| View previous topic :: View next topic |
| Author |
Message |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
 Posted: Tue Aug 12, 2008 12:59 pm Post subject: MS CRC DLL Code |
 |
|
Yea. I made this dll in c++. I snipped out the part on MS CRC. I know its useless w/o GG CRC but can someone check to see if I converted it alright?
| Code: | NewMem:=virtualalloc(nil,2048, mem_commit,page_execute_readwrite);
blaaaa:=virtualalloc(nil,3670018, mem_commit,page_execute_readwrite);
virtualprotect(pointer($00400000),3670018,PAGE_EXECUTE_READWRITE,originalprotection);
//Copy the memory of current process into the dump
OldMem:=pointer($00400000);
For i:=0 to 3670018 do
Begin
blaaaa[i]:=OldMem[i];
end;
//Finished Dumping
//New Mem Code:
NewMem[0]:=$81;
NewMem[1]:=$F9;
NewMem[2]:=$00;
NewMem[3]:=$00;
NewMem[4]:=$40;
NewMem[5]:=$00;
NewMem[6]:=$72;
NewMem[7]:=$1C;
NewMem[8]:=$90;
NewMem[9]:=$90;
NewMem[10]:=$90;
NewMem[11]:=$90;
NewMem[12]:=$81;
NewMem[13]:=$F9;
NewMem[14]:=$00;
NewMem[15]:=$00;
NewMem[16]:=$78;
NewMem[17]:=$00;
NewMem[18]:=$77;
NewMem[19]:=$10;
NewMem[20]:=$90;
NewMem[21]:=$90;
NewMem[22]:=$90;
NewMem[23]:=$90;
NewMem[24]:=$B8;
pdword(@NewMem[25])^:=dword(blaaaa);
NewMem[29]:=$2D;
NewMem[30]:=$00;
NewMem[31]:=$00;
NewMem[32]:=$40;
NewMem[33]:=$00;
NewMem[34]:=$01;
NewMem[35]:=$C1;
NewMem[36]:=$8B;
NewMem[37]:=$45;
NewMem[38]:=$10;
NewMem[39]:=$56;
NewMem[40]:=$57;
NewMem[41]:=$E9;
pdword(@NewMem[42])^:=dword($47cca3-$2E)-dword(NewMem);
//End New Mem
//CRC Jump
jump:=pointer($0047cc9e);
jump[0]:=$E9;
pdword(@jump[1])^:=dword(NewMem)-dword(dword(@jump[0])+$5); |
|
|
| Back to top |
|
 |
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Tue Aug 12, 2008 1:08 pm Post subject: |
|
|
I just went to the top and theres no such thing as nil, it's NULL.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
b6ooy
Grandmaster Cheater
![]() Reputation: 0
Joined: 21 Sep 2006
Posts: 653
|
| Posted: Tue Aug 12, 2008 1:17 pm Post subject: |
|
|
it looks like delphi 
|
|
| Back to top |
|
|
HolyBlah
Master Cheater
![]() Reputation: 2
Joined: 24 Aug 2007
Posts: 446
|
| Posted: Tue Aug 12, 2008 1:21 pm Post subject: |
|
|
| b6ooy wrote: | | it looks like delphi |
Because it's Delphi...
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Tue Aug 12, 2008 1:23 pm Post subject: |
|
|
Oh so it is. Oops my bad. I must read wrong. Thought he was porting to C++ not delphi.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Tue Aug 12, 2008 1:38 pm Post subject: Re: MS CRC DLL Code |
|
|
| dnsi0 wrote: | | Yea. I made this dll in c++. I snipped out the part on MS CRC. I know its useless w/o GG CRC but can someone check to see if I converted it alright? |
Btw, the original script would be useful if you want us to check against it.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Tue Aug 12, 2008 1:58 pm Post subject: |
|
|
Sure:
| Code: | [enable]
alloc(newmem,2048)
alloc(blaaaa,3670018)
label(originalcode)
loadbinary(blaaaa,v57.CEM)
newmem:
cmp ecx,00400000
jb originalcode
cmp ecx,00780000
ja originalcode
mov eax,blaaaa
sub eax,00400000
add ecx, eax
originalcode:
mov eax,[ebp+10]
push esi
push edi
jmp 47cca3
0047cc9e:
jmp newmem
[disable]
0045de27:
mov eax,[ebp+10]
push esi
push edi
dealloc(newmem)
dealloc(blaaaa) |
Ignor the loadbinary crap. Cause I made my own version where it just copys maple's memory into blaaaa.
Edit: WOOOOOOOOO GOT MY SS MOUSE TELE TO WORK. BUt... Got caught by maple police. But I bypassed the police and my acc wasn't baned whew...
|
|
| Back to top |
|
|
GMZorita
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 1361
|
| Posted: Tue Aug 12, 2008 2:54 pm Post subject: |
|
|
You can just use memcpy()...
You are wasting too mutch lines for nothing.
Besides this is called "delphi" not "C++".
I'm not good at delphi so i can't help.
_________________
Gone |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Tue Aug 12, 2008 4:16 pm Post subject: |
|
|
Im not wasting lines. Thats the closest to WPM you can get.
And no asm does not help this...
|
|
| Back to top |
|
|
Cx
Master Cheater
 Reputation: 0
Joined: 27 Jul 2007
Posts: 367
|
| Posted: Thu Aug 14, 2008 11:09 pm Post subject: |
|
|
| dnsi0 wrote: | Im not wasting lines. Thats the closest to WPM you can get.
And no asm does not help this... |
the way you did it is gay. use a big array instead or something.
_________________
armed with this small butterfly net
i will face the world alone
& never be lonely. |
|
| Back to top |
|
|
Zand
Master Cheater
![]() Reputation: 0
Joined: 21 Jul 2006
Posts: 424
|
| Posted: Fri Aug 15, 2008 12:04 am Post subject: |
|
|
| Cx wrote: | | dnsi0 wrote: | Im not wasting lines. Thats the closest to WPM you can get.
And no asm does not help this... |
the way you did it is gay. use a big array instead or something. |
It is a big array.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Fri Aug 15, 2008 12:16 am Post subject: |
|
|
| Zand wrote: | | Cx wrote: | | dnsi0 wrote: | Im not wasting lines. Thats the closest to WPM you can get.
And no asm does not help this... |
the way you did it is gay. use a big array instead or something. |
It is a big array. |
he means the way the values are being assigned.
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Fri Aug 15, 2008 7:32 pm Post subject: |
|
|
| Code: |
var
array[0..3] of byte NewMem = [$15, $53, $25, $ef];
begin
...
end;
|
Do it like that. Sorry, my Delphi skills are rusty (haven't coded in it for 3 months).
This is where C++ would be 10x easier. Naked functions with inline ASM FTW.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Fri Aug 15, 2008 7:46 pm Post subject: |
|
|
No you can do asm too in delphi you use:
asm
...your asm crap here
end;
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Fri Aug 15, 2008 8:56 pm Post subject: |
|
|
| True, but Delphi doesn't allow you to do naked functions. Delphi compiler always adds prologue and epilogue code.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
