View Single Post
Old 10-19-2019, 21:15
Lueilwitz Lueilwitz is offline
Join Date: Jul 2019
Location: DNR
Posts: 13
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 16 Times in 7 Posts
Lueilwitz Reputation: 0
Originally Posted by zeffy View Post
I haven't looked at the entire source, but isn't using CRC32 to verify functions easy to bypass?

For example,

Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.

I think it would be better to just do a direct byte comparison of the functions since they are being processing in their entirety to get the length already.
If u have free time, welcom to contribute!
Reply With Quote