Page 5 of 5 FirstFirst 12345
Results 61 to 70 of 70

Thread: Armadillo unpacker

  1. #61
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Delta,

    You forgot DilloDIE - up to version 1.6 - still doing an admirable, (Admiral?), job.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  2. #62
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    I didn't forget anything. I just thought it was nice to link to this new tool, which was a result of this > 1 year old thread/challenge, that's all.

  3. #63
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    And an excellent tool at that, I haven't had as much time to play with it as with DilloDIE but the couple of times I've tried it, the results were comparable, seems I'm running into a lot more aspr than arma targets lately - probably coincidence, been running in to a lot of off the wall stuff also - UltraProtect (with Perplex!), and a couple others that even I don't need a tool for.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  4. #64
    Code:
    01-04-2005, 09:08 AM  
    	
    Re: Bored? ;)
    Quote:
    Originally Posted by Nico
    If you are bored, you can start to share it with me :-)
    
    Does it support Nanomites and Imports ?
    
    I will soon start to modify Armadillo (been more than 6 months since i did modify it).
    
    Nico
    
    Yes it does supports Nanomites and Import Elimination, and yes i noticed that u didnt changed arma because, its able to unpack last release v4.x.
    I didnt worked nanos since long time ago, noticed the new encrypted stuff, pretty nice, but making apps little slow, especially those that use recursive functions, u should review that .
    About sharing with you, first i want to add some new things, like dectect version/target compiler(since things run a little diferent especially when delphi ) and automatic options detection( actually u have to select options used on target like copymem, nanos, etc.) 1st because in case of a leak from my self, medium knowlodgement about arma ill be requested, that way no danger of some scripty kid using it (yeah, it may dont look but i care about u guys i dont have any intention of destroying ur business, everybody has to live ), #2 i didnt had the time because i dont really care about that, but its just a mather of xor'ing some keys and get the options.
    After that i dont see any reason to dont share it with u
    
    Spec0p
    Message by Nico 1 year ago, it's here for the posterity
    Remember Nico?
    Shame its no use for you now

  5. #65
    maestro
    Guest
    @SpecOp

    I tried ArmaGui 1.5 on a target which is packed with Armadillo 2.01
    (PEID says Armadillo 2.01 -> Silicon Realms Toolworks [Overlay])

    WHen you then try to load it into ArmaGui this comes with the
    following info:

    [11:22:23]: INFO - Starting father process...
    [11:22:23]: INFO - Entry point bytes: 0x55, 0x8B
    [11:22:24]: INFO - Searching for ghost process's...
    [11:22:46]: ERROR - Unable to terminate process
    [11:22:46]: INFO - Fixing IAT...
    [11:22:46]: ERROR - Unable to get a handle to the main process...
    [11:22:46]: ERROR - Unable to get a handle to the main process...
    [11:22:46]: INFO - IAT Elimination is used!
    [11:22:46]: ERROR - Unable to find the end of the IAT routine...
    [11:22:46]: ERROR - Unable to fix IAT...
    [11:22:46]: ERROR - Failed to fix IAT...
    [11:22:46]: ERROR - Failed to unpack...


    a TMP0 file is created however not very usefull at this point


    any clue?

    thx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #66
    Hi, ArmaGUI only supports armadillo versions above V3, unless PEiD its mistaken, it will not support your target.
    Current version of ArmaGUI is 1.5.3 and not 1.5.

    [11:22:24]: INFO - Searching for ghost process's...
    [11:22:46]: ERROR - Unable to terminate process

    This means that my tool is unable to close already running process(s) of your target, make sure it isn't loaded in memory by any other tool, like OllyDbg...

    Cheers,

  7. #67
    maestro
    Guest
    Hi SpecOp,

    Well, that's not the case (or it's hidden although I can see it when I run
    the application in the windows taskmanager).
    I also checked if it was running when trying to unpack it with ArmaGui and
    only the process of ArmaGui with this target is running.
    (Tried ArmaGui on other Cr@ackme target and it worked for that.)

    Found a different application, same problem, other version of Armadillo used.

    Got the same problem now with Arma 2.01 and 3.76.

    Managed to get a dump of the 3.76 with other tools only that's to much corrupted to repair.

    Looks like I have to do it all manually for every new release of the target
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #68
    PM targets name, and i will check what is going on when i have the time.

    Cheers,

  9. #69
    I updated the tool and it now should support the target u PM me.
    It was failing indeed but only while trying to find the OEP. I was unable to get the error u posted above, where the tool says that it's unable to close the process, so something else isn't right on your machine. Make sure you dont have the target exe running on any debugger, or opened on any app that have some exclusive handle on it.
    And btw, you should use the ArmaGUI thread to post this kind of situations.

    Cheers,

  10. #70
    maestro
    Guest
    @SpecOp

    Thx, works. Also the errors disappeared on both version :-)

    Thanks again (and sorry it's in the wrong thread, I'll use that
    next time)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. write unpacker
    By Behdadsoft in forum The Newbie Forum
    Replies: 2
    Last Post: July 16th, 2012, 01:14
  2. .NET generic unpacker
    By pnluck in forum Tools of Our Trade (TOT) Messageboard
    Replies: 17
    Last Post: September 30th, 2006, 09:01
  3. UNMEW 1.2 mew automatic unpacker
    By pnluck in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: September 27th, 2006, 02:24
  4. DilloDIE 1.4 - Armadillo 4.xx unpacker
    By Bra!NSHiT in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: July 26th, 2006, 11:18
  5. Is there any unpacker for Asprotect 1.2 ??
    By TrixMan in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: December 12th, 2001, 01:24

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •