TwMS v1.49.2_MSCRCBypass

//TwMS v149.2_MSCRCBypass
[Enable]
Alloc(MSCRCBypass, 512)
Alloc(FakeDump, 10047488)
Label(BackToMS)
Label(MSCRCCrack)
Label(BackToCrack)
Label(MSmemcpy)
Label(StartHook)
Label(Title)
Label(SuccessMsg)
CreateThread(MSmemcpy)

MSCRCBypass:
Cmp  Ecx, 00401000
Jnge BackToMS
Cmp  Ecx, 00B2B000
Jnl  BackToMS
Sub  Ecx, 00401000
Add  Ecx, FakeDump
BackToMS:
Xor  Edx,Edx
Mov  Ebx,[Ebp+08]
Push 00A2C3AF+5
Ret

MSCRCCrack:
Cmp  Edx, 00401000
Jnge BackToCrack
Cmp  Edx, 00B2B000
Jnl  BackToCrack
Sub  Edx, 00401000
Add  Edx, FakeDump
BackToCrack:
Push [Edx]
Push 00EFACB5
Ret

MSmemcpy:
cld
        mov  edi, FakeDump
        mov  esi, 00401000
        mov  ecx, 00265400
        repe movsd

StartHook:
Mov  Eax, 00A2C3AF //33 d2 8b 5d 08 8a 11
        lea  ebx, [eax+05] //The Target Address - The Next Address
        sub  ebx, MSCRCBypass
        neg  ebx
        mov  byte ptr [eax], e9 //jmp
mov  [eax+01], ebx //Target AOB

Mov  Eax, 00F05239 //e9 ?? ?? ff ff ff 32 e9 ?? ?? ff ff +5
        lea  ebx, [eax+05] //The Target Address - The Next Address
        sub  ebx, MSCRCCrack
        neg  ebx
        mov  byte ptr [eax], e9 //jmp
        mov  [eax+01], ebx //Target AOB

        push  40 //MB_ICONINFORMATION
        push  Title
        push  SuccessMsg
        push  00
        call  MessageBoxA
        ret

Title:
        db      'MSCRC Bypass' 00
SuccessMsg:
        db      'Anti-MSCRC-Check Init Successfully!' 00
[Disable]