Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page New OllyDbg detection by Armadillo?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #2  
Old 07-05-2005, 11:14
Maltese
 
Posts: n/a
I was able to get the new 2.11 version to run properly within Olly.

If I used the OllyScript I had to finding the Arm OEP, the program would not work properly within Olly.

If I used the manual bp CreateThread method to find the CALL ECX then I was able to get the the OEP. This time around all routines worked as expected within Olly.

So I modified the TEAM RES script to allow it to work with my application. You may want to try it.

Also I found that using the bp Virtual Protect method is not working this time around. There are actually 17 occurances of PUSH 14 all at the same address. If I follow the code below the PUSH 100 and bp on the next CALL... then step into the CALL and place a RETN... then SHIFT+F9... the program runs then terminates.

Any ideas?
Attached Files
File Type: txt Armadillo.Standard_RES_Modified.txt (827 Bytes, 39 views)
Last edited by Maltese; 07-05-2005 at 11:39.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to disable VM detection? te$ter General Discussion 3 05-16-2015 17:06
OllyDbg Script for Armadillo Standard 3.xx-4.xx - Full IAT Red. fix Newbie_Cracker General Discussion 14 01-29-2006 20:40
Unseen Debugger Detection (Ollydbg) Peter[Pan] General Discussion 27 10-17-2005 09:34


All times are GMT +8. The time now is 19:41.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )