Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page More Armadillo - import reconstruction
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #5  
Old 05-29-2005, 13:42
gabri3l's Avatar
gabri3l gabri3l is offline
Parity Error 0x0FF2131D
  
Join Date: Aug 2003
Location: Eastern Shore
Posts: 118
Rept. Given: 0
Rept. Rcvd 5 Times in 1 Post
Thanks Given: 8
Thanks Rcvd at 21 Times in 10 Posts
gabri3l Reputation: 5
To make the process run in one single Olly process you set a BP on all calls to OpenMutexA. There will be 2 of them when you break on the Call you will see a JNZ or some sort of conditional jump below the call. Reverse the conditional jump and run the program again. Do the same for the 2nd OpenMutexA call. But before pressing RUN while at that BP set your breakpoint on CreateThread and continue unpacking.
Usually the only problem you will face is if it is using nanomites. Then you will get INT3 violations using this trick.
__________________
-=RETIRED=--=http://cracking.accessroot.com=--=RETIRED=-
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Import Rebuilding Without Import Table Kerlingen General Discussion 11 01-13-2005 10:24
Armadillo Import Elimination Eggi General Discussion 2 09-27-2004 02:02


All times are GMT +8. The time now is 23:59.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )