The community that will never stop discussing!
https://xemectrum.guyz92.men/
misuse 64bit WOW64 mode.Nerrazzuri wrote:Works for me.
Check the hook for IsWow64Process, OpenProcess, GetNativeSystemInfo, CreateFileA
Works perfectly fine for me, my MSCRC works good.Raiden wrote:Picture shows a million words.
Edit: Now it works for me, BUT CRC scripts and debuggers WON`T work. The MSCRC won`t work AT ALL. Sigh~
The bad side of the bypass: I can only use softkeyboard to login. Keyboard is locked on login page and 2nd password enter page.
MSCRC: (CE Auto-Assemble code)Code: Select all
//MSCRC Bypass //This script is dynamic, no nid update except if AoB changed. //Original by Nimo [Enable] //MS CRC Bypass //CE Assembly Script by nimo1993. //If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked. Alloc(CRCBypass,512) Alloc(FakeDump,8376320) Label(MSCRCBypass) Label(Normal) Label(MSmemcpy) Label(SearchAOB) Label(StartHook) Label(Title) Label(FailureMsg) Label(SuccessMsg) Label(BackToMSCRC) RegisterSymbol(MSCRCBypass) RegisterSymbol(FakeDump) CreateThread(MSmemcpy) CRCBypass: MSCRCBypass: push eax lea eax, [ecx] cmp eax, 00401000 jb Normal cmp eax, 00D00000 ja Normal push ebx mov ebx, FakeDump sub eax, 00401000 add eax, ebx movzx ecx, byte ptr [eax] pop ebx pop eax jmp Normal+04 Normal: pop eax movzx ecx, byte ptr [ecx] mov edx, [ebp+14] jmp [BackToMSCRC] MSmemcpy: //Copy Memory mov edi, FakeDump mov esi, 00401000 mov ecx, 001FF400 repe movsd mov eax, 00401000 SearchAOB: cmp [eax], 8B09B60F je StartHook inc eax cmp eax, 00D00000 jle SearchAOB push 10 //MB_ICONERROR push Title push FailureMsg push 00 call MessageBoxA ret StartHook: lea ebx, [eax+05] //The Target Address - The Next Address sub ebx, MSCRCBypass neg ebx mov byte ptr [eax], e9 //jmp mov [eax+01], ebx //Target AOB mov byte ptr [eax+05], 90 //nop add eax, 6 mov [BackToMSCRC], eax //Return to the address+6 push 40 //MB_ICONINFORMATION push Title push SuccessMsg push 00 call MessageBoxA ret Title: db 'MS-CRC-Bypass' 00 FailureMsg: db Anti-MS-CRC-Check Fail!' 00 SuccessMsg: db 'Anti-MS-CRC-Check Init Successfully!' 00 BackToMSCRC: dd 0 [Disable]
My HSCRC uses 3 of them, IsWow64Process, OpenProcess, GetNativeSystemInfo, but still get crashed. I'm not sure why.guyz92 wrote:misuse 64bit WOW64 mode.Nerrazzuri wrote:Works for me.
Check the hook for IsWow64Process, OpenProcess, GetNativeSystemInfo, CreateFileA
=X
Once anti cheat company got a signed WHQL kernel driver, detecting hack on 64bit will be another problem for us.
Well, My problem is, if I enable MSCRC, maple crashes just like usual. And if I use debug registers(MLE), when the hack is in use(like enable godmode and bang mob or attack with dEM), crash.Nerrazzuri wrote:Works perfectly fine for me, my MSCRC works good.Raiden wrote:Picture shows a million words.
Edit: Now it works for me, BUT CRC scripts and debuggers WON`T work. The MSCRC won`t work AT ALL. Sigh~
The bad side of the bypass: I can only use softkeyboard to login. Keyboard is locked on login page and 2nd password enter page.
