Hi all


I see in one board ( hxxp://www.xtin.org/) one post about CopyMem 2. But i not understand ,this post is written in Russian lenguage , I don't have idea . Anybody can translate in english lenguage?

I hope that anybody know this lenguage .. I attach in this post.

Tnkx

I dont know russian but, according to source code here ismy guess.He injects inject.dll to armadillo's process and because the dll will have same rights in the process he can dump it.However this code only works on win2k/xp I guess because CreateRemoteThread,VirtualAllocEx are notsupported on win9x/Me.Of couse you can use ELiCZ's Elirt library for this.Hope I am not wrong.

babelfish.altavista.com

Yes i understand the source , but i find understand all text and babelfish.altavista.com it's really bad


Best Regards

Not exact translation.
Neviens.
PS English and Russian are not my mother languages, fatal
errors and BSOD are possible, you have been warned!

Tnkx!! It´s good translation.


Best Regards

Thank you!

The technique works quite well.

-nt20

You might also want to check out this article, posted on AntiCrack back in January 2003, entitled: "Armadildo and CopyMem II decryption."


hxxp://www.anticrack.de/modules.php?op=modload&name=News&file=article&sid=3742

Regards.