Thread: Armadillo 3.75b Problem
View Single Post
  #1  
Old 12-19-2005, 08:58
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
Armadillo 3.75b Problem
Hi,
I have a problem with an armadillo target.

Link: dillo://www.moonlight-software.com/vbpower4-trial.exe

The software is called vb power wrap (it doesn't matter what it does now...) and it is protected with Armadillo 3.75b.

I don't know the settings.

I tried all the olly scripts, all tutorials but there isn't one that fits this case.

I set breakpoints on WriteProcessMemory and WaitForDebugEvent and Olly never breaks.

I Succesfully managed to detach parent from son and i replaced the jmp with original bytes (558B). If i now proceed with bp on CreateThread a msg box pops up saying "The Main thread has been suspensed. Please resuma main thread" or something like that.

Has anyone hints on how to proceed or can give me a good tutorial to follow or script, or simply suggest a way?

Repeat, i don't know the settings, it seems to be Standard+Debug Blocker. (No Nanomites(If i do cc search nothing comes out) don't think iat elimination, maybe code splicing and maybe memory patching options.

Thanks in advance
Reply With Quote