Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-28-2013, 20:53
eAGLe_eYe eAGLe_eYe is offline
Family
 
Join Date: Aug 2012
Posts: 113
Rept. Given: 8
Rept. Rcvd 54 Times in 12 Posts
Thanks Given: 6
Thanks Rcvd at 20 Times in 11 Posts
eAGLe_eYe Reputation: 54
Armadillo 8.6 unpacking problem

Hi,all friends

i have armadillo v8.6 packed application and packed protection option is below with Arma Info v0.96b
---------------------------------------------------------
* Scan Results *

Detected version: 8.60

* Compression Option *

Compression level: Best/Slowest

* Protection Options *

Standard Protection & Debug Blocker

Armadillo sections: 5

-> Name: .text1
-> Raw offset: 0x00002000
-> Raw size: 0x000A2000
-> Virtual address: 0x01044000
-> Virtual size: 0x000B0000
-> Characteristics: 0xE0000020

-> Name: .adata
-> Raw offset: 0x000A4000
-> Raw size: 0x0000D000
-> Virtual address: 0x010F4000
-> Virtual size: 0x00010000
-> Characteristics: 0xE0000020

-> Name: .data1
-> Raw offset: 0x000B1000
-> Raw size: 0x0001D000
-> Virtual address: 0x01104000
-> Virtual size: 0x00020000
-> Characteristics: 0xC0000040

-> Name: .reloc1
-> Raw offset: 0x000CE000
-> Raw size: 0x00009000
-> Virtual address: 0x01124000
-> Virtual size: 0x00010000
-> Characteristics: 0x42000040

-> Name: .pdata
-> Raw offset: 0x000D7000
-> Raw size: 0x00985000
-> Virtual address: 0x01134000
-> Virtual size: 0x00990000
-> Characteristics: 0xC0000040

Text section encrypted: No
Dword shuffling used: Yes
Number of dwords: 103
Real size of pdata: 0x0098499A
Compression type: zLib Level 9

Raw options value: 0x0083A852
Call exe OEP: 0x0146342A
Call dll OEP: 0x01461CA0
Nanomite handler: 0x0144DB1C
Offset to Security.dll: 0x00000012
Security.dll size: 0x00146000
Security.dll base: 0x10000000
CopyMem-II decrypt: 0x1006DC00
--------------------------------------------------------------
According to me (may be wrong ) OEP :014B0BCF
i did whole process for unpacking,while running dumped exe says :"Error while unpacking program,Code LP5, Please report to author."Can anyone explain where i wrong ?

Any help will be heartly appreciated.

Target link:
_http://download2.sqlmanager.net/download/ibmanager/ibmanager.zip

Best Regards,
eAGLe_eYe
Reply With Quote
  #2  
Old 02-28-2013, 23:43
Gmax Gmax is offline
VIP
 
Join Date: Mar 2012
Location: AoRe
Posts: 286
Rept. Given: 49
Rept. Rcvd 312 Times in 150 Posts
Thanks Given: 1
Thanks Rcvd at 92 Times in 57 Posts
Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399
I think It's easy just follow the way

1.Find OEP (DB0C6C)
2.Use OpenMutexA ===> for Debug-Blocker
3.use VirtualProtect ===> Magic JMP
4.dump
Reply With Quote
The Following User Gave Reputation+1 to Gmax For This Useful Post:
Dreamer (03-11-2013)
  #3  
Old 03-01-2013, 00:05
Gmax Gmax is offline
VIP
 
Join Date: Mar 2012
Location: AoRe
Posts: 286
Rept. Given: 49
Rept. Rcvd 312 Times in 150 Posts
Thanks Given: 1
Thanks Rcvd at 92 Times in 57 Posts
Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399
see this video
Ps :: If you like PM me to get you the file Unpacked
Attached Files
File Type: rar test.rar (1.02 MB, 59 views)
Reply With Quote
The Following User Gave Reputation+1 to Gmax For This Useful Post:
Dreamer (03-11-2013)
  #4  
Old 03-01-2013, 00:39
Gmax Gmax is offline
VIP
 
Join Date: Mar 2012
Location: AoRe
Posts: 286
Rept. Given: 49
Rept. Rcvd 312 Times in 150 Posts
Thanks Given: 1
Thanks Rcvd at 92 Times in 57 Posts
Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399
I'll do a little tut for you and I'll put it in the Tutorial section
Reply With Quote
The Following User Gave Reputation+1 to Gmax For This Useful Post:
Dreamer (03-11-2013)
  #5  
Old 03-01-2013, 01:02
eAGLe_eYe eAGLe_eYe is offline
Family
 
Join Date: Aug 2012
Posts: 113
Rept. Given: 8
Rept. Rcvd 54 Times in 12 Posts
Thanks Given: 6
Thanks Rcvd at 20 Times in 11 Posts
eAGLe_eYe Reputation: 54
Quote:
I'll do a little tut for you and I'll put it in the Tutorial section
@Gmax,
Thanks a lot friend and i hope for nice tuts.

Best Regards,
eAGLe_eYe
Reply With Quote
  #6  
Old 03-11-2013, 02:12
El Cid
 
Posts: n/a
"Error while unpacking program,Code LP5, Please report to author"

In my opinion, you get this message due to some forgotten BPs inside the code that Armadillo is unpacking. Delete (or disable) all BPs in that part of code and you must unpack without problems.

Regards

El Cid
Reply With Quote
  #7  
Old 03-11-2013, 02:38
eAGLe_eYe eAGLe_eYe is offline
Family
 
Join Date: Aug 2012
Posts: 113
Rept. Given: 8
Rept. Rcvd 54 Times in 12 Posts
Thanks Given: 6
Thanks Rcvd at 20 Times in 11 Posts
eAGLe_eYe Reputation: 54
Quote:
Originally Posted by El Cid View Post
"Error while unpacking program,Code LP5, Please report to author"

In my opinion, you get this message due to some forgotten BPs inside the code that Armadillo is unpacking. Delete (or disable) all BPs in that part of code and you must unpack without problems.

Regards

El Cid
No,error exist due to invalid IAT.
Reply With Quote
  #8  
Old 03-11-2013, 04:44
Gmax Gmax is offline
VIP
 
Join Date: Mar 2012
Location: AoRe
Posts: 286
Rept. Given: 49
Rept. Rcvd 312 Times in 150 Posts
Thanks Given: 1
Thanks Rcvd at 92 Times in 57 Posts
Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399 Gmax Reputation: 300-399
Quote:
Originally Posted by El Cid View Post
"Error while unpacking program,Code LP5, Please report to author"

In my opinion, you get this message due to some forgotten BPs inside the code that Armadillo is unpacking. Delete (or disable) all BPs in that part of code and you must unpack without problems.

Regards

El Cid
I have developed a lesson by perhaps good for you
look here
Reply With Quote
The Following User Gave Reputation+1 to Gmax For This Useful Post:
Dreamer (03-11-2013)
  #9  
Old 03-11-2013, 22:43
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
LP5 is a crc problem, usually this message is shown when you physically change the executable. As armadillo loads the target from disc and not from memory I don't think it's because of any set breakpoints or whatever (though I have to see this specific target to be sure).

Greetings
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Armadillo 4.44 problem SystemeD General Discussion 2 11-06-2006 18:03
Armadillo 3.75b Problem TmC General Discussion 5 12-20-2005 10:55
Unpacking problem Pompeyfan General Discussion 16 01-11-2004 19:40


All times are GMT +8. The time now is 15:51.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )