[Release] S4League Dump
 

Ty <3
Work Win7 x64* xD

Warum hast du mir das nicht früher geschickt :)
Mal ne Frage, man kann damit auch die Adressen finden?

Man kann mit einem gedumpten S4 so einiges machen, auch Adressen suchen und Hackshield deaktivieren.

Good Job ;)

Darf man das Verkaufen? Also Schwarz/Floh oder Weißmarkt?
Ich denke so 400 Euro lässt sich rausholen.

kommt drauf an was du verkaufen willst.
Die exe darf man ohne aeriagames einverstädniss nicht verkaufen!
würdest du dies auf dem Blackmarkt in epvp machen bekommst du eine anzeige von epvp o.O
also du darfst nur adressen "verkaufen" aber keine executable

(so oder so ähnlich)

Dann stehts wohl schlecht für mich und meine Familie.
Ich finde dass mit der Anzeige ehrlich gesagt weit mehr als nur unakzeptabel.
Wann haben die eigentlich vergessen, dass es auch Leute gibt, die nicht so begütert sind wie andere? Wegen diesen potenten Hackreleasern kann ich jetzt gar nichts mehr zu verkaufen.
Aber diesen betuchten 0815-KidMods gehts scheinbar am **** vorbei wenn wir minderbegüterten Tagtäglich wegen Heißhunger dem Bach runter gehen.
Würden die sich da nicht so betrüblich aufspielen, würden wir kläglichen "Leecher"
es Heute vielleicht anders machen.

bitte diesen post entfernen

So, Where is this for?

all explained in thread but for u:

you cant attatch your debugger to a normal s4client.exe, you have first to dump it! So after that you can read all the adresses u know, before dumping s4league was packed, i unpacked it :P
with a debugger u can find addresses btw!

Works Win7 64bit Nice Work!
Edit : Tried to download and told me "Failed-Virus scan Failed" ?

can you tell me what its used for ?
how to use it give me directions

lern RE ( Reverse Engeneering )
[Only registered and activated users can see links. Click Here To Register...]

i guess he just unlocked file protection to read item addresses and hack codes am i right?

It insta-crashes for me ;o

What do you mean with crash? Do you mean if you are attach to s4 cljent it Crashs or?

Nope, with this unpacked S4Client.exe, even if i start S4 without any bypass / hack i get crash.

Wich System you got?

And did you try it to start as admin or so?

There is no point in starting as admin o.o
You can't start S4Client.exe because you'd get to the old log in screen and you'd be stuck there.
You can start patcher.exe as admin , but that wouldn't have any effect on S4Client.exe dem logic ;o

Windows 7 x64 , but that doesn't matter either :)

for me it is actually working :P
Win7 x64

Just open S4L normal and then open the S4Client Dumped.exe
I think thats right o.o like that it works 4 me.

can you explain me what the hack do? :p

its not a hack, u just can attatch s4 with a debugger, because normal s4client.exe is packed!

Win 10 = Not Possible.

Win 8.1 (x64) Funkt nicht -.- schade^^ wär n1 wennde das für w8/8.1 zum laufen bringen könntest ;)

Yaa habs grad gesehn, bei onHax, dachte wäre noch ned soweit, dass es schon irwo zum download gibt^^

Hi, I came from another game. I recently went back to playing this game and I am having a few issues with the disassembly of S4 League
About time this got unpacked, I could barley understand the packed version because it's missing so much information from the last time I played, but I'm slowly trying to understand the coding engine behind S4 League since this game is a whole new environment to me.
I have been doing ASM for 5 years, the unpacked version make sense, but the packed version does not. I will show some screenshots.

Let's talk about the unpacked version and the packed one.

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Huh. That is weird. While I do understand that Pointer Address do commonly change, I thought that the unpacked version would contain the latest AOBs? Unless they change Pointer Addresses every Patch, anyways any AOB I see in the Unpacked, I cannot find it in the Packed version, dispite being able to read the ASM in Cheat Engine.

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

What happend to GAMETEMPO? Inside GAMETEMPO there are strings that I would supect the hardcoded client would pick up, like damage_multiplier. But here even the unpacked version it doesn't appear. So now this makes me wonder how does GAMETEMPO works in the S4 League Engine, and how are the values stored?
(on an unrealted note. "sniper_mode" doesnt exist for the strings at all)


Speaking about values, they don't seem to be findable in the packed version at all.
[Only registered and activated users can see links. Click Here To Register...]

So since I am Unable to find the AOBs from the unpacked to the packed version, unable to find default values that the game needs to read, and aquairing information that is Missing from the unpacked version, my only method now is to do this the old school way, Values that appear on screen.

