冰楓論壇

標題: V113 CRC Bypass [打印本頁]

作者: MP0671644 時間: 2016-8-21 20:10
標題: V113 CRC Bypass
[Enable]
//MS+HS CRC Bypass v1.2 for HackShield 5.3.5.1024
//CE Assembly Script by nimo1993. I love CE!
//The original address of MS-CRC Bypass is not found by me.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
//???你無法執行這個數???????Memory View->View->Kernelmode symbols ????
Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(HSCRCBypass)
Label(BackToOP)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)
Label(SearchAOB)
Label(StartHook)
Label(Title)
Label(FailureMsg)
Label(SuccessMsg)
Label(BackToMSCRC)
RegisterSymbol(HSCRCBypass)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)

CreateThread(MSmemcpy)

CRCBypass:
HSCRCBypass:
      mov    eax, fs:[20]
      cmp    eax, [esp+0c]
      jne    BackToOP
      mov    fs:[34], 57
      xor    eax, eax
      ret    000c

BackToOP:
      push ebp
      mov    ebp, esp
      jmp    OpenProcess+5

MSCRCBypass:
      push eax
      lea    eax, [ecx]
      cmp    eax, 00401000
      jb    Normal
      cmp    eax, 00BFE000
      ja    Normal
      push ebx
      mov    ebx, FakeDump
      sub    eax, 00401000
      add    eax, ebx
      movzx ecx, byte ptr [eax]
      pop    ebx
      pop    eax
      jmp    Normal+04

Normal:
      pop    eax
      movzx ecx, byte ptr [ecx]
      mov    edx, [ebp+14]
      jmp    [BackToMSCRC]

MSmemcpy:
//Copy Memory
      mov    edi, FakeDump
      mov    esi, 00401000
      mov    ecx, 001FF400
      repe movsd

      mov    eax, 00401000
SearchAOB:
      cmp    [eax], 8B09B60F
      je    StartHook
      inc    eax
      cmp    eax, 00BFE000
      jle    SearchAOB
      push 10                               //MB_ICONERROR
      push Title
      push FailureMsg
      push 00
      call MessageBoxA
      ret
StartHook:
      lea    ebx, [eax+05] //The Target Address - The Next Address
      sub    ebx, MSCRCBypass
      neg    ebx
      mov    byte ptr [eax], e9 //jmp
      mov    [eax+01], ebx //Target AOB
      mov    byte ptr [eax+05], 90 //nop
      add    eax, 6
      mov    [BackToMSCRC], eax //Return to the address+6
      push 40 //MB_ICONINFORMATION
      push Title
      push SuccessMsg
      push 00
      call MessageBoxA
      ret

Title:
      db    'NimoMSHS CRC Bypass Script by nimo1993' 00
FailureMsg:
      db    'Nimo Anti-MS-HS-CRC-Check Fail!' 00
SuccessMsg:
      db    'Nimo Anti-MS-HS-CRC-Check Init Successfully!' 00
BackToMSCRC:
      dd    0
OpenProcess:
      jmp    HSCRCBypass

[Disable]
OpenProcess:
      mov    edi, edi
      push ebp
      mov    ebp, esp

作者: 藤宮香織 時間: 2018-1-6 16:53
[Enable]
//MS+HS CRC Bypass v1.1 for "TWMS 1.13" & "HackShield 5.3.5.1024"
//CE Assembly Script by nimo1993. I love CE!
//The original address of MS-CRC Bypass is not found by me.
//If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
//如果你無法執行這個數據，請按Memory View->View->Kernelmode symbols 打勾

Alloc(CRCBypass,512)
Alloc(FakeDump,8376320)
Label(HSCRCBypass)
Label(BackToOP)
Label(MSCRCBypass)
Label(Normal)
Label(MSmemcpy)

RegisterSymbol(HSCRCBypass)
RegisterSymbol(MSCRCBypass)
RegisterSymbol(FakeDump)

CreateThread(MSmemcpy)

CRCBypass:
HSCRCBypass:
mov eax, fs:[20]
cmp eax, [esp+0c]
jne BackToOP
mov fs:[34], 57
xor eax, eax
ret 000c

BackToOP:
push ebp
mov ebp, esp
jmp OpenProcess+5

MSCRCBypass:
push eax
lea eax, [ecx]
cmp eax, 00401000
jb Normal
cmp eax, 00BFE000
ja Normal
push ebx
mov ebx, FakeDump
sub eax, 00401000
add eax, ebx
movzx ecx, byte ptr [eax]
pop ebx
pop eax
jmp Normal+04

Normal:
pop eax
movzx ecx, byte ptr [ecx]
mov edx, [ebp+14]
jmp 00A11487 //A11481 + 6

MSmemcpy:
mov edi, FakeDump
mov esi, 00401000
mov ecx, 001FF400
repe movsd
ret

OpenProcess:
jmp HSCRCBypass

//AOB: 0F B6 09 8B
00A11481:
jmp MSCRCBypass
nop

[Disable]
OpenProcess:
mov edi, edi
push ebp
mov ebp, esp
A11481:
movzx ecx, byte ptr [ecx]
mov edx, [ebp+14]

DeAlloc(CRCBypass)
DeAlloc(FakeDump)
UnregisterSymbol(HSCRCBypass)
UnregisterSymbol(MSCRCBypass)
UnregisterSymbol(FakeDump)

作者: Rod0311 時間: 2018-2-7 23:07
找了好久終於有人分享了
謝謝網大!

歡迎光臨冰楓論壇 (https://bingfong.com/)