This corpus decompiles three Windows PE executables from Shaiya Core V9. Each binary is assigned to a dedicated folder in the repository, and Ghidra export scripts read them directly from the versionedDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ThalissonTMora/shaiya-chat-native-re/llms.txt
Use this file to discover all available pages before exploring further.
bin/ directory. Understanding which file belongs to which target — and verifying its hash before any analysis — is the first step in working with this corpus.
Binary Reference Table
The table below captures every identifying attribute for each target. The MD5 and ImageBase columns are the values embedded in the header comment of every generated.c file, making it possible to trace any decompiled function back to the exact binary it came from.
| Target | File | MD5 | ImageBase | Role | Manifest entries | .c files |
|---|---|---|---|---|---|---|
| Client | Game.exe | c1edd96639ad81835624b9c4516ac781 | 0x00400000 | Chat UI · send/recv 0xA101 · all 0x11xx handlers | 160 | 169 |
| World server | ps_game.exe | 91b212afbe6623382713772489dc82ce | 0x00400000 | Server-side chat dispatch · broadcast pipeline · queue management | 136 | 143 |
| Login server | ps_login.exe | de5b348cca36e0585f06be93f013fa6d | 0x00400000 | Outbound 0xA101 key-blob send path · BigInt KeyTable crypto | 17 | 46 |
All three binaries originate from the Spelunkern/Shaiya-Core open-source C++ patching framework for Shaiya Core V9. They are committed verbatim to
bin/ so Ghidra scripts always operate on a hash-verified input.Folder Assignments
Each binary has exactly one output folder. Generated.c files must never be placed in the wrong folder — the header comment in every file identifies the binary and MD5, and mixing files breaks that invariant.
| Binary | Output folder | Manifest file |
|---|---|---|
Game.exe | game-chat-native/ | game-chat-native/game-chat-functions.manifest |
ps_game.exe | psgame-chat-native/ | psgame-chat-native/psgame-chat-functions.manifest |
ps_login.exe | pslogin-chat-native/ | pslogin-chat-native/pslogin-crypto-functions.manifest |
ImageBase
All three binaries share the same ImageBase of0x00400000. Every virtual address (VA) referenced in manifests, inline comments, and documentation is an absolute VA relative to this base — there is no ASLR offset to account for when loading these files into Ghidra, provided you set the image base correctly at import time.
0x0047F400 is the absolute VA in the loaded image, not a file offset.
Verifying Binaries
Before running any Ghidra script, confirm that your local copies of the binaries match the expected MD5 hashes. Hash mismatches indicate a different build and will produce incorrect decompilations.Per-Binary Notes
Game.exe — Client
Game.exe is the Shaiya Windows client. This corpus focuses on its chat subsystem: the send path (NetworkSend, PacketSend_Chat, PacketSend_Whisper, etc.), the recv dispatcher (PacketDispatcher), all 0x11xx opcode handlers, and the full frontend UI layer (ChatWindow_Render, DrawText_ChatBox_Core, ChatBox_AddLine, and related functions). The crypto export script decompile-crypto.sh also targets this binary for the AES-CTR cipher functions.
ps_game.exe — World Server
ps_game.exe is the Shaiya world server. The corpus covers its recv pipeline (Recv_Wrapper → Recv_PacketDecrypt → Recv_PreDispatchGuard → CUser_DispatchPacket_Main), all chat broadcast helpers (Chat_BroadcastNormal, Chat_BroadcastShout, Chat_BroadcastGuild, etc.), spatial fan-out functions (Zone_PSendViewCells*, Cell_SendRadius*), and the send-queue mechanism (CUser_SendQueueEnqueue, CUser_SendQueueFlush). The crypto export script also targets this binary.
ps_login.exe — Login Server
ps_login.exe is the Shaiya login server. The corpus here is narrower — it focuses specifically on the 0xA101 key-blob send path and the BigInt-based KeyTable crypto used during the login handshake. The extra .c files beyond the 17 manifest entries are the BigInt_* decomps in pslogin-chat-native/crypto/, which support the KeyTable RE documented in docs/SERVER_KEY_BLOB_RE.md.