Results 1 to 4 of 4

Thread: ARTeam: AMDUMPV6.2 V2.0 by CondZero

  1. #1
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430

    ARTeam: AMDUMPV6.2 V2.0 by CondZero

    Hi all mates, CondZero took time to update his AMDUMP for ActiveMark 6.2. Now out there's the version 2.0 of this program. It comes with FULL C++ sources and TWO tutorials inside.

    On http://arteam.accessroot.com/releases.html or CRCETL

    Here from the readme (inside archive).

    Note: the included pdf overview (from previous release).
    Still applies to this version with the caveat that import rebuilding is. Included in this release for targets that don't use the delayed import Option!!

    Info:
    * new noninvasive loader engine to run & dump activemark v6.2x targets.
    * run program from its own folder, no need to copy Amdumpv62 to target folder to run.
    * amdumpv62 will dump activemark v6.2x executables and, if necessary, Rebuild imports automatically for targets with delayed imports not enabled and finally append the overlay data to the end of the dumped file.

    Special note:
    * the import rebuilder will append an '_' suffix to the end of the dumped File. (i.e. dumped.exe >> dumped_.exe similar to imprec). In these cases, the overlay data will be appended to the new dump name Automatically.
    * sometimes it may be necessary to view the sections in a pe editor Program (i.e. lordpe or similar) because the dumper is Dependant on finding:
    (4) .text/.text/.code/.code/etc sections in the executable
    For delayed import targets
    (3) for non delayed import targets.
    If (3/4) sections are not found, then the executable may not be an activemark v6.2x application!!
    * note: also dependent on finding (2) .bss/bss sections in The executable! These sections are used for storing needed data To run dump successfully!

    Limitations:
    * in order to insure the stability of your dumped.exe, it may be necessary to manually hexedit the dumped file and insert an instruction which moves hi-values to a dword hi-value variable used in the gettickcount api within the 3rd layer (2nd .text) in the executable. Please refer to the tutorial on dumping And analyzing activemark v6.2x on the [arteam] tutorial
    Link: http://arteam.accessroot.com/tutorials.html?fid=211

    Disclaimer:
    Not responsible for any damages that result from using this tool!!

    Greetz:
    Arteam - you're the best!!

    History:
    --------------------------------------------
    Amdumpv62 - version 2.0 (march 2008)
    1. New noninvasive loader engine based on Deroko's nonintrusive loader (i.e. nodebug)
    2. New arteam import rebuilder v1.1 (nacho_dj) for targets. That don't use the delayed imports option
    3. New log progress and results of the dump process
    4. Separate threads for main gui and process
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  2. #2
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    Hi all,
    condzero updated his AMDUMP tool

    This is due to update of the import rebuilder Nacho developed and we are using for our dumping tools (same used for Armag3ddon).

    Amdumpv62 - version 2.2 (September 2008)
    1. Updated arteam import rebuilder v1.2.1 (nacho_dj) for targets that don't use the delayed imports option
    BR,
    Shubby
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  3. #3
    Thanks Shub. We appreciate your sharing your team releases and updates with our readers.

    Regards,
    JMI

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    And especially thanks for sharing it in the CRCETL too.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. ARTeam: SplashIt 1.0 by CondZero
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: March 14th, 2014, 07:08
  2. ARTeam PunchIt 1.1 from CondZero
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: October 2nd, 2008, 12:54
  3. ARTeam: ArmaGeddon v1.0 Conceptual overview tool for unpacking Armadillo by CondZero
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 71
    Last Post: June 7th, 2008, 11:18
  4. Arteam: Improved Disasm Dll (olly Engine), by CondZero
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: April 11th, 2008, 03:00
  5. [ARTeam-Tool] ARTeam UFD Password Revealer v1.0
    By potassium in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: January 9th, 2007, 09:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •