View Single Post
Old 10-23-2019, 05:28
gigaman gigaman is offline
Join Date: Jun 2002
Posts: 86
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 14 Times in 11 Posts
gigaman Reputation: 4
Originally Posted by zeffy View Post
Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented.
If that happened, you could just change the polynomial here (e.g. change CRC32 to CRC32c) and the CRC check would work again...
Reply With Quote
The Following User Says Thank You to gigaman For This Useful Post:
Lueilwitz (10-30-2019)