#1
|
|||
|
|||
Armadillo & Armaccess Question
Hi,
I am currently working on A Series of Unfortunate Events, by Oberon Games (/tth/www.oberongames.com). I succesfully cracked The game and unpacked Load.exe I was trying to make a patch to SetEnvironmentVariableA so that in a new section i created Variables are set and then there is CALL to OEP. There is something wrong because even after setting the variables the executable can't find them and raises an error. attached is my executable. I'd be glad if someone more experienced can tell me where the error is |
#2
|
|||
|
|||
take a quick look at ur dumped file...
the paramaters push into stack for SetEnvironmentVariable calling is in wrong order.... |
#3
|
||||
|
||||
remember stack pops last variable pushed first.
Push VariableValue Push VariableName Call SetEvironmentVariableA On a similiar note to this thread title, how do you find & dump ArmAccess.dll from a protected program? |
#4
|
|||
|
|||
As far as I have been able to understand the whole process works like this:
Load.exe - Game Loader Game.exe - Game Executable Load.exe is a standard loader for all games. The game name and executable are passed through the variables GAME and EXE. The gfx are taken from the omdata present in every game. The registration is carried out only because the games are protected with a different armadillo project. Once unpacked, the game has no problems, since the only variable that is checked is EXPIRED which is never set to true because of lacking of the armadillo shell. So it is fully functional (except for Candy Crisis which is older and integrates also username checking(but does not seems to need to be cracked once unpacked EXCEPT for Unregistrered/Registered to). In the Loader, the checking part can be cracked(o return always registered) but variables GAME, EXE, SKU and maybe TYPE need to be there for the loader to work. If not specified(FIRST 2) lead to a "Can't find game" because the loader does not know whith executable to run. So it is not needed to dump armaccess.dll but it is needed to restore some of the variables. As always, if this is wrong please correct me EDIT: Just setting the TYPE to Purchased makes it registered Last edited by TmC; 06-19-2006 at 20:04. |
#5
|
||||
|
||||
Quote:
I was just wandering how (if I wanted to) would I go about finding Armacces.dll in memory after the program extracts it. I was just wandering if a method exisited before I played with it.
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light. |
#6
|
|||
|
|||
Well an idea could be to extract it from armadillo itself. If you unpack it, you will notice that in the resource section there are 5 versions of Armaccess.dll (1 for dll, one for maximum protection, one for standard protection and other 2 don't know).
Those are the fully functional dlls, not just the fake one distributed by sr. To play with it in memory i believe it could be set a bp on LoadLibrary and see the address it is called...just an idea... Last edited by TmC; 06-20-2006 at 23:35. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Question about Armadillo 3.76 | OrionOnion | General Discussion | 0 | 01-03-2005 09:17 |
Armadillo Question | obelisk | General Discussion | 2 | 12-31-2004 12:14 |
ArmAccess.dll | el-kiwi | General Discussion | 5 | 09-25-2004 01:51 |
Another Armadillo question | *RemedY* | General Discussion | 4 | 09-05-2004 22:46 |
Armadillo Question | truth | General Discussion | 7 | 08-31-2004 18:46 |