Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page OllyDbg Script for Armadillo Standard 3.xx-4.xx - Full IAT Red. fix
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-26-2006, 20:38
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
  
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 50
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
Quote:
Originally Posted by codeX
Good work.
Is it gonna work on the detached child process??
yeah, as I tested, it worked for them.


Quote:
Originally Posted by DappA
I've only managed to test this on a Notepad protected Armadillo 4.40 custom with IAT elimination and copymemII. Didnt seem to work.
I tested the attched file at this address, a tut from fly [CUG] for Armadillo standard 4.0-4.40, and my Ollydbg hanged !

http://forum.exetools.com/showthread.php?t=8457

I couldn't solve the problem on my WinXP SP1 !

Can you attach your packed notepad.exe?
Did you test script on detached child process or on father process?

But thanks, I chaned patching routine to your method (previous method is working too !)


Script is updated. Download it from first post
Last edited by Newbie_Cracker; 01-27-2006 at 02:40.
Reply With Quote
  #2  
Old 01-27-2006, 21:22
fly [CUG]'s Avatar
fly [CUG] fly [CUG] is offline
UpK
  
Join Date: Jul 2004
Location: һ������
Posts: 153
Rept. Given: 3
Rept. Rcvd 3 Times in 1 Post
Thanks Given: 5
Thanks Rcvd at 3 Times in 2 Posts
fly [CUG] Reputation: 3
Arrow Armadillo V4.0-V4.4.Standard.Protection UnPacK Script
Quote:
Originally Posted by newbie_cracker
I tested the attched file at this address, a tut from fly [CUG] for Armadillo standard 4.0-4.40, and my Ollydbg hanged !
http://forum.exetools.com/showthread.php?t=8457
I couldn't solve the problem on my WinXP SP1 !
It's Only for Armadillo V4.0-V4.4 Standard Only and Standard plus Debug Blocker Protection.
__________________

UpK
һ�����ꡭ����ƽ��!
http://www.unpack.cn
Reply With Quote
  #3  
Old 01-28-2006, 03:39
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
  
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 50
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
Finally I fixed it. But I was compelled to remove logging of import addresses. Doing manual steps, as in first script, is only solution to log the addresses. Logging is necessary in case of CopyMem-II & Import Elimination.

Now it's compatible with all versions of Armadillo (as I tested).

As I see, logging and stopping at oep is not possible in Arma 4.4 by using current version of script plugins. Only one of them is applicable !
Maybe there is a little bug in OllyScript and ODBGScript.
Stepping the script using ODBGScript window, gives a fully working script, but running it, causes troubles !

I've a question :
Logging import addresses is more important, or stopping at OEP?
If first, I can change script to stop after fixing and logging imports, then user should put bp on CreateThread and find CALL OEP, manually, or use a 2nd script.

Which one is better?

PS:
I devided first script in two scripts :
1- Import Redirection Fixer
2- OEP Finder

They work perfect !
Last edited by Newbie_Cracker; 01-28-2006 at 05:56.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 19:58.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )