TwMS v1.44_ICS_斷線保護

//TwMS v1.44_ICS_DCProtect
//Auther:Whocare?
//ICS:Onion
//Maybe can let you won't DC by other guys?
//I'm not sure about it, don't know how to test.

[Enable]
Alloc(DCProtect, 128)
Label(FakeJ1)
Label(FakeJ2)

00B18D7C:
DD DCProtect

DCProtect:
push ebp
sub esp,64
push 00000138
mov eax,0098b0aa
call 009618a9
mov esi,ecx
mov [ebp-34],esi
xor ebx,ebx
push 46
pop eax
mov [ebp+34],ebx

//00454869 - 39 45 74                   - cmp [ebp+74],eax
//0045486C - 7f 03                      - jg 00454871

mov [ebp+74],eax

//00454871 - 39 9e fc 03 00 00          - cmp [esi+000003fc],ebx
//00454877 - 74 0b                      - je 00454884
//00454879 - 53                         - push ebx
//0045487A - e8 62 e5 ff ff             - call 00452de1
//0045487F - e9 d5 16 00 00             - jmp 00455f59

lea eax,[ebp-30]
push eax
call 00450a8a
mov edi,eax
mov [ebp+4c],edi
cmp edi,0000011f
jne FakeJ1
mov [esi+0000038c],ebx
FakeJ1:
push edi
call 0044ff52
pop ecx

//004548A7 - 85 c0                      - test eax,eax
//004548A9 - 74 06                      - je 004548b1
//004548AB - 89 9e b4 03 00 00          - mov [esi+000003b4],ebx
//004548B1 - 3b fb                      - cmp edi,ebx
//004548B3 - 0f 8c a0 16 00 00          - jl 00455f59

mov eax,[esi+0000038c] //?
//004548BF - 3b c3                      - cmp eax,ebx
//004548C1 - 74 0d                      - je 004548D0
cmp edi,3a
jnge FakeJ2

//004548C8 - 3b c3                      - cmp eax,ebx
//004548CA - 0f 85 89 16 00 00          - jne 00455f59
//004548D0 - 81 ff 90 01 00 00          - cmp edi,00000190
//004548D6 - 0f 8d 7d 16 00 00          - jnl 00455f59
FakeJ2:
mov ecx,esi
call 00421691
cmp dword ptr [esi+0000038c],00
mov ebx,eax
mov [ebp+48],ebx

Jmp 00454c72

[Disable]
00B18D7C:
DD 00454849
DeAlloc(DCProtect)

本月最夯