Exetools - Armadillo 8.6 unpacking problem

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - Armadillo 8.6 unpacking problem (https://forum.exetools.com/showthread.php?t=14841)

Armadillo 8.6 unpacking problem

Hi,all friends

i have armadillo v8.6 packed application and packed protection option is below with Arma Info v0.96b
---------------------------------------------------------
* Scan Results *

Detected version: 8.60

* Compression Option *

Compression level: Best/Slowest

* Protection Options *

Standard Protection & Debug Blocker

Armadillo sections: 5

-> Name: .text1
-> Raw offset: 0x00002000
-> Raw size: 0x000A2000
-> Virtual address: 0x01044000
-> Virtual size: 0x000B0000
-> Characteristics: 0xE0000020

-> Name: .adata
-> Raw offset: 0x000A4000
-> Raw size: 0x0000D000
-> Virtual address: 0x010F4000
-> Virtual size: 0x00010000
-> Characteristics: 0xE0000020

-> Name: .data1
-> Raw offset: 0x000B1000
-> Raw size: 0x0001D000
-> Virtual address: 0x01104000
-> Virtual size: 0x00020000
-> Characteristics: 0xC0000040

-> Name: .reloc1
-> Raw offset: 0x000CE000
-> Raw size: 0x00009000
-> Virtual address: 0x01124000
-> Virtual size: 0x00010000
-> Characteristics: 0x42000040

-> Name: .pdata
-> Raw offset: 0x000D7000
-> Raw size: 0x00985000
-> Virtual address: 0x01134000
-> Virtual size: 0x00990000
-> Characteristics: 0xC0000040

Text section encrypted: No
Dword shuffling used: Yes
Number of dwords: 103
Real size of pdata: 0x0098499A
Compression type: zLib Level 9

Raw options value: 0x0083A852
Call exe OEP: 0x0146342A
Call dll OEP: 0x01461CA0
Nanomite handler: 0x0144DB1C
Offset to Security.dll: 0x00000012
Security.dll size: 0x00146000
Security.dll base: 0x10000000
CopyMem-II decrypt: 0x1006DC00
--------------------------------------------------------------
According to me (may be wrong ) OEP :014B0BCF
i did whole process for unpacking,while running dumped exe says :"Error while unpacking program,Code LP5, Please report to author."Can anyone explain where i wrong ?

Any help will be heartly appreciated.

Target link:
_http://download2.sqlmanager.net/download/ibmanager/ibmanager.zip

Best Regards,
eAGLe_eYe

I think It's easy just follow the way

1.Find OEP (DB0C6C)
2.Use OpenMutexA ===> for Debug-Blocker
3.use VirtualProtect ===> Magic JMP
4.dump

see this video
Ps :: If you like PM me to get you the file Unpacked

I'll do a little tut for you and I'll put it in the Tutorial section

Quote:

I'll do a little tut for you and I'll put it in the Tutorial section

@Gmax,
Thanks a lot friend and i hope for nice tuts.

Best Regards,
eAGLe_eYe

"Error while unpacking program,Code LP5, Please report to author"

In my opinion, you get this message due to some forgotten BPs inside the code that Armadillo is unpacking. Delete (or disable) all BPs in that part of code and you must unpack without problems.

Regards

El Cid

Quote:

Originally Posted by El Cid (Post 83263)

No,error exist due to invalid IAT.

Quote:

Originally Posted by El Cid (Post 83263)

I have developed a lesson by perhaps good for you
look here

LP5 is a crc problem, usually this message is shown when you physically change the executable. As armadillo loads the target from disc and not from memory I don't think it's because of any set breakpoints or whatever (though I have to see this specific target to be sure).

Greetings