Page 6 of 6 FirstFirst 123456
Results 76 to 83 of 83

Thread: Armadillo for dummies (vol 2) english

  1. #76
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    You can't open anything in arma into IDA. The code is all obfuscated. You gotta step thru it. (Unless someone has written a de-obfuscator plug in)


  2. #77
    Quote Originally Posted by FrankRizzo
    Tried IDA, LOTS of trash.. Leading me to believe that I have to stop it somewhere along the way, dump it out, and THEN disassemble it.. (Is there some sorta IDA plug-in that makes this it do a better job of disassembling this?) I get VERY little code, and large blobs of data. I changed the sections from data to code that were obvious, 58, 59, and the like.. Also, I looked for strings, and the strings are either encrypted, or built on the fly..
    All strings in Armadillo are encrypted... but you can handle all those string decryption & code obfuscation with a simple idc script

    As for anti debugger check... remember IceExt doesnt fix SetUnhandledExceptionFilter so you have to manuall unpatch it in sice...

    Keep it simple, most of Arma tricks are mundane so just stay simple, filter 1 by 1... what error did you get?

  3. #78
    Thanks for the responses guys!

    I didn't THINK that I could just simply disassemble this crap and get anywhere! (This obfuscation technique that they're using looks ALOT like the old SuperLock technique from about 15 years ago).

    As for the message that I'm getting, it's the classic "For security purposes, this program will not run while system debuggers are active." message. I do have Soft-ice installed, but it is not active. (I.E. Ctrl-D does nothing). I get the same message if I load it into Olly, and fix the return value from IsDebuggerPresent. Now, the WEIRD thing is, if I enable Soft-Ice, the message changes to unpack error, or some such. I typed it in exactly a few messages back.

    Now, crUsAdEr, what idc script do you speak of?

  4. #79
    Quote Originally Posted by FrankRizzo
    Now, crUsAdEr, what idc script do you speak of?
    Lol your own ...

  5. #80
    OK, I edited the names of the Soft-Ice "services" in the registry, and cleaned up some other stuff, rebooted, and NOW it runs!

    But is of the infamous "Hardware fingerprint" type of armadillo..

  6. #81
    Happy new year and i hope 2005 will be a fun year :-)

    Wish you a lot of fun guys.

    Real ones don't need source

  7. #82
    Hi there Nico,
    you seem to be a nice guy, i wish you a fun year also. Now that i think of it , tell me something, why dont you join the fun?? What do you say about joinning our playground and help us to fully reverse armadillo ?? There is fun enought for everyone .

    Since we are on the matter, i wish a very good new year to everyone outhere, and i hope i can say the same thing in one year from now... guys !

  8. #83

    If time permits, i will try to create the fun :-)
    For now, i will try to recover from booze ;-)
    Real ones don't need source

Similar Threads

  1. IDA for dummies
    By book in forum The Newbie Forum
    Replies: 9
    Last Post: September 26th, 2006, 01:04
  2. PUPE now in english
    By swoop in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: February 13th, 2004, 15:11
  3. Armadillo & nanomites (2 part) english
    By S3ri@l CoDe9x in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: August 25th, 2003, 04:42
  4. Armadillo for dummies (vol 1) english
    By S3ri@l CoDe9x in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: May 19th, 2003, 01:15
  5. help dummies
    By fido_sr in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: September 12th, 2001, 09:19


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts