Results 1 to 7 of 7

Thread: RICHARDO : movie collector problem

  1. #1
    nick_name
    Guest

    RICHARDO : movie collector problem

    1. i detach child from father
    2. at child, i find IAT begins at 6961e0
    3. i put a HW bp on write there

    4. i restart olly , detach the father from child ( while the hw bp is already there)
    5. i'm at child again
    6. with a f9 , the child starts to run

    OLLY does'nt break anytime on the IAT writting , where i'm going wrong ??
    is there any other way to find the MAGIC jump or get the full IAT

    where i'm going wrong ??
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    mr haggar
    Guest

    RICHARDO : movie collector problem

    Yep, it can be weird. Try memory bp then.

    Btw, does that target have spliced code or IAT elimination. Is it CopyMemII or just DebugBlocker?

    Armadillo uses _stricmp API to compare which API's need to be obfuscated so you can break there, but problem is that api is used for other things too and it would take ages to break at right spot. Check this http://www.reversing.be/article.php?story=20051002151932648 and this http://www.reversing.be/article.php?story=20050926230011232
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    nick_name
    Guest

    RICHARDO : movie collector problem

    mr hagger, THANKS for the reply.

    the target has NANOMITES, which i think is the last thing to take care of.
    the target does'nt have any IAT ELIMINATION.

    but i've noticed one thing, if i use OpenMutexA trick, it does'nt even break on CreateThread 'n shows the error message 'Debugged program was unable to process the exception'

    if i use the WriteProcessMemory trick, i can detach the child from father but when in the OEP of child, some of the IAT imports are already missing
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    mr haggar
    Guest

    RICHARDO : movie collector problem

    Ops, I don't know how to unpack nanomites. I was planing to read some papers about that but I'm little tired from this unpacking. If there are no IAT elimination, then IAT should be simple to fix.

    From what I noticed, nanomites are some threads, what they do - I'm not sure. I have deatached processes in easy cd-da extractor and it was working oK. But when I placed couple bp's, code was screwed.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    SKiLLa
    Guest

    RICHARDO : movie collector problem

    I've been trying to unpack Movie Collector and also Photo Collector, but I too fail with the NanoMites, eventhough I found a Spanish tutorial about NamoMites, I just can't figure it out (translation-sites s#ck ). Can anyone explain this to me (or provide a link to a English tutorial) ?

    Strangely enough, although both programs are protected with Arma v4 (i just tried the latest version of both programs) , the Movie Collector license-protection-scheme is quite easy to patch, while Photo Collector licensing is just completely different (code-wise). The same nag and (basicly) the same protection, but it seems there are other Arma options used, since I can't phish the serial-routine Both use DebugBlocker, NanoMites and at least of of the 2 also has code-slicing and (some ?) IAT elimination (redirects) ..if I'm not confusing things here, I haven't looked at it lately; too confusing

    So it seems Photo Collector is better/different protected ... I found several cracks for Movie Collector (I don't care for the program and I don't use it, I'm just using it to learn about Arma v4 with most protection-options enabled), but none for Photo Collector ... quite strange ...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    mr haggar
    Guest

    RICHARDO : movie collector problem

    Protections can differ but that is usually minor anoyance after unpacking. If you want to practice, you have on http://tuts4you.com/ unpackmes , more than you need for 4.30, 4.20... armadillo's. With ALL protections, including nanomites.

    Back to nanomites, there is on old biw site crusader's tutorial for armadillo 2.x with nanomites. Old but armadillo is pretty much the same and tut is good. There is also new, very very detailed tutorial for 4.20 on reteam site.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    nick_name
    Guest

    RICHARDO : movie collector problem

    mr. hagger thanks for ur replies.

    i'm finally successful with MOVIE COLLECTOR
    fixed the nanos with ArmInline

    but no-luck with N-REC + ARMTOOLS

    i've opened a new thread mentioning my problems, could you please take look there ??

    thank you
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Delphi info collector
    By MrDenis in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: March 27th, 2009, 04:40
  2. Dvd movie and easter egg
    By ZaiRoN in forum Blogs Forum
    Replies: 7
    Last Post: January 29th, 2008, 08:57
  3. HOW TO:Breaking flash movie protection
    By Hero in forum The Newbie Forum
    Replies: 0
    Last Post: March 6th, 2005, 01:53
  4. Article about next-generation movie/DVD encryption
    By dELTA in forum RCE Cryptographics
    Replies: 0
    Last Post: January 5th, 2005, 06:40
  5. Thanks +Tsehp, problem solve Isp problem :)
    By esther in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: October 28th, 2000, 07:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •