View difference between Paste ID: <a href="/ZF506yfy">ZF506yfy</a> and <a href="/EpHj1c7d">EpHj1c7d</a>

[Enable]
1		[Enable]
2		/* KMS v1.2.330 */
3		/* NGS Hacking Detected 0x03*/
4
5		Alloc(MemoryDump,60000000)
6		LoadBinary(MemoryDump,legit.CEM)
7
8		Define(MSStart,00400000)
9		Define(MSEnd,019F0000)
10
11		/--------------------/
12
13		Alloc(CRC1Hook,128)
14		Label(CRC1Org)
15		Label(CRC1Ret)
16
17
18		CRC1Hook:
19		cmp esi,MSStart
20		jb CRC1Org
21		cmp esi,MSEnd
22		ja CRC1Org
23		sub esi,MSStart
24		add esi,MemoryDump
25
26		CRC1Org:
27		movzx ebx,byte ptr [esi+01]
28		shl eax,08
29		jmp CRC1Ret
30
31		0061857C: // 0F B6 06 8B ? C1
32		db 90 90
33		jmp CRC1Hook
34		CRC1Ret:
35
36		Alloc(CRC3Hook,128)
37		Label(CRC3Org)
38		Label(CRC3Ret)
39
40		CRC3Hook:
41		cmp esi,MSStart
42		jb CRC3Org
43		cmp esi,MSEnd
44		ja CRC3Org
45		sub esi,MSStart
46		add esi,MemoryDump
47
48		CRC3Org:
49		shr ecx,02
50		and edx,03
51		jmp CRC3Ret
52
53		015735F8-9: // C1 E9 ? 83 E2 ? 83 F9 ? 72 ? F3 - 1res
54		jmp CRC3Hook
55		nop
56		CRC3Ret:
57
58		Alloc(CRC5Hook,128)
59		Label(CRC5Org)
60		Label(CRC5Ret)
61
62		CRC5Hook:
63		cmp ebx,MSStart
64		jb CRC5Org
65		cmp ebx,MSEnd
66		ja CRC5Org
67		push ebx
68		sub ebx,MSStart
69		movzx ebp,byte ptr [ebx+MemoryDump]
70		mov esi,edx
71		pop ebx
72		jmp CRC5Ret
73
74		CRC5Org:
75		movzx ebp,byte ptr [ebx]
76		mov esi,edx
77		jmp CRC5Ret
78
79		0153BB07: // 0F B6 2B 8B
80		jmp CRC5Hook
81		CRC5Ret:
82
83		/*
84		I tested this disabled
85		it's nothing?
86
87		Alloc(CRC2Hook,128)
88		Label(CRC2Org)
89		Label(CRC2Ret)
90
91		CRC2Hook:
92		cmp eax,MSStart
93		jb CRC2Org
94		cmp eax,MSEnd
95		ja CRC2Org
96		sub eax,MSStart
97		add eax,MemoryDump
98
99		CRC2Org:
100		mov al,[eax]
101		sub ebx,ebx
102		and ecx,00000040
103		jmp CRC2Ret
104
105		01C93114:
106		jmp CRC2Hook
107		db 90 90 90 90 90
108		CRC2Ret:
109		*/
110		[disable]