|
 
- UID
- 287787
- 帖子
- 220
- 主題
- 94
- 精華
- 0
- 積分
- 382
- 楓幣
- 2929
- 威望
- 354
- 存款
- 0
- 贊助金額
- 0
- 推廣
- 6
- GP
- 101
- 閱讀權限
- 30
- 在線時間
- 559 小時
- 註冊時間
- 2020-8-5
- 最後登入
- 2025-2-14
|
|
轉自GMS
BCCRC Bypass
鎖定BlackCipher.aex寫入數據
[ENABLE]
alloc(newmem1,2048)
label(returnhere1)
label(originalcode1)
newmem1:
push ffffffff
call sleep
originalcode1:
pushfd
push edi
push esp
pop edi
add edi,00000004
jmp returnhere1
"BlackCipher.aes"+26885DE:
jmp newmem1
nop 5
returnhere1:
alloc(newmem2,2048)
label(returnhere2)
label(originalcode2)
newmem2:
push ffffffff
call sleep
originalcode2:
pushfd
sub esp,00000004
jmp returnhere2
"BlackCipher.aes"+201769C:
jmp newmem2
nop 2
returnhere2:
alloc(newmem3,2048)
label(returnhere3)
label(originalcode3)
newmem3:
push ffffffff
call sleep
originalcode3:
pushfd
sub esp,04
mov [esp],edi
jmp returnhere3
"BlackCipher.aes"+026C1CCA:
jmp newmem3
nop 2
returnhere3:
[DISABLE]
MSCRC Bypass
鎖定MapleStory寫入數據
define(CRC1,0588FB3C)
define(CRC2,05590C7B)
define(CRC1Reg,ecx)
define(CRC2Reg,edi)
define(CRC1CHANGE,5)
define(CRC2CHANGE,6)
define(CRCSTART,00401000)
define(CRCEND,0640A000)
[ENABLE]
globalalloc(DisableCRCBypass,200)
alloc(CRCHook,200)
alloc(MemCopy,100700160)
registersymbol(MemCopy)
alloc(MemCopier,200)
registersymbol(MemCopier)
label(Hook1)
label(Hook2)
label(Hook1End)
label(Hook2End)
label(Hook1Ret)
label(Hook2Ret)
label(CopyExit)
label(Hook2Ending)
label(Hook1Ending)
label(Counter)
createthread(MemCopier)
///////////////////////////////////////////////////////////////////////////
MemCopier:
cmp [MemCopier+200],1
je CopyExit
push CRCEND-CRCSTART //size
push CRCSTART //*src
push MemCopy //*dest
call memcpy
add esp,0C
CopyExit:
Hook1Ending:
mov eax,[Counter]
mov bh, [CRC1+eax]
mov BYTE PTR [Hook1End+eax],bh
mov BYTE PTR [DisableCRCBypass+150+eax],bh
inc [Counter]
cmp [Counter],CRC1CHANGE
jl Hook1Ending
mov [Counter],0
Hook2Ending:
mov eax,[Counter]
mov bh, [CRC2+eax]
mov BYTE PTR [Hook2End+eax],bh
mov BYTE PTR [DisableCRCBypass+160+eax],bh
inc [Counter]
cmp [Counter],CRC2CHANGE
jl Hook2Ending
mov [Counter],0
mov eax,Hook1
sub eax,CRC1+5
mov byte ptr [CRC1],E9
mov [CRC1+1],eax
mov eax,Hook2
sub eax,CRC2+5
mov byte ptr [CRC2],E9
mov [CRC2+1],eax
mov [MemCopier+200],1
jmp terminatethread
Counter:
dd 0
///////////////////////////////////////////////////////////////////////////
CRCHook:
Hook1:
cmp CRC1Reg,CRCSTART
jb Hook1End
cmp CRC1Reg,CRCEND
ja Hook1End
sub CRC1Reg,CRCSTART
add CRC1Reg,MemCopy
jmp Hook1End
Hook1End:
db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
jmp Hook1Ret
Hook2:
cmp CRC2Reg,CRCSTART
jb Hook2End
cmp CRC2Reg,CRCEND
ja Hook2End
sub CRC2Reg,CRCSTART
add CRC2Reg,MemCopy
jmp Hook2End
Hook2End:
db 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
jmp Hook2Ret
CRC1+CRC1CHANGE:
Hook1Ret:
CRC2+CRC2CHANGE:
Hook2Ret:
/////////////////////////////////////////////////////////////////////////
DisableCRCBypass:
mov eax,[DisableCRCBypass+150]
mov bh, [DisableCRCBypass+154]
mov [CRC1],eax
mov BYTE PTR [CRC1+4],bh
mov eax,[DisableCRCBypass+160]
mov bh, [DisableCRCBypass+164]
mov [CRC2],eax
mov BYTE PTR [CRC2+4],bh
jmp terminatethread
///////////////////////////////////////////////////////////////////////////
[DISABLE]
createthread(DisableCRCBypass)
dealloc(CRCHook)
dealloc(MemCopy)
dealloc(MemCopier)
unregistersymbol(MemCopy)
unregistersymbol(MemCopier)
|
-
總評分: 鑰匙 + 1
查看全部評分
|
發表於 2022-1-11 21:58:01
收藏
推
噓
提升卡
置頂卡
變色卡
搶沙發
千斤頂
發表於 2022-1-11 22:29:24
發表於 2022-1-12 09:22:32