View Single Post
Old 10-19-2019, 14:07
zeffy zeffy is offline
Join Date: Jul 2017
Posts: 41
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 162
Thanks Rcvd at 149 Times in 43 Posts
zeffy Reputation: 4
I haven't looked at the entire source, but isn't using CRC32 to verify functions easy to bypass?

For example,

Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.

I think it would be better to just do a direct byte comparison of the functions since they are being processing in their entirety to get the length already.
Reply With Quote
The Following 5 Users Say Thank You to zeffy For This Useful Post:
Abaddon (10-19-2019), chessgod101 (10-20-2019), Lueilwitz (10-19-2019), niculaita (10-19-2019), nimaarek (10-29-2019)