Quote:
Originally Posted by zeffy
Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.
|
If that happened, you could just change the polynomial here (e.g. change CRC32 to CRC32c) and the CRC check would work again...