Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: Unpacking Armadillo 1.8 (I think)

  1. #1
    markh51
    Guest

    Unpacking Armadillo 1.8 (I think)

    I am trying to disassemble an app which looks like it is packed in some way. I have examined it with PEiD but reports it is NOT packed and have examined it with File insPEctor and this reports it is packed with Armadillo 1.80.

    I have tried a ton of automatic armadillo unpackers and NONE of them work. I have also tried to unpack it manualy but I get seriously lost as this is a bit beyond me. I have read some tuts on the net but still got no further forward.

    Does anyone know of a better tool to correctly identify the packer or have any other ideas ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Try RDG Packer Detector it seems to be one of the more accurate ones I've tried, I think you can find a link at the bottom of the page to the ARTeam site, you should be able to find a link in the forum, but....... if you are having problems with tuts, you are way over your head trying to unpack Arma, there are certain implementations that give the best fits - I've got 1 or 2 that I've been working on for over a month - no luck yet - but that's supposed to be the fun part............I think

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  3. #3
    Could you give a list of sections in the file? All the Armadillo I've seen have a .adata and .pdata section in them. Other packers have their own characteristic sections.

  4. #4
    markh51
    Guest
    List of sections:
    .text
    .rdata
    .data

    Tried using RDG and it reports 'nada'
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    JOJO
    Guest
    TRY to use PEID:....


    bye
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    markh51
    Guest
    Already used PEiD 0.93 and is doesn't report anything.

    Does anyone have a link for PEiD 0.94 beta ? as this one is supposed to detect much more.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Mark,

    In the ARTeam forum there is also a link for .94 Beta, (in the Tools of the Trade Section), I'm surprised that JMI has not reminded you about the not asking for tools rule - you should sharpen your search skills.


    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  8. #8
    Well I wasn't up that early on my local time. So now I'll remind both markh51 AND sigint33 that our Rules prohibit the asking of where to find the Tools of the Trade here and sigint33 you do not help enforcement of that Rule by reminding him of the Rule but still giving him the answer to the question he shouldn't have asked. How about BOTH of you not doing this again.

    Regards.
    JMI

  9. #9
    markh51
    Guest
    Sorry guys...

    I had already looked in the ARTeam forums but sine it was late last night when I looked, I thought I would look again... but still can't find it. I type peid into the forum search, but nothing is returned.

    sigint33, you have PM.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Absolutely! HUA!!!!! (Heard Understood and Acknowledged).

    SiGiNT

    And by the way I come up with 6 pages of hits there markh51.
    Last edited by SiGiNT; November 17th, 2005 at 13:41.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  11. #11
    markh51:

    Are you a complete Dunce or what? STOP ASKING WHERE TO FIND THE TOOLS OF THE TRADE and do your own damn searching or you will join the ranks of the "Goners" and be banned from these Forums.

    Last warning.

    Regards,
    JMI

  12. #12
    markh51
    Guest
    JMI: I thought I could ask these 'types' of questions via PM
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Quote Originally Posted by markh51
    Already used PEiD 0.93 and is doesn't report anything.

    Does anyone have a link for PEiD 0.94 beta ? as this one is supposed to detect much more.
    I think this and my earlier recommendation, along with the info on where I thought you might find it are the problem, I know in the future, I will pass along this kind of info via PM.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  14. #14
    markh51:

    You MAY ask for things by PM which you are NOT permitted to be posted, but your post, #9 in this thread, certainly appears to be asking someone to continue helping you find the tools and THAT is NOT permitted in the Forums, except in very limited circumstances not relevant here.

    sigint33: Did you spend time in the First Cav.? They seem to be very fond of saying "HUA" after anyone says almost anything.

    Regards,
    JMI

  15. #15
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Unfortunately not, but in spirit and heart I'm with them!

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

Similar Threads

  1. Unpacking UPX
    By mahdi in forum The Newbie Forum
    Replies: 3
    Last Post: October 22nd, 2013, 06:00
  2. Armadillo Unpacking Problem
    By .:hack3r2k:. in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: May 9th, 2004, 14:44
  3. Unpacking Armadillo 2.xx + Aspack 2.xx
    By r00t in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: January 16th, 2003, 07:00
  4. Unpacking !!
    By Nio-shai in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: September 20th, 2001, 03:31
  5. UPX Unpacking
    By Jack in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: December 11th, 2000, 16:50

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •