[Release] S4Client Dump

[Cyrex']

Since, at least in my case, you are mostly unable to generate a dump from the client because of firstly, XC (which can easily be bypassed for dumping purposes), and especially secondly, some clientside protection including messing with the PE header, I decided to make use of @'s really smart method utilizing minidumps.

You may read more at

I didn't want to set-up an undetected debugging environment either, so this was the most convenient solution available.

Provided package comes with three files:

• S4Client.exe - minidump-extracted client module with partially fixed PE header
• S4Client.idb - IDA Pro Database with additionally fixed IAT / parsed RTTI
• objtree.txt - Parsed RTTI, aligned hierarchically

Btw.: IDA does not recognize the IAT as "the IAT", hence the import tab will not show any items.
Instead, you can access the imports by either going through address space 01F75000 - 01F75C0C
or press View->Subviews->Names and look them up there.
Though, I'm fairly sure this has something to do with the PE header not being fixed completely and
the import symbol table not being rebuilt.
If anybody knows a way to fully rebuild the import table including the IAT for IDA let me know.

EDIT: Import table is now fully fixed + RTTI info is parsed.

[xCred]

what does this do? If you don't mind me asking.

[Cyrex']

Quote:

Originally Posted by xCred

what does this do? If you don't mind me asking.

You can use dumps for static analysis.

[xCred]

Quote:

Originally Posted by Cyrex'

You can use dumps for static analysis.

Meaning?.. Sorry im new to understanding what "dumps" are

[Cyrex']

Quote:

Originally Posted by xCred

Meaning?.. Sorry im new to understanding what "dumps" are

It allows you to do some reversing without it (module) actually having to be loaded in memory.

And now please don't ask what "reversing" means, lol.

If you want to learn more consider reading some articles about RCE:

• 
• 
• 
• 
• 
• 

[xCred]

Quote:

Originally Posted by Cyrex'

It allows you to do some reversing without it actually having to be loaded in memory.

And now please don't ask what "reversing" means, lol.

If you want to learn more consider reading some articles about RCE:

• 
• 
• 
• 
• 
• 

Thank you

[Stalker Of Night]

i didn't understand any **** wtf is this dump do ? does it make s4client open faster or what?

[Cyrex']

Quote:

Originally Posted by memoprince1

i didn't understand any **** wtf is this dump do ? does it make s4client open faster or what?

If you did understand english well and did read the posts above yours, your question would already be answered.

[Stalker Of Night]

i read everything still can't understand explain good or u stupid **** will be useless

tell me one function that dis thing do ...

[anonymous-29742]

Quote:

Originally Posted by memoprince1

i read everything still can't understand explain good or u stupid **** will be useless

tell me one function that dis thing do ...

Its like... a container with a lot of Information about the game. Its usefull for guys, where making Cheat's / Hacks for this game.

[Stalker Of Night]

Quote:

Originally Posted by Oshumar

Its like... a container with a lot of Information about the game. Its usefull for guys, where making Cheat's / Hacks for this game.

best explain <3


ty oshumr

next time learn how to explain cyrex..

[tuaprimadd]

Quote:

Originally Posted by memoprince1

best explain <3


ty oshumr

next time learn how to explain cyrex..

He explained it pretty well. It's your fault for being a ******** and not understanding ****.

Nice release. Might take a look at it later.

[jannidamien001]

Virus

[SilverEmerald]

Quote:

Originally Posted by jannidamien001

Virus

>already enjoys the game with itc
calls it as virus when bored
LULULULUL