[EMS] HackShield & MS CRC Bypass.

Page 1 of 2 1 2
12/30/2009 03:01 Jonny999#1
MS CRC Bypass:
Code:
[Enable]
Alloc(NewMemory, 4194304)
Alloc(CRCCave, 128)
Alloc(CopyMemory, 128)
CreateThread(CopyMemory)
Label(End)

00485A1C:
jmp CRCCave

CRCCave:
cmp ecx,00400000
jl End
cmp ecx,00A00000
jg End
add ecx,NewMemory-00400000

End:
mov eax,[ebp+10]
push esi
push edi
jmp 00485A21

CopyMemory:
mov esi,00400000
mov edi,NewMemory
mov ecx,00100000
rep movsd
push 00
call ExitThread
[Disable]
HS CRC Bypass:
Code:
[Enable]
//Name: HackShield CRC Check Bypassing CE Assembly Script.
alloc(HSCRCFail,256)
label(BackToOP)

OpenProcess:
jmp HSCRCFail

HSCRCFail:
mov eax, fs:[20]
cmp eax, [esp+0c]

jne BackToOP
mov fs:[34], 57
xor eax, eax
ret 000c

BackToOP:
mov edi, edi
push ebp
mov ebp, esp
jmp OpenProcess+5

[Disable]
OpenProcess:
mov edi, edi
push ebp
mov ebp, esp
dealloc(HSCRCFail)


Heres a C++ Version of the HSCRC Bypass, you will need to compile it yourself.(DLL File)
Code:
#include <windows.h>

#define JMP(frm, to) (int)(((int)to - (int)frm) - 5)

DWORD dwOpenProcess = (DWORD)OpenProcess;  

__declspec(naked) VOID WINAPI OpenProcessHook()
{
  __asm {
    call GetCurrentProcessId
    cmp  eax, [esp+0Ch]
    jnz  Return
    push ERROR_INVALID_PARAMETER
    call SetLastError
    xor  eax, eax
    ret  0Ch
Return:
    push ebp
    mov  ebp, esp
    jmp  [dwOpenProcess+5]
  }
}

inline BOOL ToggleBypass(__in BOOL b)
{
  static BOOL bEnabled = FALSE;
  BOOL        bRet = FALSE;
  
  if(b != (bEnabled = !bEnabled))
    return FALSE;
    
  __try {
    if(b)
    {
      *(BYTE*)dwOpenProcess = 0xE9;
      *(DWORD*)(dwOpenProcess + 1) = JMP(dwOpenProcess, OpenProcessHook);
    }
    else
    {
      *(WORD*)dwOpenProcess = 0xFF8B;	      // mov  edi, edi
      *(BYTE*)(dwOpenProcess + 2) = 0x55;   // push ebp
      *(WORD*)(dwOpenProcess + 3) = 0xEC8B;	// mov  ebp, esp
    }
    bRet = TRUE;
  }
  __except(EXCEPTION_EXECUTE_HANDLER) {
    bRet = FALSE;
  }
  
  return bRet;
}

BOOL APIENTRY DllMain(__in HMODULE hModule, __in DWORD fdwReason, __in __reserved LPVOID lpvReserved)
{
  switch(fdwReason)
  {
    case DLL_PROCESS_ATTACH:
      dwOpenProcess = (DWORD)OpenProcess;
      if(dwOpenProcess != 0)
      {
        if(ToggleBypass(TRUE))
        {
          DisableThreadLibraryCalls(hModule);
          break;
        }
      }
      return FALSE;
      
    case DLL_PROCESS_DETACH:
      ToggleBypass(FALSE);
      break;
  }
  
  return TRUE;
}
01/05/2010 20:34 neufrin#2
my maple crashed when I ticked MS CRC bypass...
01/05/2010 20:40 .SketchBear#3
then you maked somehting wrong its really working i tested it 100% working.What you used the c++ or that what we posted?
01/05/2010 20:43 neufrin#4
I use MLE, and when I ticked MSCRC bypass Maple crashed :( why?
01/05/2010 21:04 .SketchBear#5
you need tick HS CRC Bypass too
01/05/2010 21:19 neufrin#6
yes, I know, but when I "try" tick mscrcbypass my maple give me crash
( I don't clik PLAY)
01/05/2010 21:30 .SketchBear#7
Okay,
then you need wait for the coder of it he just need know it :)
01/05/2010 21:32 neufrin#8
you said "i tested it 100% working" How did you do ?
01/05/2010 21:36 .SketchBear#9
i maked it like you and its worked for me
01/05/2010 21:40 neufrin#10
ok I just made dll file with hscrcbypass, but still i have crash when tick mscrc...
Maybe have you UCE?
01/06/2010 21:12 Wolfie1877#11
Hi,

I open up the CE then open maple. Attach engine and tick both scripts. Press play and then maple dont load? Any ideas what im doing wrong? When do you need to tick the scripts?

Cheers
01/06/2010 23:46 mohrad#12
CE 5.5 seems not to like this bypass - or doesn't work or can't tick MS CRC .

Better make .dll works good.
01/07/2010 20:58 Wolfie1877#13
Any chance of some help compiling? I have pasted it into compiler and it has some errors?

Im using codeblocks
01/07/2010 21:52 neufrin#14
use VS to compile
01/08/2010 13:16 fre024#15
For the mscrc i get error at line 30 (callexitthread)
for the hscrc i get error at line 6 (openprocess)

What can i do to prevent this?

Tyvm
Page 1 of 2 1 2