To Register...]'s really smart method utilizing minidumps.

You may read more at [Only registered and activated users can see links. Click Here To Register...]

I didn't want to set-up an undetected debugging environment either, so this was the most convenient solution available.

Provided package comes with three files:

S4Client.exe - minidump-extracted client module with partially fixed PE header
S4Client.idb - IDA Pro Database with additionally fixed IAT / parsed RTTI
objtree.txt - Parsed RTTI, aligned hierarchically

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

Btw.: IDA does not recognize the IAT as "the IAT", hence the import tab will not show any items.
Instead, you can access the imports by either going through address space 01F75000 - 01F75C0C
or press View->Subviews->Names and look them up there.
Though, I'm fairly sure this has something to do with the PE header not being fixed completely and
the import symbol table not being rebuilt.
If anybody knows a way to fully rebuild the import table including the IAT for IDA let me know. :)

EDIT: Import table is now fully fixed + RTTI info is parsed.

12/26/2016 22:46 xCred#2

what does this do? If you don't mind me asking.

12/26/2016 22:48 Cyrex'#3

Quote:

Originally Posted by xCred

what does this do? If you don't mind me asking.

You can use dumps for static analysis.

12/26/2016 22:49 xCred#4

Quote:

Originally Posted by Cyrex'

You can use dumps for static analysis.

Meaning?.. Sorry im new to understanding what "dumps" are

12/26/2016 22:57 Cyrex'#5

Quote:

Originally Posted by xCred

Meaning?.. Sorry im new to understanding what "dumps" are

It allows you to do some reversing without it (module) actually having to be loaded in memory.

And now please don't ask what "reversing" means, lol.

If you want to learn more consider reading some articles about RCE:

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

12/26/2016 22:59 xCred#6

Quote:

Originally Posted by Cyrex'

It allows you to do some reversing without it actually having to be loaded in memory.

And now please don't ask what "reversing" means, lol.

If you want to learn more consider reading some articles about RCE:
[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

Thank you :D

12/26/2016 23:11 Stalker Of Night#7

i didn't understand any shit wtf is this dump do ? does it make s4client open faster or what?

12/26/2016 23:14 Cyrex'#8

Quote:

Originally Posted by memoprince1

i didn't understand any shit wtf is this dump do ? does it make s4client open faster or what?

If you did understand english well and did read the posts above yours, your question would already be answered.

12/26/2016 23:29 Stalker Of Night#9

i read everything still can't understand explain good or u stupid shit will be useless

tell me one function that dis thing do ...

12/26/2016 23:53 anonymous-29742#10

Quote:

Originally Posted by memoprince1

i read everything still can't understand explain good or u stupid shit will be useless

tell me one function that dis thing do ...

Its like... a container with a lot of Information about the game. Its usefull for guys, where making Cheat's / Hacks for this game.

12/26/2016 23:55 Stalker Of Night#11

Quote:

Originally Posted by Oshumar

Its like... a container with a lot of Information about the game. Its usefull for guys, where making Cheat's / Hacks for this game.

best explain <3

ty oshumr

next time learn how to explain cyrex..

12/27/2016 00:15 tuaprimadd#12

Quote:

Originally Posted by memoprince1

best explain <3

ty oshumr

next time learn how to explain cyrex..

He explained it pretty well. It's your fault for being a dickhead and not understanding shit.

Nice release. Might take a look at it later.

01/26/2017 19:31 jannidamien001#13

Virus

01/28/2017 21:51 SilverEmerald#14

Quote:

Originally Posted by jannidamien001

Virus

>already enjoys the game with itc
calls it as virus when bored
LULULULUL