V113 CRC Bypass
//MS+HS CRC Bypass v1.2 for HackShield 5.3.5.1024
//CE Assembly Script by nimo1993. I love CE!
//The original address of MS-CRC Bypass is not found by me.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
//???你無法執行這個數???????Memory View->View->Kernelmode symbols ????
Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(HSCRCBypass)
Label(BackToOP)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)
Label(SearchAOB)
Label(StartHook)
Label(Title)
Label(FailureMsg)
Label(SuccessMsg)
Label(BackToMSCRC)
RegisterSymbol(HSCRCBypass)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)
CreateThread(MSmemcpy)
CRCBypass:
HSCRCBypass:
mov eax, fs:
cmp eax,
jne BackToOP
mov fs:, 57
xor eax, eax
ret 000c
BackToOP:
push ebp
mov ebp, esp
jmp OpenProcess+5
MSCRCBypass:
push eax
lea eax,
cmp eax, 00401000
jb Normal
cmp eax, 00BFE000
ja Normal
push ebx
mov ebx, FakeDump
sub eax, 00401000
add eax, ebx
movzx ecx, byte ptr
pop ebx
pop eax
jmp Normal+04
Normal:
pop eax
movzx ecx, byte ptr
mov edx,
jmp
MSmemcpy:
//Copy Memory
mov edi, FakeDump
mov esi, 00401000
mov ecx, 001FF400
repe movsd
mov eax, 00401000
SearchAOB:
cmp , 8B09B60F
je StartHook
inc eax
cmp eax, 00BFE000
jle SearchAOB
push 10 //MB_ICONERROR
push Title
push FailureMsg
push 00
call MessageBoxA
ret
StartHook:
lea ebx, //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr , e9 //jmp
mov , ebx //Target AOB
mov byte ptr , 90 //nop
add eax, 6
mov , eax //Return to the address+6
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret
Title:
db 'NimoMSHS CRC Bypass Script by nimo1993' 00
FailureMsg:
db 'Nimo Anti-MS-HS-CRC-Check Fail!' 00
SuccessMsg:
db 'Nimo Anti-MS-HS-CRC-Check Init Successfully!' 00
BackToMSCRC:
dd 0
OpenProcess:
jmp HSCRCBypass
OpenProcess:
mov edi, edi
push ebp
mov ebp, esp
//MS+HS CRC Bypass v1.1 for "TWMS 1.13" & "HackShield 5.3.5.1024"
//CE Assembly Script by nimo1993. I love CE!
//The original address of MS-CRC Bypass is not found by me.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
//如果你無法執行這個數據,請按Memory View->View->Kernelmode symbols 打勾
Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(HSCRCBypass)
Label(BackToOP)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)
RegisterSymbol(HSCRCBypass)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)
CreateThread(MSmemcpy)
CRCBypass:
HSCRCBypass:
mov eax, fs:
cmp eax,
jne BackToOP
mov fs:, 57
xor eax, eax
ret 000c
BackToOP:
push ebp
mov ebp, esp
jmp OpenProcess+5
MSCRCBypass:
push eax
lea eax,
cmp eax, 00401000
jb Normal
cmp eax, 00BFE000
ja Normal
push ebx
mov ebx, FakeDump
sub eax, 00401000
add eax, ebx
movzx ecx, byte ptr
pop ebx
pop eax
jmp Normal+04
Normal:
pop eax
movzx ecx, byte ptr
mov edx,
jmp 00A11487 //A11481 + 6
MSmemcpy:
mov edi, FakeDump
mov esi, 00401000
mov ecx, 001FF400
repe movsd
ret
OpenProcess:
jmp HSCRCBypass
//AOB: 0F B6 09 8B
00A11481:
jmp MSCRCBypass
nop
OpenProcess:
mov edi, edi
push ebp
mov ebp, esp
A11481:
movzx ecx, byte ptr
mov edx,
DeAlloc(CRCBypass)
DeAlloc(FakeDump)
UnregisterSymbol(HSCRCBypass)
UnregisterSymbol(MSCRCBypass)
UnregisterSymbol(FakeDump) 找了好久終於有人分享了
謝謝網大!
頁:
[1]