Page 1 of 2 12 LastLast
Results 1 to 15 of 28

Thread: ArmaGUI - Yet another arma tool

Hybrid View

  1. #1

    ArmaGUI - Yet another arma tool

    Supported Armadillo options:
    Standard Features
    Debugblocker
    CopyMemII
    Nanomites
    Import Elimination
    Strategic Code Splicing

    Main features:
    Complete automatic recover and validation of nanomites, even the fake ones in the tables;
    Complete automatic reinsertion of Strategic Spliced Code at the original location before exe was protected by Armadillo;
    Complete rebuild of the dumped file, cleaning all the trash;
    Complete rebuild of the IAT without the use of any extern tool;



    Introduction & Disclaimer:
    ArmaGUI unpacking tool for the commercial protector Armadillo from Silicon Realms Toolworks (http://siliconrealms.com/index.shtml), it supports most of the protection options offered by Armadillo since version 3.
    It's coded in VC++ with MFC for GUI support with some inline asm, MFC is the explanation to the over bloated 212kb exe file, and its only tested on XP SP2, maybe it works on w2k3 too, forget anything bellow XP.
    This project was started based on a "challenge" by crUsAdEr on the Woodmann excellent forum: http://www.woodmann.com/forum/showthread.php?t=6365
    crUsAdEr said: "hopefully u wont spread it to everyone though cos unpackers itself doesnt teach ppl much.", and I agree with that, you DON'T learn by using unpackers. This tool is working for 1+ year now as private but suffered big and important updates along the way.
    This tool WASN'T created to harm SRT in any way, Armadillo is a good product with some nice ideas.
    It WAS created in the sequence of my desire to see if I was able to create an unpacker to some packer more complex than UPX, together with the challenge from crUsAdEr, learning was and will always be my main purpose.
    I know the GUI isn’t very user friendly, but really I don't care, don't bother bashing me with that;
    I know it crash's alot, my coding sucks, the code it's crappy and non optimized, really it's a mess, eventually it will hang ur PC;
    I know it doesn't automatic detect the protection options, this happens because it wasn't my main objective. I focused on getting the hard stuff like Nanomites and IAT Elim, and when I was over, I realized that I had made the engine based on the options I specified and couldn't change it, and so it stays like that, and I actually don't care. If you don't like it, start writing a Options detector (its easy stuff), or keep the opinion to yourself;
    If all this isn't a problem to you, then I hope you enjoy using the tool almost as I enjoyed creating it;

    Why make it public?
    Because today there are already several tools outside like ArmaInline or dilloDie, and it seems that SRT are updating Armadillo again, so ArmaGUI wont be useful for long;
    Also Nico is no longer part of the SRT team, I know him from the RCE community and I liked him, that was a very bad move Chad;

    When to use it?
    This tool should ONLY be used when you own a purchased license of some product protected by Armadillo and want to rip the Armadillo from it.
    Now you are wondering what is the use of the tool if you already have one purchased license. Well Armadillo protection schemes does slow down the original code, mainly if options like Strategic Spliced Code, Nanomites or CopyMemII are used, so by ripping Armadillo off, you will get the original faster code.

    History:
    16/08/2006 - V1.5.3:
    *General IAT recover bug fixed;


    Get at:
    http://rapidshare.de/files/29605152/ArmaGUI_v1.5.3.rar.html

    For info about the most recent version, always see the end of this thread!
    Last edited by Spec0p; August 16th, 2006 at 07:46.

  2. #2
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    good tool, nice interface. 10x for sharing.
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  3. #3
    Thx for share.

  4. #4
    Hi

    This tool shouldn't upload it here.
    esther


    Reverse the code,Reverse Your Minds First

  5. #5
    Really? Why not?

  6. #6
    Read the FAQ!! Coz its commercial protection thats why!.You can uplpoad some other place and post a link here.
    esther


    Reverse the code,Reverse Your Minds First

  7. #7
    You are absolutely right, fixed and thanks for the warning!

  8. #8
    Thanks for share!
    Another Arm-unpacker.
    Crack and unpack is a way to enjoy life.

  9. #9
    You're welcome
    esther


    Reverse the code,Reverse Your Minds First

  10. #10
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    esther, you've got a new custom User Title! I'm honored
    Does this mean you're no longer insane?

  11. #11
    Nah.

    Regards,
    JMI

  12. #12
    Note:
    *It's funny and confusing at the same time, how some people are able to say that something is trash just because they didn't readed the instructions or know what they are doing, just using the tools as scripties kids... This tool doesn't unpack all the 100% targets existing because of some custom stuff, but give me a break.. at least 1%. I have been reading that it doesn't unpacks zit, fail in every atempt.. I love those people.. Learn what you are dealing before using a tool, there will be sometime in your life where you won't have a tool with nice and shinny buttons to press.. So if you were one of those smurfs, you are FORBIDDEN to use my work anymore;
    *For all other people that supported me, sending bug reports and friendly words, tank you and here is a new version, enjoy;



    http://rapidshare.de/files/28012338/release.rar.html


    History:
    01/08/2006 - V1.5:
    *Self detect protection options;

    30/07/2006 - V1.3.6:
    *There are several problems with the spliced code engine, seems that some apps use code that is very hard to not understand as trash, despite my best efforts there will be sometimes were it will fail, added an option to redirect the code instead of reinserting;


    29/07/2006 - V1.3.5:
    *Several bugs fixed on the spliced code engine;


    27/07/2006 - V1.3.4:
    *Rewrote a big part of the IAT Elim recover engine, it should be a little faster now;
    *Fixed an important bug on the IAT engine, some import's weren't resolving correctly, other didn't resolved at all, some speed is lost;
    Last edited by Spec0p; August 3rd, 2006 at 04:35.

  13. #13
    nice keep a good work...

  14. #14
    demon_da
    Guest
    hi Spec0p,
    your unpacker doesn't work any more for Armadillo v5! but this version can unpack manually!
    can you fix your unpacker? i think it is a litle bug!

    thanx for your great works
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    kocoman
    Guest
    The rapidshare link is broken
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. an arma question
    By LiSa in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: April 28th, 2008, 04:50
  2. arma's processes
    By cse_india in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: April 8th, 2007, 22:25
  3. Having trouble with an ARTtut.....arma related
    By kittmaster in forum Malware Analysis and Unpacking Forum
    Replies: 18
    Last Post: June 11th, 2006, 10:57
  4. new arma tricks ?
    By BenJ in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: October 31st, 2003, 11:26
  5. question about crussader's tut on arma
    By kyrios in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: March 30th, 2003, 12:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •