hmmm...

[D-Jester]

So I see....

There is now an official Exetools team now; Grats to the people of the new elite group.

But why (and maybe PM'ing JMI would have been easier) is the Off Topic forum password protected?

[JMI]

I was not aware that it was. Maybe Aaron did it while he was creating the ExeTools Team forum, either on purpose or by accident.

I'll try to check it out tomorrow.

Regards,

[ahmadmansoor]

Quote:

Originally Posted by D-Jester

So I see....

There is now an official Exetools team now; Grats to the people of the new elite group.

@D-Jester : u will won a prize . for this inf ....anyway wait and watch and u will be surprise .

[D-Jester]

Quote:

Originally Posted by ahmadmansoor

@D-Jester : u will won a prize . for this inf ....anyway wait and watch and u will be surprise .

prizes are always welcome , lol

You been looking at armadillo 6 yet?
I started playing with it last night, good stuff.
Doesn't like my Olly, so I'm back to using Softice in VMWare
Looks like I need to catchup a bit.
Last version I played with was 4.x, back when nanomites/code splicing were the shit.

Does anyone know what the heck happened to Olly 2.x? I saw an alpha preview but nothing else in like 2yrs.

[Archer]

Olly is developing very slowly. Just several betas were released.
I've been looking at Armadillo 6. Nothing changed from 4, just several useless options like random section names for some reason available only in custon build and GetWindowText against some tools, nothing more.

[D-Jester]

Armadillo 6.04 Public

My Observations so far:
JMP <ModuleEntrypoint> patch (EB FE) doesn't make it to the child process from the first WriteProcessMemory call.

My custom spin on the DebugActiveProcessStop patch now causes a crash

Code:

PUSH %PID%
CALL DEBUGACTIVEPROCESSSTOP
JMP EIP <-- CAUSES WINDOWS TO DUMP ARMADILLO MEMORY VIA WATSON

Haven't actually made it into the child process yet, back to the tutorials.