標籤: CRC
相關日誌
-
-
TwMs v237.1 CRC MSCRC(update from gms)
-
WuBen 2021-9-15 12:37
-
// TwMs v237.1 CRC MSCRC(update from gms) // 单mscrc bypass,需要搭配bccrc bypass使用 define(CRC1,0560B10A) define(CRC2,053985B3) define(CRC1Reg,ebx) define(CRC2Reg,ebx) define(CRC1CHANGE,5) define(CRC2CHANGE,6) define(CRCSTART,00401000) define(CRCEND,0640A000) globalalloc(DisableCRCBypass,200) alloc(CRCHook,200) alloc(MemCopy,100700160) registersymbol(MemCopy) alloc(MemCopier,200) registersymbol(MemCopier) label(Hook1) label(Hook2) label(Hook1End) label(Hook2End) label(Hook1Ret) label(Hook2Ret) label(CopyExit) label(Hook2Ending) label(Hook1Ending) label(Counter) createthread(MemCopier) /////////////////////////////////////////////////////////////////////////// MemCopier: cmp ,1 je CopyExit push CRCEND-CRCSTART //size push CRCSTART //*src push MemCopy //*dest call memcpy add esp,0C CopyExit: Hook1Ending: mov eax, mov bh, mov BYTE PTR ,bh mov BYTE PTR ,bh inc cmp ,CRC1CHANGE jl Hook1Ending mov ,0 Hook2Ending: mov eax, mov bh, mov BYTE PTR ,bh mov BYTE PTR ,bh inc cmp ,CRC2CHANGE jl Hook2Ending mov ,0 mov eax,Hook1 sub eax,CRC1+5 mov byte ptr ,E9 mov ,eax mov eax,Hook2 sub eax,CRC2+5 mov byte ptr ,E9 mov ,eax mov ,1 jmp terminatethread Counter: dd 0 /////////////////////////////////////////////////////////////////////////// CRCHook: Hook1: cmp CRC1Reg,CRCSTART jb Hook1End cmp CRC1Reg,CRCEND ja Hook1End sub CRC1Reg,CRCSTART add CRC1Reg,MemCopy jmp Hook1End Hook1End: db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 jmp Hook1Ret Hook2: cmp CRC2Reg,CRCSTART jb Hook2End cmp CRC2Reg,CRCEND ja Hook2End sub CRC2Reg,CRCSTART add CRC2Reg,MemCopy jmp Hook2End Hook2End: db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 jmp Hook2Ret CRC1+CRC1CHANGE: Hook1Ret: CRC2+CRC2CHANGE: Hook2Ret: ///////////////////////////////////////////////////////////////////////// DisableCRCBypass: mov eax, mov bh, mov ,eax mov BYTE PTR ,bh mov eax, mov bh, mov ,eax mov BYTE PTR ,bh jmp terminatethread /////////////////////////////////////////////////////////////////////////// createthread(DisableCRCBypass) dealloc(CRCHook) dealloc(MemCopy) dealloc(MemCopier) unregistersymbol(MemCopy) unregistersymbol(MemCopier)
-
個人分類: Bypass|0 個評論
-
-
TwMs v237.1 CRC 快樂吸物
-
a7899887789 2021-8-13 03:16
-
//TwMs v237.1 CRC 快樂吸物 //地上有物品就啟動,撿取放z,開啟後不要移動人物 Alloc(ItemVAC,128) Alloc(SetFakeTime,64) Alloc(FakeTime,4) Label(InitFakeTime) Alloc(Hook,128) Alloc(PressKey,128) Label(Return) Label(Exit) ItemVAC: call 01776DA0 push eax mov eax, mov ,eax mov eax, add eax,A mov ,eax pop eax jmp 0175AB7F 0175AAF2: jmp ItemVAC 0175EC64: db EB 00c1bea2: //人物定位 db eb 0175A57B: //物品定位 db 90 90 90 90 90 90 0304F951: //撿物無延遲 db 90 90 //PickNDL(撿物無延遲) FakeTime: DD 00 SetFakeTime: cmp ,00 je InitFakeTime mov eax, add eax,000000C8 //200ms InitFakeTime: mov ,eax push edi jmp 0635CA63 0635CA4A: jmp SetFakeTime DB 90 90 // Hook: pushad mov eax, mov eax, cmp eax,1 jl Exit mov edx,002C0000 // 自動案Z call PressKey jmp Exit PressKey: mov esi, mov ecx, push edx push 00 call 02fcf3e0 ret Exit: popad call 01800285 jmp Return 01800280: jmp Hook Return: 0175AAF2: call 01776DA0 0175EC64: db 74 00c1bea2: //人物定位 db 74 0175A57B: //物品定位 db 0f 85 8f 05 00 00 0635CA4A: //撿物無延遲 push edi jnl 0635CA63 0304F951: //撿物無延遲 db 33 f6 01800280: call 01800285 DeAlloc(Hook) DeAlloc(PressKey) DeAlloc(SetFakeTime) DeAlloc(FakeTime) DeAlloc(ItemVAC)
-
個人分類: 數據|74 次閱讀|0 個評論
Copyright © 2011-2024 冰楓論壇, All rights reserved
免責聲明:本網站是以即時上載留言的方式運作,本站對所有留言的真實性、完整性及立場等,不負任何法律責任。
而一切留言之言論只代表留言者個人意見,並非本網站之立場,用戶不應信賴內容,並應自行判斷內容之真實性。