Updating CRC Script Question

[Username]

Code: Select all

//MSCRC Bypass
//This script is dynamic, no nid update except if AoB changed.
//Original by Nimo
[Enable]
//MS CRC Bypass 
//CE Assembly Script by nimo1993.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)
Label(SearchAOB)
Label(StartHook)
Label(Title)
Label(FailureMsg)
Label(SuccessMsg)
Label(BackToMSCRC)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)

CreateThread(MSmemcpy)

CRCBypass:
MSCRCBypass:
push eax
lea eax, [ecx]
cmp eax, 00401000
jb Normal
cmp eax, 00D00000
ja Normal
push ebx
mov ebx, FakeDump
sub eax, 00401000
add eax, ebx
movzx ecx, byte ptr [eax]
pop ebx
pop eax
jmp Normal+04

Normal:
pop eax
movzx ecx, byte ptr [ecx]
mov edx, [ebp+14]
jmp [BackToMSCRC]



MSmemcpy:
//Copy Memory
mov edi, FakeDump
mov esi, 00401000
mov ecx, 001FF400
repe movsd

mov eax, 00401000
SearchAOB:
cmp [eax], 8B09B60F
je StartHook
inc eax
cmp eax, 00D00000
jle SearchAOB
push 10 //MB_ICONERROR
push Title
push FailureMsg
push 00
call MessageBoxA
ret
StartHook:
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
mov byte ptr [eax+05], 90 //nop
add eax, 6
mov [BackToMSCRC], eax //Return to the address+6
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret

Title:
db 'MS-CRC-Bypass' 00
FailureMsg:
db Anti-MS-CRC-Check Fail!' 00
SuccessMsg:
db 'Anti-MS-CRC-Check Init Successfully!' 00
BackToMSCRC:
dd 0
[Disable]

Anyone knows what is 00D00000 for?

[Raiden]

This script is not working anymore, even if you update it because the CRC routine has changed and the whole script is rewritten.

[Username]

Still no 1 managed to make a new one?

[xiangloong]

Still no 1 managed to make a new one?

Nerrazurri.Hahax.Buy his UT!

[Raiden]

Still no 1 managed to make a new one?

Nerrazurri.Hahax.Buy his UT!

Spoiler: show

I updated that first and gave Nerrazuri lol~

Tips: 00D00000 is the CRC range. Extend it to 00E00000.

[xiangloong]

Oh PS it's Raiden.俗话说得好。远在天边，竟在眼前。Forgive me if my chinese sucks!

[Raiden]

Oh PS it's Raiden.俗话说得好。远在天边，竟在眼前。Forgive me if my chinese sucks!

俗话说得好:远在天边，近在眼前

lol~~~~~

@TS: i think you should update GMS`s MSCRC NOT TWMS`s.

[Username]

I cannot find any except the aftershock source code. Use that?
http://pastie.org/1660157

I tried updated using aob. Failed.
I tried finding the opcode also fail...

[Nerrazzuri]

Still no 1 managed to make a new one?

Nerrazurri.Hahax.Buy his UT!

Spoiler: show

I updated that first and gave Nerrazuri lol~

Tips: 00D00000 is the CRC range. Extend it to 00E00000.

LMAO Raiden, if I never give you the routine?:P

[xiangloong]

You will never be updating it so smoothly or successfully.LOLS!