Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Request for EZCD x86 unpack Tutorial
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 10-24-2017, 19:29
TechLord TechLord is offline
Banned User
  
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 759
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Smile
Quote:
Originally Posted by wilson bibe View Post
What the problem in crack an app commercial or not?. ......
I just think that its better that when topics of bypassing protections in a commercial app are discussed, its better to do so in private sub-sections of the forum rather than in a thread thats visible to everyone on the internet including non-members of the forum.

If I google "Armadillo unpacking 9.64" , this thead is shown among the top 5 hits.

Nothing wrong @Wilson Bibe - till the author of the author decides to sue you for the damages, if they can trace out your "real" identity.That's why I say that these things should be done privately ...

I hope that this thread can be moved to a private sub-section of the forum. Thats all

P.S : Just to avoid any members saying that I am unable to recover the scrambled imports, I'd posted that screenshot showing that was able to recover all the imports without issues.

No super-powers needed for that
  #2  
Old 10-25-2017, 14:51
Benten Benten is offline
Friend
  
Join Date: Sep 2017
Location: Oh that's personal stuff, Don't want MI6 at my Mom's face
Posts: 24
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 12
Thanks Rcvd at 13 Times in 9 Posts
Benten Reputation: 3
@TechLord:

Did you do the "Junk Marking", to see the decrypted code and disable emulation or is there an easy way?

I get to see where the Security.Dll (I think its the security dll, cause if I disable the writes JE/alloc it will say can't allocate Dll error) is loaded, what loads it and stuff, also I got to see where the decrypted code gets written for the first time. But I couldn't find the second Junk marker. Still trying... and its frustrating..

Also I've tried using UIF, and my manual splicing fix still works, then attached the memory regions missing(like the one I believe is the Security Dll and the one with size 0E6000H) but the dump crashes. I thing I am missing the API redirection/emulation Fix. I wish I could put all of this in a video.

Quote:
I wish I had 10 Rept., still can't get GIV script v0.2. Please share that attachment link if someone has it already.
[Update]
Got past the second Junk Marker its actually a Call that decrypts the code pages,

I believe I am at the Import Redirection itself, need help now.


Code:
So here is a video, check it out.. 
I am getting almost 740 api's but still can't get the dump working.

Video

Oh I missed it, the error I get is "Out of Memory"
Come on Guys, its about time, someone helped me...
Regards,
Ben
Last edited by Benten; 10-27-2017 at 19:18.
  #3  
Old 10-28-2017, 03:29
Benten Benten is offline
Friend
  
Join Date: Sep 2017
Location: Oh that's personal stuff, Don't want MI6 at my Mom's face
Posts: 24
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 12
Thanks Rcvd at 13 Times in 9 Posts
Benten Reputation: 3
@TechLord,where you at I need help man... still waiting for that tut
Closed Thread

Tags
armadillo, armadillo unpacking, import elimination, tutorial request

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 12:17.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )