Page 1 of 5 12345 LastLast
Results 1 to 15 of 72

Thread: ARTeam: ArmaGeddon v1.0 Conceptual overview tool for unpacking Armadillo by CondZero

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    ARTeam: ArmaGeddon v1.0 Conceptual overview tool for unpacking Armadillo by CondZero

    Hi all,
    new tutorial and a new tool: ArmaGeddon 1.0
    Not everyone likes to give away the tool and a tutorial on how it works. Thanks CondZero!

    [Tutorial]
    ArmaGeddon V1.0 Conceptual Overview Tool For Unpacking Armadillo
    available at http://tutorials.accessroot.com
    which explain underhood of the tool

    [Tool]
    Available here:
    http://arteam.accessroot.com/releases.html

    Supported Features
    ------------------
    Standard Protection
    Minimum Protection
    Memory Patching
    Debugblocker
    CopyMemII
    Import Elimination
    Import Redirection (Emulation)
    Strategic Code Splicing
    Nanomites
    ..

    BR,
    Shub
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    Thanks Shub for the new tutioral. Maybe you could create a note and link to the new "tool" in the CRCETL for ArmaGeddon v1.0, before dELTA sneaks in there and does it for you.

    Regards,
    JMI

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Extremely nice work as usual, thanks for the work and the heads up!

    CRCETL:
    http://www.woodmann.com/collaborative/tools/index.php/ArmaGeddon
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  4. #4
    See!!! I told you he would sneek in an create it for you.

    Regards,
    JMI

  5. #5
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    argh, too late. ^_^
    Anyway I'm a little lazy so I was waiting for him.. ;-)
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  6. #6
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Location
    Invincible Cyclones Of FrostWinds
    Posts
    221
    Shub-nigurrath, is there any chance that in the near future we will also see the ArTeam Import Reconstructor released? I am very curious to check it out Anyway, good job with this release!
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  7. #7
    Polaris,

    That is a good question. Currently it comes in 2 flavors:

    1. ARImpRec.dll - which if you do as I have done using DLL2LIB to convert to its equivalent ARImpRec.lib which allows for you to imbed into your program
    2. ARTeamImportReconstructor.exe standalone, works pretty much like ImpRec only better for shuffled imports.

    I'm sure our Nacho_dj (author) would be receptive. These tools are very new and still going through some growing pains, but I'm extremely excited and impressed with them.

    cheers!
    If at first you don't succeed, you're just about average

  8. #8
    Well, when it's ready to "go public" we would be pleased to have it listed on the CRCELT and please remember that ANYONE can make additions to the collection when there are new "tools" available.

    Regards,
    JMI

  9. #9
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Location
    Invincible Cyclones Of FrostWinds
    Posts
    221
    Condzero, thanks for the quick (and positive) answer!
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  10. #10
    As condzero said, the import tool was designed exclusively for the issue of a fast and easy recovery in shuffled IAT. So, it is limited in functionality, but at least it saves you time when rebuilding from Armadiilo.

    I'll try to improve it a little before its release. Thanks for your interest.

    Btw, condzero, Armageddon rockz!

    Cheers

    Nacho_dj

  11. #11
    Sweet. You actually reverse-engineered ArmInline to work out how to interface with my Nanolib.dll . You could have just asked, but I'm flattered nonetheless .

    Excellent work though. It's so much more convenient to have this menial work done for you quickly and reliably than to manually pick Armadillo's shell off.

    Admiral
    www.ring3circus.com
    Diary of a programmer, journal of a hacker.

  12. #12
    name
    Guest

    Wink

    when im tryng to open this programe its not opning wat the problem plz if u have any idea tell me

    i got this error

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Location
    Invincible Cyclones Of FrostWinds
    Posts
    221
    From the tutorial:

    If you experience any problems running the program, you may need to download and install Microsoft Visual C++ 2005 Redistributable Package (x86) available here:
    http://www.microsoft.com/downloads/details.aspx?familyid=32bc1bee-a3f9-4c13-9c99-220b62a191ee&displaylang=en
    Did you already try this?
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  14. #14
    name
    Guest
    ok i instal it but i get a problem when i click on load button and tryng to select a file for unpacking like dilodie its not showing any file in browser ?

    Last edited by name; February 19th, 2008 at 10:43.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    lol at the last post.. even "clic and enjoy" unpackers aren't enough for some people.. grin.

    Well as an ex author of Armadillo, i just wanted to say this is a nice unpacker, i respect nice reverse engineering work.

    Nice little packer you made too
    Real ones don't need source

Similar Threads

  1. ARTeam: SplashIt 1.0 by CondZero
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: March 14th, 2014, 07:08
  2. ARTeam PunchIt 1.1 from CondZero
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: October 2nd, 2008, 12:54
  3. ARTeam: AMDUMPV6.2 V2.0 by CondZero
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: September 20th, 2008, 06:37
  4. Armadillo 2.51 - 3.xx DLL unpacking - OEP?
    By MEPHiST0 in forum Malware Analysis and Unpacking Forum
    Replies: 13
    Last Post: May 24th, 2004, 02:28
  5. Armadillo unpacking: NetScanTools v4.30a
    By Solomon in forum Malware Analysis and Unpacking Forum
    Replies: 18
    Last Post: November 9th, 2002, 12:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •