crc

#define jmp(frm, to) (int)(((int)to - (int)frm) - 5)
#include <Windows.h>

const unsigned long ulMsCrcStart = 0x00401000; //static
const unsigned long ulMsCrcEnd = 0x00CAB000; //modify as needed
const unsigned long ulMsCrcSize = ulMsCrcEnd - ulMsCrcStart;

unsigned long ulMsCrc = ulMsCrcStart;
void* Allocation;
unsigned long ulOpenProcess = (unsigned long)OpenProcess;

void MakeMemoryWritable(unsigned long ulAddress, unsigned long ulSize)
{
    MEMORY_BASIC_INFORMATION* mbi = new MEMORY_BASIC_INFORMATION;
    VirtualQuery((void*)ulAddress, mbi, ulSize);
    if (mbi->Protect != PAGE_EXECUTE_READWRITE)
    {
        unsigned long* ulProtect = new unsigned long;
        VirtualProtect((void*)ulAddress, ulSize, PAGE_EXECUTE_READWRITE, ulProtect);
        delete ulProtect;
    }
   delete mbi;
}

bool Jump(unsigned long ulAddress, void* Function, unsigned long ulNops)
{
   __try
   {
      MakeMemoryWritable(ulAddress, 5 + ulNops);
      *(unsigned char*)ulAddress = 0xE9;
      *(unsigned long*)(ulAddress + 1) = jmp(ulAddress, Function);
      memset((void*)(ulAddress + 5), 0x90, ulNops);
      return true;
   }
   __except (EXCEPTION_EXECUTE_HANDLER) { return false; }
}

void __declspec(naked) MSCRCAsm()
{
   __asm
   {
      cmp ecx,[ulMsCrcStart]
      jb Normal
      cmp ecx,[ulMsCrcEnd]
      jg Normal

      sub ecx,[ulMsCrcStart]
      add ecx,Allocation

      Normal:
      movzx ecx,byte ptr [ecx]
      mov edx,[ebp+0x14]
      jmp [ulMsCrc]
   }
}

void __declspec(naked) HSCRCAsm()
{
   __asm
   {
      mov eax,fs:[0x00000020]
      cmp eax,[esp+0x0C] //compare dwProcessId with the current Process' Id
      jne Return

      //If MS tries to open a process in itself, set the last error to ERROR_INVALID_PARAMETER and return NULL
      mov fs:[0x00000034],ERROR_INVALID_PARAMETER
      xor eax,eax
      ret 0x000C

      Return:
      push ebp
      mov ebp,esp
      jmp [ulOpenProcess]
   }
}

void CRCBypass()
{
   for (; ulMsCrc < ulMsCrcEnd; ulMsCrc++)
   {
      if (*(unsigned long*)ulMsCrc == 0x8B09B60F)
      {
         //Allocate some space for the unmodified memory
         Allocation = VirtualAlloc(NULL, ulMsCrcSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

         //Make the memory readable/writable
         MakeMemoryWritable(ulMsCrcStart, ulMsCrcSize);

         //Copy the original, unedited memory
         CopyMemory((void*)Allocation, (void*)ulMsCrcStart, ulMsCrcSize);

         //Bypass MSCRC
         Jump(ulMsCrc, MSCRCAsm, 1);
         ulMsCrc += 1 + 5;

         //Bypass HSCRC
         Jump(ulOpenProcess, HSCRCAsm, 0);
         ulOpenProcess += 5;

         MessageBox(NULL, TEXT("Successfully bypassed MS + HS CRC checks. This bypass was brought to you by GameKiller.net."), TEXT("GameKiller.net - Bringing The Pain To Each And Every Game."), MB_OK | MB_SETFOREGROUND | MB_TOPMOST);
         return;
      }
   }

   OutputDebugStringW(TEXT("Unable to locate MS CRC routine. Exiting..."));
   ExitThread(0);
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    switch (ul_reason_for_call)
    {
       case DLL_PROCESS_ATTACH: CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&CRCBypass, NULL, 0, NULL);
       case DLL_THREAD_ATTACH:
        break;
    }
    return TRUE;
}