- UID
- 287787
- 帖子
- 220
- 主題
- 94
- 精華
- 0
- 積分
- 382
- 楓幣
- 3085
- 威望
- 354
- 存款
- 0
- 贊助金額
- 0
- 推廣
- 6
- GP
- 101
- 閱讀權限
- 30
- 在線時間
- 551 小時
- 註冊時間
- 2020-8-5
- 最後登入
- 2024-12-22
|
- // TwMs v237.1 CRC MSCRC(update from gms)
- // 单mscrc bypass,需要搭配bccrc bypass使用
- define(CRC1,0560B10A)
- define(CRC2,053985B3)
- define(CRC1Reg,ebx)
- define(CRC2Reg,ebx)
- define(CRC1CHANGE,5)
- define(CRC2CHANGE,6)
- define(CRCSTART,00401000)
- define(CRCEND,0640A000)
- [ENABLE]
- globalalloc(DisableCRCBypass,200)
- alloc(CRCHook,200)
- alloc(MemCopy,100700160)
- registersymbol(MemCopy)
- alloc(MemCopier,200)
- registersymbol(MemCopier)
- label(Hook1)
- label(Hook2)
- label(Hook1End)
- label(Hook2End)
- label(Hook1Ret)
- label(Hook2Ret)
- label(CopyExit)
- label(Hook2Ending)
- label(Hook1Ending)
- label(Counter)
- createthread(MemCopier)
- ///////////////////////////////////////////////////////////////////////////
- MemCopier:
- cmp [MemCopier+200],1
- je CopyExit
- push CRCEND-CRCSTART //size
- push CRCSTART //*src
- push MemCopy //*dest
- call memcpy
- add esp,0C
- CopyExit:
- Hook1Ending:
- mov eax,[Counter]
- mov bh, [CRC1+eax]
- mov BYTE PTR [Hook1End+eax],bh
- mov BYTE PTR [DisableCRCBypass+150+eax],bh
- inc [Counter]
- cmp [Counter],CRC1CHANGE
- jl Hook1Ending
- mov [Counter],0
- Hook2Ending:
- mov eax,[Counter]
- mov bh, [CRC2+eax]
- mov BYTE PTR [Hook2End+eax],bh
- mov BYTE PTR [DisableCRCBypass+160+eax],bh
- inc [Counter]
- cmp [Counter],CRC2CHANGE
- jl Hook2Ending
- mov [Counter],0
- mov eax,Hook1
- sub eax,CRC1+5
- mov byte ptr [CRC1],E9
- mov [CRC1+1],eax
- mov eax,Hook2
- sub eax,CRC2+5
- mov byte ptr [CRC2],E9
- mov [CRC2+1],eax
- mov [MemCopier+200],1
- jmp terminatethread
- Counter:
- dd 0
- ///////////////////////////////////////////////////////////////////////////
- CRCHook:
- Hook1:
- cmp CRC1Reg,CRCSTART
- jb Hook1End
- cmp CRC1Reg,CRCEND
- ja Hook1End
- sub CRC1Reg,CRCSTART
- add CRC1Reg,MemCopy
- jmp Hook1End
- Hook1End:
- db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
- jmp Hook1Ret
- Hook2:
- cmp CRC2Reg,CRCSTART
- jb Hook2End
- cmp CRC2Reg,CRCEND
- ja Hook2End
- sub CRC2Reg,CRCSTART
- add CRC2Reg,MemCopy
- jmp Hook2End
- Hook2End:
- db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
- jmp Hook2Ret
- CRC1+CRC1CHANGE:
- Hook1Ret:
- CRC2+CRC2CHANGE:
- Hook2Ret:
- /////////////////////////////////////////////////////////////////////////
- DisableCRCBypass:
- mov eax,[DisableCRCBypass+150]
- mov bh, [DisableCRCBypass+154]
- mov [CRC1],eax
- mov BYTE PTR [CRC1+4],bh
- mov eax,[DisableCRCBypass+160]
- mov bh, [DisableCRCBypass+164]
- mov [CRC2],eax
- mov BYTE PTR [CRC2+4],bh
- jmp terminatethread
- ///////////////////////////////////////////////////////////////////////////
- [DISABLE]
- createthread(DisableCRCBypass)
- dealloc(CRCHook)
- dealloc(MemCopy)
- dealloc(MemCopier)
- unregistersymbol(MemCopy)
- unregistersymbol(MemCopier)
複製代碼 |
-
總評分: 楓幣 + 18
威望 + 2
鑰匙 + 6
GP + 5
查看全部評分
|