MSCRC: (CE Auto-Assemble code)Code: Select all
//MSCRC Bypass //This script is dynamic, no nid update except if AoB changed. //Original by Nimo [Enable] //MS CRC Bypass //CE Assembly Script by nimo1993. //If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked. Alloc(CRCBypass,512) Alloc(FakeDump,8376320) Label(MSCRCBypass) Label(Normal) Label(MSmemcpy) Label(SearchAOB) Label(StartHook) Label(Title) Label(FailureMsg) Label(SuccessMsg) Label(BackToMSCRC) RegisterSymbol(MSCRCBypass) RegisterSymbol(FakeDump) CreateThread(MSmemcpy) CRCBypass: MSCRCBypass: push eax lea eax, [ecx] cmp eax, 00401000 jb Normal cmp eax, 00D00000 ja Normal push ebx mov ebx, FakeDump sub eax, 00401000 add eax, ebx movzx ecx, byte ptr [eax] pop ebx pop eax jmp Normal+04 Normal: pop eax movzx ecx, byte ptr [ecx] mov edx, [ebp+14] jmp [BackToMSCRC] MSmemcpy: //Copy Memory mov edi, FakeDump mov esi, 00401000 mov ecx, 001FF400 repe movsd mov eax, 00401000 SearchAOB: cmp [eax], 8B09B60F je StartHook inc eax cmp eax, 00D00000 jle SearchAOB push 10 //MB_ICONERROR push Title push FailureMsg push 00 call MessageBoxA ret StartHook: lea ebx, [eax+05] //The Target Address - The Next Address sub ebx, MSCRCBypass neg ebx mov byte ptr [eax], e9 //jmp mov [eax+01], ebx //Target AOB mov byte ptr [eax+05], 90 //nop add eax, 6 mov [BackToMSCRC], eax //Return to the address+6 push 40 //MB_ICONINFORMATION push Title push SuccessMsg push 00 call MessageBoxA ret Title: db 'MS-CRC-Bypass' 00 FailureMsg: db Anti-MS-CRC-Check Fail!' 00 SuccessMsg: db 'Anti-MS-CRC-Check Init Successfully!' 00 BackToMSCRC: dd 0 [Disable]
Nothing on top happens to me, I am hacking like normal right now.Raiden wrote:Well, My problem is, if I enable MSCRC, maple crashes just like usual. And if I use debug registers(MLE), when the hack is in use(like enable godmode and bang mob or attack with dEM), crash.Nerrazzuri wrote:Works perfectly fine for me, my MSCRC works good.Raiden wrote:Picture shows a million words.
Edit: Now it works for me, BUT CRC scripts and debuggers WON`T work. The MSCRC won`t work AT ALL. Sigh~
The bad side of the bypass: I can only use softkeyboard to login. Keyboard is locked on login page and 2nd password enter page.
MSCRC: (CE Auto-Assemble code)Code: Select all
//MSCRC Bypass //This script is dynamic, no nid update except if AoB changed. //Original by Nimo [Enable] //MS CRC Bypass //CE Assembly Script by nimo1993. //If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked. Alloc(CRCBypass,512) Alloc(FakeDump,8376320) Label(MSCRCBypass) Label(Normal) Label(MSmemcpy) Label(SearchAOB) Label(StartHook) Label(Title) Label(FailureMsg) Label(SuccessMsg) Label(BackToMSCRC) RegisterSymbol(MSCRCBypass) RegisterSymbol(FakeDump) CreateThread(MSmemcpy) CRCBypass: MSCRCBypass: push eax lea eax, [ecx] cmp eax, 00401000 jb Normal cmp eax, 00D00000 ja Normal push ebx mov ebx, FakeDump sub eax, 00401000 add eax, ebx movzx ecx, byte ptr [eax] pop ebx pop eax jmp Normal+04 Normal: pop eax movzx ecx, byte ptr [ecx] mov edx, [ebp+14] jmp [BackToMSCRC] MSmemcpy: //Copy Memory mov edi, FakeDump mov esi, 00401000 mov ecx, 001FF400 repe movsd mov eax, 00401000 SearchAOB: cmp [eax], 8B09B60F je StartHook inc eax cmp eax, 00D00000 jle SearchAOB push 10 //MB_ICONERROR push Title push FailureMsg push 00 call MessageBoxA ret StartHook: lea ebx, [eax+05] //The Target Address - The Next Address sub ebx, MSCRCBypass neg ebx mov byte ptr [eax], e9 //jmp mov [eax+01], ebx //Target AOB mov byte ptr [eax+05], 90 //nop add eax, 6 mov [BackToMSCRC], eax //Return to the address+6 push 40 //MB_ICONINFORMATION push Title push SuccessMsg push 00 call MessageBoxA ret Title: db 'MS-CRC-Bypass' 00 FailureMsg: db Anti-MS-CRC-Check Fail!' 00 SuccessMsg: db 'Anti-MS-CRC-Check Init Successfully!' 00 BackToMSCRC: dd 0 [Disable]
The login problem......annoying...since I have to enter 12-word long id and password.......
