I didn't read whole posts, but if anyone want to know how he get it, he it's probably by attaching cheat engine debugger and seeing what accesses to a VA address in .text section of CShell. When you enter in game, it get accessed by this part of code. I already had it since CA implemented it.
Anyway, good job, atleast someone get it. That's how I do it : (ca eu)
Code:
DWORD addressToPass_CShell;
BYTE CRCBYTE_CSHELL;
DWORD dwCRCCheck_HookStart = 0x379C1F85;
DWORD dwCRCCheck_JMPBack = 0x379C1F8E;
__declspec(naked) void __cdecl hkCRCCheck()
{
__asm mov ebx, 0;
__asm add ebx, edx; //here ebx contain address which is getting scanned
__asm mov addressToPass_CShell, ebx;
__asm pushad; //savin stack
__asm pushfd; //savin also flags
//example..
if(addressToPass_CShell == dwNameTags1)
{
CRCBYTE_CSHELL = NAMETAGS1BYTES[0];
goto JmpPoint;
}
//end of example..
__asm popfd;
__asm popad;
__asm add al, byte ptr ds:[ebx];
__asm jmp dwCRCCheck_JMPBack;
JmpPoint:
__asm popfd;
__asm popad;
__asm add al, CRCBYTE_CSHELL;
__asm jmp dwCRCCheck_JMPBack;
}
@ nametagS1BYTES, memcpy inside an array of byte of 2 contains @ nametags first address.
Anyway, this CRC check is not good. Most of assembly operation in this part of code is themida
![Win](images/emotions/win.gif)
license junkcode. Yes, there is code mutation of oreans software. I guess what you would do if there was a virtualmachine
![Wink](images/emotions/emo10.png)