MS+HS CRC Bypass CE Assembly Script for TWMS 1.13(nimo1993)

不適合新手
如果您是新手，請使用DLL方法： http://bbs.yoyo-do.com/thread-724222-1-1.html


注意！
Attention!
※請不要用於商業用途


1. 這個數據只能在TWMS 1.13 上使用，其他版本必須更新Address (A11481, A11487)
1. This script is for TWMS(Taiwan MapleStory) 1.13 only. If you want to use on another version of MapleStory, please update your addresses.

2. 我不是MSCRC的原作者，我只是把他寫成數據罷了！
2. I'm not the origin. I just rewrite it with CE Assembly script.

3. 請在使用任何數據前，先執行這個數據！
3. Please execute this script FIRST before using your hack.

4. 如果你無法執行這個數據，請確認Memory View->View->Kernelmode symbols 是否打勾
4. If you can't execute this script, please press Memory view->View. Check whether "Kernelmode symbols" item is checked.

4. 這個數據只能不能在CE 5.3的版本執行,請升級到5.4, 5.5 或 5.6, (ME是以5.4為核心)，不能再MS- Memory Writer上使用！(以5.3為核心)

4. This script cannot work fine with CE 5.3. Please update to 5.4, 5.5 or 5.6. (MoonLight Engine is based on CE 5.4).

1. [Enable]
   
2. //MS+HS CRC Bypass v1.1 for "TWMS 1.13" & "HackShield 5.3.5.1024"
   
3. //CE Assembly Script by nimo1993. I love CE!
   
4. //The original address of MS-CRC Bypass is not found by me.
   
5. //If you can't execute this script, please press "Memory view"->"View". Check whether "Kernelmode symbols" item is checked.
   
6. //如果你無法執行這個數據，請按Memory View->View->Kernelmode symbols 打勾
   
7. 
   
8. Alloc(CRCBypass,512)
   
9. Alloc(FakeDump,8376320)
   
10. Label(HSCRCBypass)
    
11. Label(BackToOP)
    
12. Label(MSCRCBypass)
    
13. Label(Normal)
    
14. Label(MSmemcpy)
    
15. 
    
16. RegisterSymbol(HSCRCBypass)
    
17. RegisterSymbol(MSCRCBypass)
    
18. RegisterSymbol(FakeDump)
    
19. 
    
20. CreateThread(MSmemcpy)
    
21. 
    
22. CRCBypass:
    
23. HSCRCBypass:
    
24. mov eax, fs:[20]
    
25. cmp eax, [esp+0c]
    
26. jne BackToOP
    
27. mov fs:[34], 57
    
28. xor eax, eax
    
29. ret 000c
    
30. 
    
31. BackToOP:
    
32. push ebp
    
33. mov ebp, esp
    
34. jmp OpenProcess+5
    
35. 
    
36. MSCRCBypass:
    
37. push eax
    
38. lea eax, [ecx]
    
39. cmp eax, 00401000
    
40. jb Normal
    
41. cmp eax, 00BFE000
    
42. ja Normal
    
43. push ebx
    
44. mov ebx, FakeDump
    
45. sub eax, 00401000
    
46. add eax, ebx
    
47. movzx ecx, byte ptr [eax]
    
48. pop ebx
    
49. pop eax
    
50. jmp Normal+04
    
51. 
    
52. Normal:
    
53. pop eax
    
54. movzx ecx, byte ptr [ecx]
    
55. mov edx, [ebp+14]
    
56. jmp 00A11487 //A11481 + 6
    
57. 
    
58. 
    
59. MSmemcpy:
    
60. mov edi, FakeDump
    
61. mov esi, 00401000
    
62. mov ecx, 001FF400
    
63. repe movsd
    
64. ret
    
65. 
    
66. OpenProcess:
    
67. jmp HSCRCBypass
    
68. 
    
69. //AOB: 0F B6 09 8B
    
70. 00A11481:
    
71. jmp MSCRCBypass
    
72. nop
    
73. 
    
74. [Disable]
    
75. OpenProcess:
    
76. mov edi, edi
    
77. push ebp
    
78. mov ebp, esp
    
79. A11481:
    
80. movzx ecx, byte ptr [ecx]
    
81. mov edx, [ebp+14]
    
82. 
    
83. DeAlloc(CRCBypass)
    
84. DeAlloc(FakeDump)
    
85. UnregisterSymbol(HSCRCBypass)
    
86. UnregisterSymbol(MSCRCBypass)
    
87. UnregisterSymbol(FakeDump)

複製代碼

這個數據相當於在CE內使用 LoadLibrary(NimoMSHSCRC.dll)
只是你不必放DLL於CE目錄下，全部交給CE自己執行.
不知這種數據該放在代碼發布區，還是這裡...