Armadillo & Armaccess Question

[TmC]

Hi,
I am currently working on A Series of Unfortunate Events, by Oberon Games (/tth/www.oberongames.com).

I succesfully cracked The game and unpacked Load.exe

I was trying to make a patch to SetEnvironmentVariableA so that in a new section i created Variables are set and then there is CALL to OEP.

There is something wrong because even after setting the variables the executable can't find them and raises an error.

attached is my executable.

I'd be glad if someone more experienced can tell me where the error is

take a quick look at ur dumped file...
the paramaters push into stack for SetEnvironmentVariable calling is in wrong order....

[D-Jester]

remember stack pops last variable pushed first.


Push VariableValue
Push VariableName
Call SetEvironmentVariableA


On a similiar note to this thread title, how do you find & dump ArmAccess.dll from a protected program?

[TmC]

As far as I have been able to understand the whole process works like this:

Load.exe - Game Loader
Game.exe - Game Executable

Load.exe is a standard loader for all games. The game name and executable are passed through the variables GAME and EXE. The gfx are taken from the omdata present in every game.
The registration is carried out only because the games are protected with a different armadillo project.
Once unpacked, the game has no problems, since the only variable that is checked is EXPIRED which is never set to true because of lacking of the armadillo shell. So it is fully functional (except for Candy Crisis which is older and integrates also username checking(but does not seems to need to be cracked once unpacked EXCEPT for Unregistrered/Registered to).

In the Loader, the checking part can be cracked(o return always registered) but variables GAME, EXE, SKU and maybe TYPE need to be there for the loader to work.
If not specified(FIRST 2) lead to a "Can't find game" because the loader does not know whith executable to run.

So it is not needed to dump armaccess.dll but it is needed to restore some of the variables.

As always, if this is wrong please correct me


EDIT: Just setting the TYPE to Purchased makes it registered

[D-Jester]

Quote:

Originally Posted by TmC

So it is not needed to dump armaccess.dll but it is needed to restore some of the variables.

Oh I know it isn't necessary. I have been playing with arm for awhile now I understand the whole patching etc...

I was just wandering how (if I wanted to) would I go about finding Armacces.dll in memory after the program extracts it. I was just wandering if a method exisited before I played with it.

[TmC]

Well an idea could be to extract it from armadillo itself. If you unpack it, you will notice that in the resource section there are 5 versions of Armaccess.dll (1 for dll, one for maximum protection, one for standard protection and other 2 don't know).

Those are the fully functional dlls, not just the fake one distributed by sr.

To play with it in memory i believe it could be set a bp on LoadLibrary and see the address it is called...just an idea...