I didn't read whole posts, but if anyone want to know how he get it, he it's probably by attaching cheat engine debugger and seeing what accesses to a VA address in .text section of CShell. When you enter in game, it get accessed by this part of code. I already had it since CA implemented it.
Anyway, good job, atleast someone get it. That's how I do it : (ca eu)
Code:
DWORD addressToPass_CShell;
BYTE CRCBYTE_CSHELL;
DWORD dwCRCCheck_HookStart = 0x379C1F85;
DWORD dwCRCCheck_JMPBack = 0x379C1F8E;
__declspec(naked) void __cdecl hkCRCCheck()
{
__asm mov ebx, 0;
__asm add ebx, edx; //here ebx contain address which is getting scanned
__asm mov addressToPass_CShell, ebx;
__asm pushad; //savin stack
__asm pushfd; //savin also flags
//example..
if(addressToPass_CShell == dwNameTags1)
{
CRCBYTE_CSHELL = NAMETAGS1BYTES[0];
goto JmpPoint;
}
//end of example..
__asm popfd;
__asm popad;
__asm add al, byte ptr ds:[ebx];
__asm jmp dwCRCCheck_JMPBack;
JmpPoint:
__asm popfd;
__asm popad;
__asm add al, CRCBYTE_CSHELL;
__asm jmp dwCRCCheck_JMPBack;
}
@ nametagS1BYTES, memcpy inside an array of byte of 2 contains @ nametags first address.
Anyway, this CRC check is not good. Most of assembly operation in this part of code is themida
license junkcode. Yes, there is code mutation of oreans software. I guess what you would do if there was a virtualmachine