Armadillo 3.75b Problem
Hi,
I have a problem with an armadillo target. Link: dillo://www.moonlight-software.com/vbpower4-trial.exe The software is called vb power wrap (it doesn't matter what it does now...) and it is protected with Armadillo 3.75b. I don't know the settings. I tried all the olly scripts, all tutorials but there isn't one that fits this case. I set breakpoints on WriteProcessMemory and WaitForDebugEvent and Olly never breaks. I Succesfully managed to detach parent from son and i replaced the jmp with original bytes (558B). If i now proceed with bp on CreateThread a msg box pops up saying "The Main thread has been suspensed. Please resuma main thread" or something like that. Has anyone hints on how to proceed or can give me a good tutorial to follow or script, or simply suggest a way? Repeat, i don't know the settings, it seems to be Standard+Debug Blocker. (No Nanomites(If i do cc search nothing comes out) don't think iat elimination, maybe code splicing and maybe memory patching options. Thanks in advance |
try createmutex
|
Code Splicing + Import Table Elimination + Nanomites
|
yeah this one is funny..
its very easy to uinpack it, fix everything, but when i tried to fix nanomites.. all of a sudden the exe doesnt run... it just starts then quits.. if i leave the nanomites.. i get the 800000003 error... but it runs.. if i even fix just one nanomite... it quits... never seen them act like that before.. |
3 Attachment(s)
They all seem to behave funny.
I succesfully unpacked this other target by moonlight software. WebCrypt v5. The program runs and i thinks it does not have nanomites because on my xp sp2 runs like a charm. The only thing left to crack is the annoying javascript msgbox that pops up because the program looks for registration and does not find anything. If i disassemble the executable i look for the string and i find at 004aa3c6 the jne that calls the function. of I nop the 7569 (9090) nothing happens and the messagebox is still presented. If I delete the string from the executable the crypted page is not displayed. Piracy Detection trick? Back to Powerwrap: Unpacked succesfully and iat fixed. If i fix nanomites program displays and quits? :| Someone have ideas? Vbowatch: fixed nanomites, i load an executable to be crypted and for every executable it says "pe format error" or similar? Anticracking tricks? I attach the 3 executables...maybe someone more expert than me can explain me the solution. Please if you can also explain what you did or what should I do, as i'm not looking for a ready to run solution but i want to learn more in cracking skills. |
VB-PowerWrap.V4.1.UnPacKed
1 Attachment(s)
Quote:
|
All times are GMT +8. The time now is 21:49. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX