Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Another custom make Armadillo Ware
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-29-2005, 17:14
Gods
 
Posts: n/a
Cool Another custom make Armadillo Ware
Hi all,

I'm new member, thanks to Aaron.
Sorry for my broken english.
I have some problem to figure out how to break this seem to be unknow version pack from custom make Armadillo Atrex v11. This is a good inventory that support serialise item and barcode. I have been using is long time ago. now its version 11 have some improvement. Its so hard to unpack and it has some dll in windows\system32 to decrypt code. Some one have been crack version 9 of it but after version 10, if you use keygen, it will detect and lock it self if network use. Anyone could come out a solution or tutorial how unlock it. I would like to learn more...

Another good accounting software from Malaysia UBS Accounting v9 are using hardlock. Its new version using USB drive lock. This also hard to me. Anyone can give me a clue are welcome.
Reply With Quote
  #2  
Old 01-29-2005, 18:02
pid
 
Posts: n/a
Hi Gods, you should use PEiD to detect what are the packers of your applications. As I know UBS Accounting v9 is used Smart Lock dongle. If you can read RU, visit dongle.ru to get more help.
Reply With Quote
  #3  
Old 01-30-2005, 01:17
aliali aliali is offline
Friend
  
Join Date: Jan 2002
Posts: 61
Rept. Given: 4
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 15 Times in 8 Posts
aliali Reputation: 8
Hi Gods,

If yo need some help about Atrex v11 or v10 you can PM me. I already make a working serial for v10 and v11.
Reply With Quote
  #4  
Old 01-31-2005, 00:56
Gods
 
Posts: n/a
Me again, I have try with PEiD found Armadillo 1.xx - 2.xx, and Stud_PE found Armadillo 2.5x - 2.6x, then I used ollyDbg 1.10 with hidedebuger open Atrex32.exe v11.02, dump child process with ollydump. I now get all the code at 00401000 but the OEP still point to 009916E3.

009916E3 >/$ 55 PUSH EBP
009916E4 |. 8BEC MOV EBP,ESP
009916E6 |. 6A FF PUSH -1
009916E8 |. 68 20BB9B00 PUSH dumped.009BBB20
009916ED |. 68 20149900 PUSH dumped.00991420 ; SE handler installation
009916F2 |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
009916F8 |. 50 PUSH EAX
009916F9 |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00991700 |. 83EC 58 SUB ESP,58
00991703 |. 53 PUSH EBX
00991704 |. 56 PUSH ESI
00991705 |. 57 PUSH EDI
00991706 |. 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP
00991709 |. FF15 88619B00 CALL DWORD PTR DS:[<&KERNEL32.GetVersion>; kernel32.GetVersion
0099170F |. 33D2 XOR EDX,EDX
00991711 |. 8AD4 MOV DL,AH
00991713 |. 8915 A4D19B00 MOV DWORD PTR DS:[9BD1A4],EDX
00991719 |. 8BC8 MOV ECX,EAX
0099171B |. 81E1 FF000000 AND ECX,0FF
00991721 |. 890D A0D19B00 MOV DWORD PTR DS:[9BD1A0],ECX
00991727 |. C1E1 08 SHL ECX,8
0099172A |. 03CA ADD ECX,EDX
0099172C |. 890D 9CD19B00 MOV DWORD PTR DS:[9BD19C],ECX
00991732 |. C1E8 10 SHR EAX,10
00991735 |. A3 98D19B00 MOV DWORD PTR DS:[9BD198],EAX
0099173A |. 33F6 XOR ESI,ESI
0099173C |. 56 PUSH ESI
0099173D |. E8 78160000 CALL dumped.00992DBA
00991742 |. 59 POP ECX
00991743 |. 85C0 TEST EAX,EAX
00991745 |. 75 08 JNZ SHORT dumped.0099174F
00991747 |. 6A 1C PUSH 1C
00991749 |. E8 B0000000 CALL dumped.009917FE
0099174E |. 59 POP ECX
0099174F |> 8975 FC MOV DWORD PTR SS:[EBP-4],ESI
00991752 |. E8 43130000 CALL dumped.00992A9A
00991757 |. FF15 8C609B00 CALL DWORD PTR DS:[<&KERNEL32.GetCommand>; [GetCommandLineA
0099175D |. A3 A4E79B00 MOV DWORD PTR DS:[9BE7A4],EAX
00991762 |. E8 01120000 CALL dumped.00992968
00991767 |. A3 F8D19B00 MOV DWORD PTR DS:[9BD1F8],EAX
0099176C |. E8 AA0F0000 CALL dumped.0099271B
00991771 |. E8 EC0E0000 CALL dumped.00992662
00991776 |. E8 2DFAFFFF CALL dumped.009911A8
0099177B |. 8975 D0 MOV DWORD PTR SS:[EBP-30],ESI
0099177E |. 8D45 A4 LEA EAX,DWORD PTR SS:[EBP-5C]
00991781 |. 50 PUSH EAX ; /pStartupinfo
00991782 |. FF15 90609B00 CALL DWORD PTR DS:[<&KERNEL32.GetStartup>; \GetStartupInfoA
00991788 |. E8 7D0E0000 CALL dumped.0099260A
0099178D |. 8945 9C MOV DWORD PTR SS:[EBP-64],EAX
00991790 |. F645 D0 01 TEST BYTE PTR SS:[EBP-30],1
00991794 |. 74 06 JE SHORT dumped.0099179C
00991796 |. 0FB745 D4 MOVZX EAX,WORD PTR SS:[EBP-2C]
0099179A |. EB 03 JMP SHORT dumped.0099179F
0099179C |> 6A 0A PUSH 0A
0099179E |. 58 POP EAX
0099179F |> 50 PUSH EAX ; /Arg4
009917A0 |. FF75 9C PUSH DWORD PTR SS:[EBP-64] ; |Arg3
009917A3 |. 56 PUSH ESI ; |Arg2
009917A4 |. 56 PUSH ESI ; |/pModule
009917A5 |. FF15 4C609B00 CALL DWORD PTR DS:[<&KERNEL32.GetModuleH>; |\GetModuleHandleA
009917AB |. 50 PUSH EAX ; |Arg1
009917AC |. E8 7FC7FEFF CALL dumped.0097DF30 ; \dumped.0097DF30
009917B1 |. 8945 A0 MOV DWORD PTR SS:[EBP-60],EAX
009917B4 |. 50 PUSH EAX
009917B5 |. E8 1BFAFFFF CALL dumped.009911D5
009917BA |. 8B45 EC MOV EAX,DWORD PTR SS:[EBP-14]
009917BD |. 8B08 MOV ECX,DWORD PTR DS:[EAX]
009917BF |. 8B09 MOV ECX,DWORD PTR DS:[ECX]
009917C1 |. 894D 98 MOV DWORD PTR SS:[EBP-68],ECX
009917C4 |. 50 PUSH EAX
009917C5 |. 51 PUSH ECX
009917C6 |. E8 BB0C0000 CALL dumped.00992486
009917CB |. 59 POP ECX
009917CC |. 59 POP ECX
009917CD \. C3 RETN

The Register Dialog are inside somewhere .CODE 00439E00 .... can't find the real OEP and can't trace the Register Dialog running. Help me please.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Armadillo 2.85 Custom + CopyMem & Nanomites TmC General Discussion 16 01-08-2005 10:46


All times are GMT +8. The time now is 18:32.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )