#1
|
|||
|
|||
Armadillo 3.75b Problem
Hi,
I have a problem with an armadillo target. Link: dillo://www.moonlight-software.com/vbpower4-trial.exe The software is called vb power wrap (it doesn't matter what it does now...) and it is protected with Armadillo 3.75b. I don't know the settings. I tried all the olly scripts, all tutorials but there isn't one that fits this case. I set breakpoints on WriteProcessMemory and WaitForDebugEvent and Olly never breaks. I Succesfully managed to detach parent from son and i replaced the jmp with original bytes (558B). If i now proceed with bp on CreateThread a msg box pops up saying "The Main thread has been suspensed. Please resuma main thread" or something like that. Has anyone hints on how to proceed or can give me a good tutorial to follow or script, or simply suggest a way? Repeat, i don't know the settings, it seems to be Standard+Debug Blocker. (No Nanomites(If i do cc search nothing comes out) don't think iat elimination, maybe code splicing and maybe memory patching options. Thanks in advance |
#2
|
|||
|
|||
try createmutex
|
#3
|
||||
|
||||
Code Splicing + Import Table Elimination + Nanomites
__________________
UpK һ�����ꡭ����ƽ��! http://www.unpack.cn |
#4
|
|||
|
|||
yeah this one is funny..
its very easy to uinpack it, fix everything, but when i tried to fix nanomites.. all of a sudden the exe doesnt run... it just starts then quits.. if i leave the nanomites.. i get the 800000003 error... but it runs.. if i even fix just one nanomite... it quits... never seen them act like that before.. |
#5
|
|||
|
|||
They all seem to behave funny.
I succesfully unpacked this other target by moonlight software. WebCrypt v5. The program runs and i thinks it does not have nanomites because on my xp sp2 runs like a charm. The only thing left to crack is the annoying javascript msgbox that pops up because the program looks for registration and does not find anything. If i disassemble the executable i look for the string and i find at 004aa3c6 the jne that calls the function. of I nop the 7569 (9090) nothing happens and the messagebox is still presented. If I delete the string from the executable the crypted page is not displayed. Piracy Detection trick? Back to Powerwrap: Unpacked succesfully and iat fixed. If i fix nanomites program displays and quits? :| Someone have ideas? Vbowatch: fixed nanomites, i load an executable to be crypted and for every executable it says "pe format error" or similar? Anticracking tricks? I attach the 3 executables...maybe someone more expert than me can explain me the solution. Please if you can also explain what you did or what should I do, as i'm not looking for a ready to run solution but i want to learn more in cracking skills. |
#6
|
||||
|
||||
VB-PowerWrap.V4.1.UnPacKed
Quote:
__________________
UpK һ�����ꡭ����ƽ��! http://www.unpack.cn |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Armadillo 8.6 unpacking problem | eAGLe_eYe | General Discussion | 8 | 03-11-2013 22:43 |
Armadillo 4.44 problem | SystemeD | General Discussion | 2 | 11-06-2006 18:03 |
Hide DS2.7 with Armadillo >3.xx Problem | peek | General Discussion | 8 | 03-11-2004 02:14 |