It is important that you understand the PE file structure and how various compilers PE headers are constructed.

This problem ONLY arises with MSVC compiled programs. And yes, setting .rdata section permissions to 40000040 (read only) is the proper fix for it.

When using upx to unpack, you see it rebuilds the original PE header. Well some common sense tells you that the header must be stored in the packed file somewhere, and in fact it is. Almost always at the end of UPX1 section (search .text or CODE).

Armadillo does not really trash the sections too bad, just the names in newer builds (if the option is checked) and is quite easy to tell by the amount of section and looking at the code a bit weather it's MSVC, VB, Delphi, Watcom etc...

After knowing PE file format and looking on enough headers, you can rebuild the proper header structure and permissions within minutes. =] I recommend Goppit's PE file format tutorial if you have not read it.

You can rebuild the PE header even from tough things, like Themida protected apps with a little knowledge and being able to identify regions of memory by either looking at them in memory window of your debugger , or just looking with your favorite hex editor. It's a nice skill to have and recommend everyone spend some time learning how to properly rebuild a PE. It will make your dumps smaller and cleaner, as well function properly if things like floating point are used. =]

Cheers