Results 1 to 3 of 3

Thread: an arma question

  1. #1
    Registered User
    Join Date
    Feb 2002
    Location
    FRANCE
    Posts
    20

    an arma question

    Hi,

    I started to unpack a prog protected with custom arma. using arma detach with debugblokker, I traced and patched sun to accept finger print (code different than v4 et v5) and it run ok. then, I started as usual another session and used createthread to fish OEP and copy fresh IAT, fine...
    Trouble come when I started to fight the copymem protection to dump the unencrypted program with nanos and faked iat to repair : armadetach can't detach (don't find cryptocall..), my old breakpoint on virtualAlloc or OutpuDebugStrigA are detected (even with defixed options turned on). Do someone have experienced such behavior ?
    Are breaks on createmutex the only way to go ?

    Best regads
    L!sa

  2. #2
    Registered User
    Join Date
    Feb 2002
    Location
    FRANCE
    Posts
    20
    Ok, job done.
    getdlgItem, writeprocessmemory, createmutexa are the way to fish. I became lazy with time only using sig to locate and unpack. It's good to do it by hands sometimes.

    cheers
    L!sa

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5
    Thanks for reporting back your findings.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. ArmaGUI - Yet another arma tool
    By Spec0p in forum Tools of Our Trade (TOT) Messageboard
    Replies: 27
    Last Post: February 9th, 2008, 13:54
  2. arma's processes
    By cse_india in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: April 8th, 2007, 22:25
  3. Having trouble with an ARTtut.....arma related
    By kittmaster in forum Malware Analysis and Unpacking Forum
    Replies: 18
    Last Post: June 11th, 2006, 10:57
  4. new arma tricks ?
    By BenJ in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: October 31st, 2003, 11:26
  5. question about crussader's tut on arma
    By kyrios in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: March 30th, 2003, 12:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •