i guess he just unlocked file protection to read item addresses and hack codes am i right?

It insta-crashes for me ;o

What do you mean with crash? Do you mean if you are attach to s4 cljent it Crashs or?

Nope, with this unpacked S4Client.exe, even if i start S4 without any bypass / hack i get crash.

Wich System you got?

And did you try it to start as admin or so?

There is no point in starting as admin o.o
You can't start S4Client.exe because you'd get to the old log in screen and you'd be stuck there.
You can start patcher.exe as admin , but that wouldn't have any effect on S4Client.exe dem logic ;o

Windows 7 x64 , but that doesn't matter either :)

for me it is actually working :P
Win7 x64

Just open S4L normal and then open the S4Client Dumped.exe
I think thats right o.o like that it works 4 me.

can you explain me what the hack do? :p

its not a hack, u just can attatch s4 with a debugger, because normal s4client.exe is packed!

Win 10 = Not Possible.

Win 8.1 (x64) Funkt nicht -.- schade^^ wär n1 wennde das für w8/8.1 zum laufen bringen könntest ;)

Yaa habs grad gesehn, bei onHax, dachte wäre noch ned soweit, dass es schon irwo zum download gibt^^

Hi, I came from another game. I recently went back to playing this game and I am having a few issues with the disassembly of S4 League
About time this got unpacked, I could barley understand the packed version because it's missing so much information from the last time I played, but I'm slowly trying to understand the coding engine behind S4 League since this game is a whole new environment to me.
I have been doing ASM for 5 years, the unpacked version make sense, but the packed version does not. I will show some screenshots.

Let's talk about the unpacked version and the packed one.

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Huh. That is weird. While I do understand that Pointer Address do commonly change, I thought that the unpacked version would contain the latest AOBs? Unless they change Pointer Addresses every Patch, anyways any AOB I see in the Unpacked, I cannot find it in the Packed version, dispite being able to read the ASM in Cheat Engine.

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

What happend to GAMETEMPO? Inside GAMETEMPO there are strings that I would supect the hardcoded client would pick up, like damage_multiplier. But here even the unpacked version it doesn't appear. So now this makes me wonder how does GAMETEMPO works in the S4 League Engine, and how are the values stored?
(on an unrealted note. "sniper_mode" doesnt exist for the strings at all)


Speaking about values, they don't seem to be findable in the packed version at all.
[Only registered and activated users can see links. Click Here To Register...]

So since I am Unable to find the AOBs from the unpacked to the packed version, unable to find default values that the game needs to read, and aquairing information that is Missing from the unpacked version, my only method now is to do this the old school way, Values that appear on screen.

[Only registered and activated users can see links. Click Here To Register...]

What the hell man. Everything is done by MOV? We don't have any SUB or anything like that? How is the System Subtracing anything then?
Also whats with this particular MOV controlling like 8 different pointers, the others MOVs are like this too, Is this normal? I'm not sure how to Disassemble this because if I try to edit something I fear that the game would crash.
I'm very curious now. How is it Subtracting the ammo? Of course I could go look at the whole beginning of the function, and go look for a long JE to JMP but the game would either crash or it won't let me shoot.
I could edit the MOV to be XOR ECX,ECX INC ECX but I fear that would crash the client as well.

I'm honestly not sure what to do to make modfications for this game, the ASM just very complicated and challenging (And while that is interesting, It's still making me very confused, I feel like I'm starting to miss something important.). After days of trying to figure this whole thing out, I guess I can say I give up and I want to seek for Information, I have tried to myself via Google and another Private Search Engine but it has come up with either decent or no good results.


It's times like this where I miss the X7 System.

Hi step! The way this unpacked S4 client actually works is for several inform able reasons. The reason why you cannot find AoB's patterns in your scan is because the default scan range for everything is changed! Hackshield is still in the client. You cannot really remove it completely. The server always gets everyone. So this unpacker pretty much has a bypass! That is what it really is after all. He bypasses the strings and bypasses the debugging checks with some neat functions! :) The method he most likely uses is by moving the S4 memory into a different range from 0040000 _> ??? (This is the normal range of memory that is unmodified by the user.); To a completely different range, he makes it where hackshield scans the same memory that was originally there.. but he moved that memory that was there to a completely different place from which hackshield scans! He pretty much emulated the memory if you ask me. :) Trust me.. X7 is still possible. ;) Change your scan range to a completely different scan range that is the memory the emulator creates. You will get addresses that won't make you crash. 8D In cheat engine, click CTRL+ALT+S! Have a good day sir, good luck hacking. ;)

Hi! Thanks for the reply.

Hmm, I see. But of course like any Unpacked Client, it's probably not executable and damaged before I could even run the unpacked exe itself, so I just assume the dump is there for Resources Information.

So wait, are you telling me I would have to hook the dumped executable? But I'm not really sure how I would do that...Does it work like Injecting?
But wait, even if you were to inject it...How would it be possible that the functions in the dump will be used if it does get hooked.
Maybe I'm missing something here

I'm talking about the one zYan made. That was god tier. I made my own .x7 files that no one had in EPVP, Including the ability to play Any animation in game, Including Arcade Animations
I heard it discontinued, so it's disappointing. I also used S4R but any edit that I would do, even a simple value, would crash the whole Program and I would have to re-download the whole game again due to Damaged Resources.


Other then the "Memory Scan Options"...We can do that? Half of the time it doesn't even work for Cheat Engine
For Example:
Like if "0F 84 ?? ?? ?? ??" existed in 62000000 but was Located in DLL1.dll, Cheat Engine would fail to scan that because Cheat Engine would only scan 00400000~FFFFFFFF in EXE1.exe, not DLL1.dll
If I could change the scan options so it would scan in DLL1, that would be nice, I havent learned that method other then the "hard way" which is using "Find Assembly Code"


I'm not sure what I'm suppose to be looking for here.
[Only registered and activated users can see links. Click Here To Register...]
Unless...I'm suppose to be scanning these? They sound like Resources files.
[Only registered and activated users can see links. Click Here To Register...]