Created
April 4, 2015 22:54
-
-
Save Fonger/affa6e8d896382f39f6a to your computer and use it in GitHub Desktop.
NimoMSHSCRC.cpp v1.1 HackShield CRC Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ========================================================= | |
// Name: NimoMSHSCRC v1.1 Bypass AhnLab HackShield 5.3.5.1024 | |
// Date: April, 14, 2010 | |
// Author: nimo1993, thanks to the founder of MS CRC address. | |
// ========================================================= | |
#include "stdafx.h" | |
//#include "conio.h" | |
DWORD MSCRCStart = 0x00401000, MSCRCEnd = 0x00BFE000; | |
DWORD MSCRCSize = MSCRCEnd - MSCRCStart; | |
LPVOID FakeBaseAddr = 0; | |
DWORD TID; | |
DWORD CrackMSCRC; | |
DWORD AOB = 0x8B09B60F; | |
HANDLE (WINAPI *OriginalOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) = OpenProcess; | |
typedef void (WINAPI *pFunc)(void); | |
pFunc OrgMSCRC; | |
bool SetHook(bool bState, PVOID* ppPointer, PVOID pDetour) | |
{ | |
if (DetourTransactionBegin() == NO_ERROR) | |
if (DetourUpdateThread(GetCurrentThread()) == NO_ERROR) | |
if ((bState ? DetourAttach : DetourDetach)(ppPointer, pDetour) == NO_ERROR) | |
if (DetourTransactionCommit() == NO_ERROR) | |
return true; | |
return false; | |
} | |
/* | |
bool IsHackShield(void *CallerAddress) | |
{ | |
HMODULE hCallerModule = NULL; | |
if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, (LPCTSTR)CallerAddress, &hCallerModule)) //¥ÑRET¦ì§}¨Ó¨ú±oBase Module Handle | |
{ | |
wchar_t ModuleName[MAX_PATH]; | |
GetModuleBaseName(GetCurrentProcess(), hCallerModule, ModuleName, MAX_PATH); //¥ÑModule Handle¨ú±oModule Name | |
if (lstrcmpiW(ModuleName, L"EHSvc.dll") == 0) | |
return true; | |
} | |
return false; | |
} | |
*/ | |
HANDLE WINAPI OpenProcessHook(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) | |
{ | |
if (GetCurrentProcessId() == dwProcessId) | |
{ | |
SetLastError(ERROR_INVALID_PARAMETER); | |
return NULL; | |
} | |
return OriginalOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId); | |
} | |
void __declspec(naked) WINAPI MSCRCHook() | |
{ | |
__asm | |
{ | |
push eax | |
lea eax,[ecx] | |
cmp eax,[MSCRCStart] | |
jb Normal | |
cmp eax,[MSCRCEnd] | |
ja Normal | |
push ebx | |
mov ebx,[FakeBaseAddr] | |
sub eax,[MSCRCStart] | |
add eax,ebx | |
movzx ecx,byte ptr [eax] | |
pop ebx | |
pop eax | |
jmp [CrackMSCRC] | |
Normal: | |
pop eax | |
jmp OrgMSCRC | |
} | |
} | |
void Success() | |
{ | |
MessageBox(0,L"Nimo Anti-MS-HS-CRC-Check Init Successfully!",L"NimoMSHS by nimo1993.", MB_OK | MB_ICONINFORMATION); | |
} | |
void Failure() | |
{ | |
MessageBox(0,L"Nimo Anti-MS-HS-CRC-Check Fail!",L"NimoMSHS by nimo1993.", MB_OK | MB_ICONERROR); | |
} | |
void HSHook() | |
{ | |
if(FakeBaseAddr == 0) | |
{ | |
FakeBaseAddr = VirtualAlloc(NULL, MSCRCSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
memcpy(FakeBaseAddr, (void*)MSCRCStart, MSCRCSize); | |
for (unsigned int i = MSCRCStart; i < MSCRCEnd; i++) | |
{ | |
if (*(DWORD*)i == 0x8B09B60F) | |
{ | |
OrgMSCRC = (pFunc)i; | |
break; | |
} | |
} | |
if (SetHook(true, (PVOID*)&OriginalOpenProcess, (PVOID)OpenProcessHook) && SetHook(true, (PVOID*)&OrgMSCRC, (PVOID)MSCRCHook)) | |
CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)Success,NULL,0,&TID); | |
else | |
CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)Failure,NULL,0,&TID); | |
CrackMSCRC = (DWORD)(DWORD*)OrgMSCRC + 3; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
請問有完整的project可以提供嗎