Jump to content
Moopler
  • 0
Sign in to follow this  
huhuni

Question KMS CRC script

Question

KMS CRC SCript 279
[ENABLE]
define(MemStart,00400000)
define(MemFinish,02f71000) //My 
globalalloc(DumpM,50000000)
globalalloc(CRC1,1000)
globalalloc(CRC2,1000)
globalalloc(CRC3,2000)
globalalloc(CRC4,1000)
globalalloc(CRC5,1000)
globalalloc(CRC6,1000)
label(original1)
label(original2)
label(original3)
label(original4)
label(original5)
label(original6)
label(return1)
label(return2)
label(return3)
label(return4)
label(return5)
label(return6)
Loadbinary(DumpM,asd.CEM)
004D21C0: 
jmp CRC1
return1:
CRC1:
cmp ebx,MemStart
jb original1
cmp ebx,MemFinish
ja original1
sub ebx,MemStart
add ebx,DumpM
original1:
movzx eax,byte ptr [ebx]
mov ecx,esi
jmp return1
0046ADE4: //53 8B D9 56 57 89 ? ? 8D ? ? 8B
jmp CRC2
return2:
CRC2:
cmp ebx,DumpM
jb original2
cmp ebx,DumpM+02C7C000
ja original2
add ebx,00400000
sub ebx,DumpM
original2:
push ebx
mov ebx,ecx
push esi
push edi
jmp return2

 026a5141://CRC1 Find out what accesses this address
jmp CRC3
return3:
CRC3:
cmp edx,MemStart
jb original3
cmp edx,MemFinish
ja original3
sub edx,MemStart
add edx,DumpM
original3:
mov dl,[edx]
movzx ecx,dl
jmp return3
0089CF4E: //? ? ? ? ? 52 8B 4D F0 83 C1
jmp CRC4
return4:
CRC4:
cmp eax,MemStart
jb original4
cmp eax,MemFinish
ja original4
sub eax,MemStart
add eax,DumpM
original4:
movzx ecx,byte ptr [eax]
xor edx,ecx
jmp return4
01D6AEED: //C1 ? 02 F3 A5 83 ? 03 FF 24 ? ? ? ? ? FF 24 ? ? ? ? ? 90 [2rd]
jmp CRC5
return5:
CRC5:
cmp esi,MemStart
jb original5
cmp esi,MemFinish
ja original5
sub esi,MemStart
add esi,DumpM
original5:
shr ecx,02
repe movsd
jmp return5
01D6ACE4: //? ? ? ? ? ? ? ? 73 09 F3 A4 8B 44 24 0C [2rd]
jmp CRC6
db 90 90 90
return6:
CRC6:
cmp esi,MemStart
jb original6
cmp esi,MemFinish
ja original6
sub esi,MemStart
add esi,DumpM
original6:
bt [024D14E4],01
jmp return6
[DISABLE]
 
 
kms updated 280.
CRC1 code is seperated two code
 00609E2F  (call 005F8C70)
 00609E95 (call 0050D0E0)
 
And CRC3 is eleminated. 
 how to update crc1 code ?
 
help me guys :( 
 
Edited by huhuni

Share this post


Link to post

2 answers to this question

Recommended Posts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×