Updating CRC Script Question

[Raiden]

Anyways, TWMS`s script can`t be used. GMS`s can. Modify and update it.

[Username]

You will never be updating it so smoothly or successfully.LOLS!

Haha. It isn't smooth already.Now I have a lot maple clients on my com. Msea 1.01, Msea 0.93, gms 0.96 and twms.

[Nerrazzuri]

Nah, raiden is better than you think. =)

[xiangloong]

Nah, raiden is better than you think. =)

Well,i know him quite well..

[Username]

Is the GMS you talking about is for 0.96? Because no matter how I look at gms 0.96, it don't look the same. Is it like older versions of GMS?

Code: Select all

msea
00B8AF6E - 8B 45 08  - mov eax,[ebp+08]
00B8AF71 - 03 45 F4  - add eax,[ebp-0C]
00B8AF74 - 0FB6 08  - movzx ecx,byte ptr [eax] <<
00B8AF77 - 8B 45 14  - mov eax,[ebp+14]
00B8AF7A - 33 08  - xor ecx,[eax]

EAX=00B8AF74
EBX=00000000
ECX=0000000F
EDX=00FBEEB7
ESI=00400228
EDI=000001A4
ESP=001840C4
EBP=001840D0
EIP=00B8AF77

old msea crc
009F6090 - 8B 4D 08  - mov ecx,[ebp+08]
009F6093 - 03 4D F8  - add ecx,[ebp-08]
009F6096 - 0FB6 09  - movzx ecx,byte ptr [ecx] <<
009F6099 - 8B 55 14  - mov edx,[ebp+14]
009F609C - 8B 12  - mov edx,[edx]
009F609E - 33 D1  - xor edx,ecx

EAX=00FFFFFF
EBX=00000000
ECX=000000E8
EDX=00000005
ESI=00400220
EDI=0018E384
ESP=0018D618
EBP=0018D630
EIP=009F6099


gms
00A79D9A - 33 D2  - xor edx,edx
00A79D9C - 8B 5D 08  - mov ebx,[ebp+08]
00A79D9F - 8A 11  - mov dl,[ecx] <<
00A79DA1 - 80 C2 01 - add dl,01
00A79DA4 - 8B 4D 18  - mov ecx,[ebp+18]

EAX=003122DC
EBX=00401324
ECX=009272C7
EDX=00000074
ESI=00400240
EDI=00000000
ESP=00183C68
EBP=00183CE8
EIP=00A79DA1

twms
00816D80 - 8B 75 08  - mov esi,[ebp+08]
00816D83 - 8B 00  - mov eax,[eax]
00816D85 - 33 04 8E   - xor eax,[esi+ecx*4] <<
00816D88 - 25 FF000000 - and eax,000000FF
00816D8D - 33 14 85   - xor edx,[eax*4]

EAX=079301A6
EBX=00000001
ECX=0001291A
EDX=0007CC84
ESI=00B2A44C
EDI=0028E8A8
ESP=0028E714
EBP=0028E77C
EIP=00816D88

I only found a GMS 0.90 script.

Code: Select all

[enable]
alloc(mscrc,100)
alloc(hscrc,100)
alloc(copy,1024)
alloc(dump,10482664)
createthread(copy)
label(exitmscrc)
label(mscrcret) 
label(hscrcret)
label(llop)
label(getoutahere)

mscrc:
cmp ecx,00401000
jl exitmscrc
cmp ecx,00E00000
jg exitmscrc
sub ecx,00401000
push eax
lea eax,[dump]
add ecx,eax
pop eax
exitmscrc:
movzx ecx,byte ptr [ecx]
mov edx,[ebp+14]
jmp mscrcret 

copy:
mov eax,00401000
lea ecx,[dump]
llop:
xor ebx,ebx
movzx ebx,byte ptr [eax]
mov byte ptr [ecx],bl
inc eax
inc ecx
cmp eax,00E00000
jg getoutahere
jmp llop
getoutahere:
lea ebx,[dump]
add ebx,749cdb//B4ACDB - 401000 
xor eax,eax              
mov al,0F
mov byte ptr [ebx],al
inc ebx
mov al,B6
mov byte ptr [ebx],al
inc ebx
mov al,09
mov byte ptr [ebx],al
inc ebx
mov al,8B
mov byte ptr [ebx],al
inc ebx
mov al,55
mov byte ptr [ebx],al
ret

hscrc:
mov eax,fs:[20]
cmp eax,[esp+0c]
jne hscrcret
mov fs:[34],57
xor eax,eax
ret 000c

hscrcret:
mov edi,edi
push ebp
mov ebp,esp
jmp OpenProcess+05

00B4EF15:
jmp mscrc
db 14
mscrcret:

OpenProcess:
jmp hscrc

[disable]
00B4EF15:
db 0F B6 09 8B 55 14 
OpenProcess:
db 8B FF 55 8B EC

dealloc(mscrc)
dealloc(hscrc)
dealloc(dump)
dealloc(copy)

[bandit9956]

Can anyone reply here mah ? >< the starting range is from 00400000 or 00401000 ?

[Nerrazzuri]

Starting region will not be 00400000, 00400000 is the place where the client launched.

[bandit9956]

That means is 00401000 the crc start to scan?