TwMS v148_MSCRCBypass
數據寫法參考自:Nimo1993大神的pixnet:
TWMS 113 NEW CRC BYPASS CE Assembly Script 1.2 (修正楓谷關閉BUG & 改版免更新)
關鍵地址已全數遮蔽,請自行更新...
我只是無聊不知道要發啥O_Q
如果這種文章出現在這裡不慎妥當請在下面留言叫我刪除...
附註:這種Bypass寫法只能在Play使用,不然會複製到錯誤的記憶體,而且內存保護會讓遊戲崩潰...
//TwMS v148_MSCRCBypass
[Enable]
Alloc(MSCRCBypass, 512)
Alloc(FakeDump, 10047488)
Label(BackToMS)
Label(MSCRCCrack)
Label(BackToCrack)
Label(MSmemcpy)
Label(StartHook)
Label(Title)
Label(SuccessMsg)
CreateThread(MSmemcpy)
MSCRCBypass:
Cmp Ecx, 00401000
Jnge BackToMS
Cmp Ecx, 00xxxxxx
Jnl BackToMS
Sub Ecx, 00401000
Add Ecx, FakeDump
BackToMS:
Xor Edx,Edx
Mov Ebx,[Ebp+08]
Push 00xxxxxx
Ret
MSCRCCrack:
Cmp Edx, 00401000
Jnge BackToCrack
Cmp Edx, 00xxxxxx
Jnl BackToCrack
Sub Edx, 00401000
Add Edx, FakeDump
BackToCrack:
Push [Edx]
Push 00xxxxxx
Ret
MSmemcpy:
cld
mov edi, FakeDump
mov esi, 00401000
mov ecx, 00265400
repe movsd
StartHook:
Mov Eax, 00xxxxxx
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
Mov Eax, 00xxxxxx
lea ebx, [eax+05]
sub ebx, MSCRCCrack
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret
Title:
db 'MSCRC Bypass' 00
SuccessMsg:
db 'Anti-MSCRC-Check Init Successfully!' 00
[Disable]
TWMS 113 NEW CRC BYPASS CE Assembly Script 1.2 (修正楓谷關閉BUG & 改版免更新)
關鍵地址已全數遮蔽,請自行更新...
我只是無聊不知道要發啥O_Q
如果這種文章出現在這裡不慎妥當請在下面留言叫我刪除...
附註:這種Bypass寫法只能在Play使用,不然會複製到錯誤的記憶體,而且內存保護會讓遊戲崩潰...
//TwMS v148_MSCRCBypass
[Enable]
Alloc(MSCRCBypass, 512)
Alloc(FakeDump, 10047488)
Label(BackToMS)
Label(MSCRCCrack)
Label(BackToCrack)
Label(MSmemcpy)
Label(StartHook)
Label(Title)
Label(SuccessMsg)
CreateThread(MSmemcpy)
MSCRCBypass:
Cmp Ecx, 00401000
Jnge BackToMS
Cmp Ecx, 00xxxxxx
Jnl BackToMS
Sub Ecx, 00401000
Add Ecx, FakeDump
BackToMS:
Xor Edx,Edx
Mov Ebx,[Ebp+08]
Push 00xxxxxx
Ret
MSCRCCrack:
Cmp Edx, 00401000
Jnge BackToCrack
Cmp Edx, 00xxxxxx
Jnl BackToCrack
Sub Edx, 00401000
Add Edx, FakeDump
BackToCrack:
Push [Edx]
Push 00xxxxxx
Ret
MSmemcpy:
cld
mov edi, FakeDump
mov esi, 00401000
mov ecx, 00265400
repe movsd
StartHook:
Mov Eax, 00xxxxxx
lea ebx, [eax+05] //The Target Address - The Next Address
sub ebx, MSCRCBypass
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
Mov Eax, 00xxxxxx
lea ebx, [eax+05]
sub ebx, MSCRCCrack
neg ebx
mov byte ptr [eax], e9 //jmp
mov [eax+01], ebx //Target AOB
push 40 //MB_ICONINFORMATION
push Title
push SuccessMsg
push 00
call MessageBoxA
ret
Title:
db 'MSCRC Bypass' 00
SuccessMsg:
db 'Anti-MSCRC-Check Init Successfully!' 00
[Disable]
可以給舊版的位址嗎- -?
回覆刪除拿舊版的來參考就行了吧
回覆刪除