[Only registered and activated users can see links. Click Here To Register...]

What the hell man. Everything is done by MOV? We don't have any SUB or anything like that? How is the System Subtracing anything then?
Also whats with this particular MOV controlling like 8 different pointers, the others MOVs are like this too, Is this normal? I'm not sure how to Disassemble this because if I try to edit something I fear that the game would crash.
I'm very curious now. How is it Subtracting the ammo? Of course I could go look at the whole beginning of the function, and go look for a long JE to JMP but the game would either crash or it won't let me shoot.
I could edit the MOV to be XOR ECX,ECX INC ECX but I fear that would crash the client as well.

I'm honestly not sure what to do to make modfications for this game, the ASM just very complicated and challenging (And while that is interesting, It's still making me very confused, I feel like I'm starting to miss something important.). After days of trying to figure this whole thing out, I guess I can say I give up and I want to seek for Information, I have tried to myself via Google and another Private Search Engine but it has come up with either decent or no good results.


It's times like this where I miss the X7 System.

Hi step! The way this unpacked S4 client actually works is for several inform able reasons. The reason why you cannot find AoB's patterns in your scan is because the default scan range for everything is changed! Hackshield is still in the client. You cannot really remove it completely. The server always gets everyone. So this unpacker pretty much has a bypass! That is what it really is after all. He bypasses the strings and bypasses the debugging checks with some neat functions! :) The method he most likely uses is by moving the S4 memory into a different range from 0040000 _> ??? (This is the normal range of memory that is unmodified by the user.); To a completely different range, he makes it where hackshield scans the same memory that was originally there.. but he moved that memory that was there to a completely different place from which hackshield scans! He pretty much emulated the memory if you ask me. :) Trust me.. X7 is still possible. ;) Change your scan range to a completely different scan range that is the memory the emulator creates. You will get addresses that won't make you crash. 8D In cheat engine, click CTRL+ALT+S! Have a good day sir, good luck hacking. ;)

Hi! Thanks for the reply.

Hmm, I see. But of course like any Unpacked Client, it's probably not executable and damaged before I could even run the unpacked exe itself, so I just assume the dump is there for Resources Information.

So wait, are you telling me I would have to hook the dumped executable? But I'm not really sure how I would do that...Does it work like Injecting?
But wait, even if you were to inject it...How would it be possible that the functions in the dump will be used if it does get hooked.
Maybe I'm missing something here

I'm talking about the one zYan made. That was god tier. I made my own .x7 files that no one had in EPVP, Including the ability to play Any animation in game, Including Arcade Animations
I heard it discontinued, so it's disappointing. I also used S4R but any edit that I would do, even a simple value, would crash the whole Program and I would have to re-download the whole game again due to Damaged Resources.


Other then the "Memory Scan Options"...We can do that? Half of the time it doesn't even work for Cheat Engine
For Example:
Like if "0F 84 ?? ?? ?? ??" existed in 62000000 but was Located in DLL1.dll, Cheat Engine would fail to scan that because Cheat Engine would only scan 00400000~FFFFFFFF in EXE1.exe, not DLL1.dll
If I could change the scan options so it would scan in DLL1, that would be nice, I havent learned that method other then the "hard way" which is using "Find Assembly Code"


I'm not sure what I'm suppose to be looking for here.
[Only registered and activated users can see links. Click Here To Register...]
Unless...I'm suppose to be scanning these? They sound like Resources files.
[Only registered and activated users can see links. Click Here To Register...]

Yes. Scan those.

Gj

Shit's not working yo
I already typed down like 3 Basic OPCodes and they're not finding them.
[Only registered and activated users can see links. Click Here To Register...]

They are there. Just keep trying. They cannot just disappear... unless the opcodes have changed!?

I don't know much about the S4 modding community but we seem to be missing a lot of information on how disassembly works for S4 league. We have plenty of trainers out there, yet. We do not have the source codes or their methods on how to search for something in the client coding? I have already showed off my methods and all of them has seem to fail. I understand that this is a different environment in a different gerne (I used to do pure AoB hacks on a MMORPG game and release the patches in pure hex with wildcards to avoid it getting patched) but the lack of information is bothering me. Even the OP himself is hard to contact.

Am I just searching alll in the wrong places? I"m just trying to understand how the s4 system works here. What is hardcoded and what is not hardcoded and is it possible to edit a softcoded (_resources) from the hardcoded ASM in the S4 client?

Do we have ANYBODY that specializes this type of environment in english? Honestly I really love to learn how all this works.