Hello!

Got some problems with an Armadillo 3.76 target.

I successfully detach the child process, attach a new OllyDbg to it and patch the EP bytes from JMP EIP to the original ones. But then I really don't know what to do. Breakpoint on CreateThread gets me nowhere.

If I try the old method (setting a mem breakpoint on the code section and running) it breaks somewhere that is NOT OEP.

When I don't do anything (just patch in the original bytes and run passing exceptions back to program) the program terminates! I guess it somehow detects it's not attached to the parent process anymore... (?)

Can someone please give me some tips?

PS Of course I've read the tuts (by ricardo and mephisto), but those are for older versions and doesn't seem to work anymore?