#1
|
|||
|
|||
Armadillo 8.6 unpacking problem
Hi,all friends
i have armadillo v8.6 packed application and packed protection option is below with Arma Info v0.96b --------------------------------------------------------- * Scan Results * Detected version: 8.60 * Compression Option * Compression level: Best/Slowest * Protection Options * Standard Protection & Debug Blocker Armadillo sections: 5 -> Name: .text1 -> Raw offset: 0x00002000 -> Raw size: 0x000A2000 -> Virtual address: 0x01044000 -> Virtual size: 0x000B0000 -> Characteristics: 0xE0000020 -> Name: .adata -> Raw offset: 0x000A4000 -> Raw size: 0x0000D000 -> Virtual address: 0x010F4000 -> Virtual size: 0x00010000 -> Characteristics: 0xE0000020 -> Name: .data1 -> Raw offset: 0x000B1000 -> Raw size: 0x0001D000 -> Virtual address: 0x01104000 -> Virtual size: 0x00020000 -> Characteristics: 0xC0000040 -> Name: .reloc1 -> Raw offset: 0x000CE000 -> Raw size: 0x00009000 -> Virtual address: 0x01124000 -> Virtual size: 0x00010000 -> Characteristics: 0x42000040 -> Name: .pdata -> Raw offset: 0x000D7000 -> Raw size: 0x00985000 -> Virtual address: 0x01134000 -> Virtual size: 0x00990000 -> Characteristics: 0xC0000040 Text section encrypted: No Dword shuffling used: Yes Number of dwords: 103 Real size of pdata: 0x0098499A Compression type: zLib Level 9 Raw options value: 0x0083A852 Call exe OEP: 0x0146342A Call dll OEP: 0x01461CA0 Nanomite handler: 0x0144DB1C Offset to Security.dll: 0x00000012 Security.dll size: 0x00146000 Security.dll base: 0x10000000 CopyMem-II decrypt: 0x1006DC00 -------------------------------------------------------------- According to me (may be wrong ) OEP :014B0BCF i did whole process for unpacking,while running dumped exe says :"Error while unpacking program,Code LP5, Please report to author."Can anyone explain where i wrong ? Any help will be heartly appreciated. Target link: _http://download2.sqlmanager.net/download/ibmanager/ibmanager.zip Best Regards, eAGLe_eYe |
#2
|
|||
|
|||
I think It's easy just follow the way
1.Find OEP (DB0C6C) 2.Use OpenMutexA ===> for Debug-Blocker 3.use VirtualProtect ===> Magic JMP 4.dump |
The Following User Gave Reputation+1 to Gmax For This Useful Post: | ||
Dreamer (03-11-2013) |
#3
|
|||
|
|||
see this video
Ps :: If you like PM me to get you the file Unpacked |
The Following User Gave Reputation+1 to Gmax For This Useful Post: | ||
Dreamer (03-11-2013) |
#4
|
|||
|
|||
I'll do a little tut for you and I'll put it in the Tutorial section
|
The Following User Gave Reputation+1 to Gmax For This Useful Post: | ||
Dreamer (03-11-2013) |
#5
|
|||
|
|||
Quote:
Thanks a lot friend and i hope for nice tuts. Best Regards, eAGLe_eYe |
#6
|
|||
|
|||
"Error while unpacking program,Code LP5, Please report to author"
In my opinion, you get this message due to some forgotten BPs inside the code that Armadillo is unpacking. Delete (or disable) all BPs in that part of code and you must unpack without problems. Regards El Cid |
#7
|
|||
|
|||
Quote:
|
#8
|
|||
|
|||
Quote:
look here |
The Following User Gave Reputation+1 to Gmax For This Useful Post: | ||
Dreamer (03-11-2013) |
#9
|
|||
|
|||
LP5 is a crc problem, usually this message is shown when you physically change the executable. As armadillo loads the target from disc and not from memory I don't think it's because of any set breakpoints or whatever (though I have to see this specific target to be sure).
Greetings |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Armadillo 4.44 problem | SystemeD | General Discussion | 2 | 11-06-2006 18:03 |
Armadillo 3.75b Problem | TmC | General Discussion | 5 | 12-20-2005 10:55 |
Unpacking problem | Pompeyfan | General Discussion | 16 | 01-11-2004 19:40 |