Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-13-2005, 17:57
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
LordPE Problem

Hi, it is a stupid question, but I can't see Armadilled processes with LordPE on XP (SP2). I can see loads of processes but when i need to dump with LordPE like in this tutorial (Unpacking_Armadillo_v4.x_With_PE_Header_Trick.rar_by_MaDMAn_H3rCuL3s.rar) i can't see the process, so i can't dump it.

I followed the tutorial and everything is like described, except that when i go to fix the imports with imprec and click on fix dump, it says "Not enough space, can't add new section").

I think this is because i dumped it with olly dump.
With procdump it crashes.

Does anyone know solutions for this issue?
Reply With Quote
  #2  
Old 09-13-2005, 18:49
Unforgiv3N's Avatar
Unforgiv3N Unforgiv3N is offline
Friend
 
Join Date: Aug 2005
Posts: 172
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
Unforgiv3N Reputation: 0
Do a Test with Armadillo Dumper v1.0 or ArmInline v0.1

you can find them in Forum's Postz or Crackers Kit 2.0
Code:
http://exetools.com/forum/showthread.php?t=8037

Last edited by Unforgiv3N; 09-13-2005 at 18:52.
Reply With Quote
  #3  
Old 09-13-2005, 18:51
Frequency
 
Posts: n/a
hi,
yeah you get that error with ollydump. This might be a dumb question, you have the newest lord-pe? Also did you try with wark?
Reply With Quote
  #4  
Old 09-13-2005, 18:58
hosiminh hosiminh is offline
Friend
 
Join Date: Aug 2004
Posts: 203
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
hosiminh Reputation: 1
I never had any of your problems , i use LordPE Deluxe.

Try with downloading new LordPE zip archive from official site.

Are you loged as admin ?

Can you see armadillo processes within Ollydbg (menu File -> Attach) ?
Can you see armadillo processes in any other Dumping tool ?
Ollydbg plugin IsdebugPresent has some tiny dumper too.

You can dump with ImpRec too (1st attach to process)
Right click -> Advanced commands -> Select code section

, with PEditor 1.7 by yoda or PE Tools v1.5 [hxxp://www.uinc.ru/files/neox/PE_Tools.shtml ]

Quote:
"Not enough space, can't add new section"
Well , wipe armadillo EP section out of dumped file , rebuild , then use Imprec.

Last edited by hosiminh; 09-13-2005 at 19:04.
Reply With Quote
  #5  
Old 09-13-2005, 21:52
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by Frequency
hi,
yeah you get that error with ollydump. This might be a dumb question, you have the newest lord-pe? Also did you try with wark?
I downloaded the newest lordpe from the site but it is the same.
Reply With Quote
  #6  
Old 09-13-2005, 21:55
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by hosiminh
I never had any of your problems , i use LordPE Deluxe.

Try with downloading new LordPE zip archive from official site.
Done, same problem

Quote:
Originally Posted by hosiminh
Are you loged as admin ?
Yes

Quote:
Originally Posted by hosiminh
Can you see armadillo processes within Ollydbg (menu File -> Attach) ?
Can you see armadillo processes in any other Dumping tool ?
Ollydbg plugin IsdebugPresent has some tiny dumper too.
Yes i can, i succesfully detatched father/son of other protected programs with olly and it sees everything.

Procdump can see the process but it crash when dumping.

Quote:
Originally Posted by hosiminh
You can dump with ImpRec too (1st attach to process)
Right click -> Advanced commands -> Select code section

, with PEditor 1.7 by yoda or PE Tools v1.5 [hxxp://www.uinc.ru/files/neox/PE_Tools.shtml ]


Well , wipe armadillo EP section out of dumped file , rebuild , then use Imprec.
I will try, but it is realy odd that lordpe doesn't work
Reply With Quote
  #7  
Old 09-13-2005, 22:16
Nacho_dj's Avatar
Nacho_dj Nacho_dj is offline
Lo*eXeTools*rd
 
Join Date: Mar 2005
Posts: 207
Rept. Given: 14
Rept. Rcvd 179 Times in 34 Posts
Thanks Given: 44
Thanks Rcvd at 134 Times in 40 Posts
Nacho_dj Reputation: 100-199 Nacho_dj Reputation: 100-199
Hello!

Do you understand spanish?

If so, try this one (very good process dumper):

hxxp://www.terra.es/personal/guillet/archivos/pupe2002.zip


Good luck

Nacho_dj
Reply With Quote
  #8  
Old 09-14-2005, 00:42
hosiminh hosiminh is offline
Friend
 
Join Date: Aug 2004
Posts: 203
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
hosiminh Reputation: 1
What is this strange target (direct link please) ?

pupe english:
hxxp://sr2.mytempdir.com/157052
Reply With Quote
  #9  
Old 09-14-2005, 01:20
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by hosiminh
What is this strange target (direct link please) ?

pupe english:
hxxp://sr2.mytempdir.com/157052

It's not a strange target it's a problem i have with ALL armadilled programs.
Reply With Quote
  #10  
Old 09-14-2005, 08:14
tbone
 
Posts: n/a
Have you checked how many processes are running on your machine? I've noticed that LordPE won't list more than 60 processes. That sounds like a lot, but if you're doing your cracking from a server, it's not entirely uncommon to have more than 60 processes going at once.
Reply With Quote
  #11  
Old 09-14-2005, 20:12
TmC TmC is offline
VIP
 
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Quote:
Originally Posted by tbone
Have you checked how many processes are running on your machine? I've noticed that LordPE won't list more than 60 processes. That sounds like a lot, but if you're doing your cracking from a server, it's not entirely uncommon to have more than 60 processes going at once.
Yeah that's it. thankyou
Reply With Quote
  #12  
Old 09-15-2005, 20:17
Messer
 
Posts: n/a
There is also another way to repair your dump. You just need to decrease the VOffset and the ROffset of the first section to 0x1000. Then you need to add the value you decreased to VSize and to RSize. Make sure SizeOfHeaders now is 0x1000. This should also fix the dump.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LordPE - 60 Process Limit Bey General Discussion 5 02-26-2014 22:25
LordPE source codes .:hack3r2k:. General Discussion 3 11-19-2009 22:55
LordPE Deluxe problem. butterflysnows General Discussion 3 07-28-2004 11:26


All times are GMT +8. The time now is 18:20.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )