TwMs v225.2 CRC MSCRC
//TwMs v225.2 CRC MSCRC//單MSCRC ,沒有BCCRC的情況下會觸發D1060104檢測到CE D1010201 BlackCipher檢測到MS內存被修改
registersymbol(memcopy)
alloc(memcopy,256)
registersymbol(mscem)
alloc(mscem,91338512)//5719000+xx
registersymbol(memaddr)
alloc(memaddr,4)
label(copyend)
label(loopcopy)
createthread(memcopy)
memaddr:
dd mscem
memcopy:
mov eax,00401000
lea ecx,
loopcopy:
xor ebx,ebx
movzx ebx,byte ptr
mov byte ptr ,bl
inc eax
inc ecx
cmp eax,00401000+5719000
jg copyend
jmp loopcopy
copyend:
lea ebx,
sub ebx,00401000
add ebx,046FEE53//FIXjmp
cmp ,1C8B0302
je +d
mov ,1C8B0302
mov ,04C48324
lea ebx,
sub ebx,00401000
add ebx,044D3A7A//FIXjmp
cmp ,CE811B8B
je +d
mov ,CE811B8B
mov ,00000080
ret
registersymbol(mscrc1)
alloc(mscrc1,512)
label(mscrc1end)
mscrc1:
cmp ebx,00401000
jb mscrc1end
cmp ebx,00401000+5719000
ja mscrc1end
add ebx,
sub ebx,00401000
jmp mscrc1end
mscrc1end:
db 02 03 8B 1C 24
jmp 046FEE53+5
046FEE53:
jmp mscrc1
registersymbol(mscrc2)
alloc(mscrc2,512)
label(mscrc2end)
mscrc2:
cmp ebx,00401000
jb mscrc2end
cmp ebx,00401000+5719000
ja mscrc2end
add ebx,
sub ebx,00401000
jmp mscrc2end
mscrc2end:
db 8B 1B 81 CE 80 00 00 00
jmp 044D3A7A+8
044D3A7A:
jmp mscrc2
想知道這個的用途求解釋~:'( 外挂异常了 那还能试用吗 CRC数据是什么
頁:
[1]