by me jordon the leetest coder in ze world?!



Disabling The CRC Check On ModuleC:
In this tutorial i'm going to show you guys how to disable the crc check done on moduleC via the VM. Note you must be ok with patching moduleC also you must be aware that doing this incorrectly may cause you to be banned. Now that you are aware of this we can move on to the tutorial itself. I will jsut be giving code here how and where to apply it in your hook you must figure out. There is very much a correct place to do this if you want to avoid any detections at all.


// 0x55 / 85 = Crc check.
PDWORD dwJumpTable = (PDWORD)0x01704957;
DWORD dwBackup = dwJumpTable[85];
dwJumpTable[85] = (DWORD)&CrcCheckBlock;
DWORD dwSize = 0;
DWORD dwOffset = 0;
DWORD dwCrcConstant = 0;

// This is what the crc check fucntion would look like if it were a function.
// Reversed by me thanks to ltfxguy for the other one as it helped me.
DWORD CrcFunction( DWORD dwStartOffset, int iSize )
{
int iSizeInWords = (iSize / 4);
DWORD dwCrc = 0;
DWORD dwCount = 0;
PDWORD * dwCurrent = (PDWORD)dwStartOffset;

while( iSizeInWords > 0 )
{
dwCrc += (*dwCurrent ^ dwCount);
dwCount += 4;
dwCurrent++;
iSizeInWords--;
}

return( dwCrc );
}

__declspec( naked ) void PushStackAddress( DWORD dwAddress )
{
_asm { mov eax, [ecx+0x60] };
_asm { mov edx, [ecx+0x64] };
_asm { push esi };
_asm { mov esi, [esp+0x04] };
_asm { mov eax, [eax] };
_asm { mov [edx+eax*0x04], esi };
_asm { mov ecx, [ecx+0x60] };
_asm { pop esi };
_asm { inc dword ptr [ecx] };
_asm { ret };
}
__declspec( naked ) DWORD PopStackAddress( void )
{
_asm { mov ecx, [ebp+0x08] };
_asm { mov eax, [ecx+0x60] };
_asm { dec dword ptr [eax] };
_asm { mov eax, [ecx+0x60] };
_asm { mov ecx, [ecx+0x64] };
_asm { mov eax, [eax] };
_asm { mov eax, [ecx+eax*0x04] };
_asm { ret };
}
// Use this before you have logged the correct constant.
__declspec( naked ) void CrcCheckBlock( void )
{
// Pop the size from the vm's stack.
_asm { push ecx };
_asm { mov ecx, [ebp+0x08] };
dwSize = PopStackAddress( );
_asm { pop ecx };

add_log( "Size 0x%X", dwSize );

// Pop the start offset off the stack.
_asm { push ecx };
_asm { mov ecx, [ebp+0x08] };
dwOffset = PopStackAddress( );
_asm { pop ecx };

add_log( "StartOffset 0x%X", dwOffset );

dwJumpTable[85] = dwBackup;
DWORD dwResult = CrcFunction( dwOffset, (int)dwSize );
dwJumpTable[85] = (DWORD)&CrcCheckBlock;
dwCrcConstant = dwResult;
add_log( "CrcConstant 0x%X", dwCrcConstant );

_asm { mov [ebp-0x9C], dwResult };
_asm { jmp short 0x01702D0A };
}

// atfer logging the constant use this.
__declspec( naked ) void CrcCheckBlock( void )
{
// Pop the size from the vm's stack.
_asm { push ecx };
_asm { mov ecx, [ebp+8] };
dwSize = PopStackAddress( );
_asm { pop ecx };

add_log( "Size 0x%X", dwSize );

// Pop the start offset off the stack.
_asm { push ecx };
_asm { mov ecx, [ebp+8] };
dwOffset = PopStackAddress( );
_asm { pop ecx };

add_log( "StartOffset 0x%X", dwOffset );

_asm { mov [ebp-0x9C], 0xConstanthere };
_asm { jmp short 0x01702D0A };
}

Make note that you must always pop the arguments used in this opcode or could mess the VM.

- RetarT -


yes its realy by me!

no

ok

retart asked me to post it

YOU STOLERD MAH KODE gj

didnt you also invent the aimbot? :D

yes i did :speechles but i think amybe i made that code as well but its retarts :knocked_o

jordon you retard face you didnt even post it right

i invented the internet :/

I invented the invention HA! Got ya 0_o

bowmont = retart

i told him i wouldnt let his secret out but its more than obvious in this thread, ban him.

noes the seckre3t is out!!?

04:37 <ritart> Hello, remove the ban or something is going to get leaked and it will be horrible.
04:37 <osGb`> do you honestly think me unbanning you will accomplish anything? there are at least 4 other active ops who will hop right in and ban you again.
04:38 -!- There is no such nick ritart



I wonder if this is his oh so horrible leak

gee golly! He sure is ruining this now 7 year old game!

He's like cheetah... a boomerang... they keep coming back and they dont know rejection.... >_<

I thought GD and RetarT were going to go their seperate ways,
well, more of RetarT going away and dying.


You get the idea.

again b$ from retart.

it won't work this way ...

lol not even half the people here don't even know what a crc check is

including you.

i know what crc checking is :)

i know what it is.... or at least i think i know what it is. a crc is a certain number (i don't know how this number is retrived) that applies to a very specific program or file. like if you change the text in a txt file and change it and the hack does a crc checksum the crc number from the txt changed from what the author left it at giving an error message like: "You gay readme editor!" correct me if i'm wrong

i know what it is.... or at least i think i know what it is. a crc is a certain number (i don't know how this number is retrived) that applies to a very specific program or file. like if you change the text in a txt file and change it and the hack does a crc checksum the crc number from the txt changed from what the author left it at giving an error message like: "You gay readme editor!" correct me if i'm wrong
it's the crc check VAC runs on a number of HL functions, S_DynamicSound, the Export Table, LTFX v4 Table and some other stuff, it detects if you've tampered with any thing you shouldnt, and if the crc doesnt match, vac detects/drops you....

Feel free to correct me if i'm wrong...

no, vac sends the CIA to your house and they assassinate you.

i thought it was the NSA.... fucking valve

If any of you folks actually knew what CRC was, you would stop calling it "Cyclic Redundancy Check checking".

CRC Check sounds better than plain old CRC...

EDIT:

and if you knew what a CRC was, you would only call it a checksum instead :evolved:

lol, sorry? at least i know what it is sorta!

ok so where do i put this im my source :P